# I Audited the Privacy of Popular Free Dev Tools — The Results Are Terrifying
Every day, millions of developers paste sensitive code, API keys, passwords, database queries, and proprietary business logic into free online tools. JSON formatters. Diff checkers. Base64 decoders. Regex testers. Most developers never think twice about it.
I did. I opened Playwright, navigated to the most popular free developer tools on the internet, pasted test data containing fake API keys and passwords, and monitored every single network request that left my browser.
What I found ranges from mildly concerning to genuinely alarming.
---
The Methodology
For each tool tested, I followed the same process:
Opened the site in a clean browser with Playwright Recorded all network requests from the moment of page load Entered test data containing simulated sensitive information (fake API keys, passwords, tokens) Triggered the tool's primary action (format, diff, decode, etc.) Analyzed every outgoing request for tracking, fingerprinting, and data exfiltration Checked cookies set, console messages, and JavaScript behavior
The test data used across all sites:
API_KEY=sk-secret-test-12345 DATABASE_PASSWORD=hunter2 SECRET_TOKEN=abc123xyz
... continue reading