{"slug": "i-almost-leaked-a-customer-s-data-while-screen-sharing-chatgpt-here-s-what-i-to", "title": "I almost leaked a customer's data while screen-sharing ChatGPT — here's what I built to stop it", "summary": "A developer nearly exposed a customer's real email and account information during a screen-sharing session in ChatGPT, prompting them to build a Chrome extension that automatically blurs sensitive data before it becomes visible. The tool, called Screen Privacy Blur, uses CSS filters and a MutationObserver to continuously scan streaming chat content and apply blur effects to matched elements, requiring zero manual discipline during live demos. The extension is now available on the Chrome Web Store as a local-only solution that lets users peek at blurred content on hover.", "body_md": "A few weeks ago I was on a call sharing my screen, walking a teammate through a prompt I'd been iterating on in ChatGPT. Mid-sentence I scrolled up — and there, three messages back, was a chunk of a customer's data I'd pasted in earlier to debug something. Real email, real account info, sitting right there on a shared screen.\n\nNobody said anything. Maybe nobody noticed. But I noticed, and I spent the rest of the call only half-present, trying to remember everything else still in that thread.\n\nIf you live in ChatGPT all day, you already know the problem. The thread *is* your scratchpad. You paste logs, keys, customer rows, half-finished internal docs — things you'd never put in a doc you planned to share. And then someone says \"can you share your screen real quick\" and suddenly your scratchpad is a presentation.\n\nThe standard answers are all some version of \"be careful\":\n\nThese fail for the same reason all manual checklists fail under pressure: the moment you actually need them is the moment you're distracted, talking, and not thinking about hygiene. You remember *after*. The fix has to happen **before** the screen goes live, and it has to require zero discipline in the moment.\n\nI wanted something that just sat there and blurred sensitive parts of a page automatically, so that even if I forgot, the leak couldn't happen. A few requirements:\n\nThe naive approach is to listen for some \"I'm sharing now\" signal and react. That's too late — there's a visible frame where the data is exposed before the blur kicks in. You're racing the screen capture.\n\nThe approach that actually works is to apply the blur as a CSS layer that's *already present* on matched elements, and only reveal on explicit interaction (hover-to-peek, or a toggle). Roughly:\n\n```\n.privacy-blur {\n  filter: blur(8px);\n  transition: filter 0.12s ease;\n  user-select: none;\n}\n\n.privacy-blur:hover {\n  filter: blur(0);\n}\n```\n\nThe hard part isn't the blur — it's *deciding what to blur* on an arbitrary page you don't control. You can't hardcode selectors for every site. So you end up with a mix of:\n\n`MutationObserver`\n\nto catch content injected after load — critical for chat apps like ChatGPT, where messages stream in dynamically and a one-time pass on load misses everything.The `MutationObserver`\n\npart was the one I underestimated. In a normal page you blur once on load and you're done. In a streaming chat UI, content arrives continuously, so the observer has to re-run matching on every batch of new nodes — while staying cheap enough not to lag the page. Debouncing the observer callback and only scanning added nodes (not re-scanning the whole DOM) was what made it usable.\n\nI ended up turning it into a small Chrome extension so I'd stop relying on my own memory. It's local-only, blurs matched content before it's visible, and lets you peek per-element. If the same problem bites you, it's [Screen Privacy Blur](https://chromewebstore.google.com/detail/screen-privacy-blur/pfngjkakgncabcfjdknjacpnbidjlldm?utm_source=devto&utm_medium=article&utm_campaign=chatgpt_privacy) on the Chrome Web Store.\n\nBut honestly, the extension is secondary to the point I actually want to land:\n\n**Treat your ChatGPT thread like a shared screen by default**, not like a private notebook. The moment you paste anything real into it, assume it could end up in front of someone. Build the habit — or build the guardrail — *before* the \"can you share your screen\" moment, because that moment never comes with enough warning.\n\nHow do you handle this? Separate accounts, a scrub-before-share ritual, something else? Genuinely curious what's worked for people who demo in ChatGPT a lot.", "url": "https://wpnews.pro/news/i-almost-leaked-a-customer-s-data-while-screen-sharing-chatgpt-here-s-what-i-to", "canonical_source": "https://dev.to/mikhailborodin/i-almost-leaked-a-customers-data-while-screen-sharing-chatgpt-heres-what-i-built-to-stop-it-4kn4", "published_at": "2026-06-04 18:38:17+00:00", "updated_at": "2026-06-04 18:42:38.290942+00:00", "lang": "en", "topics": ["ai-safety", "ai-tools", "ai-products", "generative-ai", "large-language-models"], "entities": ["ChatGPT"], "alternates": {"html": "https://wpnews.pro/news/i-almost-leaked-a-customer-s-data-while-screen-sharing-chatgpt-here-s-what-i-to", "markdown": "https://wpnews.pro/news/i-almost-leaked-a-customer-s-data-while-screen-sharing-chatgpt-here-s-what-i-to.md", "text": "https://wpnews.pro/news/i-almost-leaked-a-customer-s-data-while-screen-sharing-chatgpt-here-s-what-i-to.txt", "jsonld": "https://wpnews.pro/news/i-almost-leaked-a-customer-s-data-while-screen-sharing-chatgpt-here-s-what-i-to.jsonld"}}