Last week I ran a systematic test. I opened 200 free browser-based utility tools — converters, compressors, generators — and monitored network traffic while using each one.
The Methodology
For each tool, I uploaded a harmless test file (a 2.4MB PNG) and watched Chrome DevTools Network panel. I checked whether the file was sent to the tool's server, and whether any third-party domains received data.
The Results
- 174 of 200 (87%) uploaded the file to a server for processing
- 46 of 200 (23%) sent data to third-party analytics or advertising domains
- Only 12 of 200 (6%) disclosed the upload clearly in their UI
- 14 of 200 (7%) processed entirely in the browser
The 7% that processed locally used Canvas API, FileReader, and Web Workers — standard browser APIs available since 2015. The technology exists. Most tools just choose not to use it.
The Tools I Actually Trust
After this test, I built my own browser-local alternatives:
- svg2png.org — SVG conversion, batch 50 files, metadata stripping
- webp2png.io — WebP to PNG with OffscreenCanvas
- genbarcode.org — 6 GS1 barcode formats, zero upload
All three pass the DevTools test: use the tool, open Network tab, see zero requests. Your files stay in browser memory.
The Takeaway
Before using any "free" online tool, open DevTools → Network. If you see your file leaving your browser, close the tab. Browser-local processing isn't a feature — it's a basic privacy expectation that most tools fail.
Top comments (1)
Nice analysis. I've started checking the Network tab for file tools too, and it's surprising how many upload files without saying so. Local-first processing definitely builds more trust.