Automatically detect and blur faces in photos before sharing. Free, private, runs in your browser.
100% private — your files never leave your browser. All processing happens locally on your device.
Choose a file
or drop it here · paste from clipboard
Privacy-first face blur. Faces are detected and blurred entirely inside your browser — the image never leaves your device. Pair with Remove EXIF Data to also scrub embedded location metadata before sharing.
Every photo you post publicly shows every face in it to everyone — forever. Co-workers in a conference snapshot, strangers in the background of a restaurant selfie, kids at a family party whose parents didn't sign up for the internet — none of them asked to be in the picture you're sharing. Blurring faces turns a photo that was technically shareable into one that's ethically shareable. A two-second edit protects everyone you didn't get permission from, and it stops face-recognition databases (which now include most social-media images) from linking those faces to your post.
We run Google's MediaPipe FaceDetector (BlazeFace short-range model) in your browser. BlazeFace was designed for near-face distances like selfies and group photos; it's small (~230 KB), fast (<100 ms per image on a mid-range phone), and accurate on front-facing faces. It returns a bounding box per detected face, which we render as an editable rectangle — you can untick specific faces, draw extra rectangles by hand, and adjust the blur strength before saving. Everything stays inside the browser; the only network fetch is the first-time model download from Google's static CDN.
The blur is a Gaussian blur applied by the browser's Canvas 2D API with filter: blur(Npx), clipped to the rectangles you selected. At a radius of 20-40 pixels on a typical face, the output is irreversible — there's no hidden metadata, no adjustable layer, no way to walk the blur back. Unlike some third-party 'privacy' filters (mosaic, pixellation, or low-strength blur), this output can't be un-blurred by sharpening or deep-learning upscalers. If you're privacy-concerned, crank the slider to 40+ and sanity-check the output before sharing.
Auto-detection misses in three common cases: profile views (the model is trained for frontal faces), very small or very large face sizes (distance mismatch to the training set), and non-face things you want to hide — license plates, door numbers, logos on clothing, email addresses on a poster. Click Draw custom blur and drag a rectangle across any region. The blur is identical to what auto-detected faces get, and you can combine auto and manual rectangles in a single export.
Three things never happen here: your photo never leaves the device, the model never reports analytics, and nothing about the detected faces is stored. Closing the tab erases every bitmap, every bounding box, every undo state. Compare that to server-based face-blur tools, which typically upload both the original and the blurred photo, and often log metadata about detected faces for abuse prevention. If you're editing something sensitive — a whistleblower photo, a dating-profile crop, a photo of your kid — a client-side tool is the right posture. Combine with Remove EXIF Data to also scrub GPS and camera metadata before sharing.
No. Face detection, region editing, and the final blur are all done in your browser using MediaPipe. Your photo never leaves your device.
The automatic detector targets close-range, head-on faces. For profile views, crowd shots, or low-resolution faces, switch to Draw custom blur and mark rectangles manually — the blur works exactly the same way.
No. The output PNG contains only the blurred pixel data. There's no way to recover the original face from the output — so double-check everyone you wanted blurred is actually selected before downloading.
No, this tool only modifies the image pixels. To also scrub EXIF (including GPS coordinates), run the output through our Remove EXIF Data tool as a second step.