When a sensitive screenshot leaks from a group of five — and you need to know which one.
A screenshot from a private group chat ends up where it shouldn't. The group is small enough to enumerate but too big to confront en masse. You need attribution, not accusation. The Snitch Tracker mints one invisibly-watermarked copy per recipient — visually identical to the human eye, cryptographically tagged with a 60-bit recipient ID baked into three frequency bands of a DWT+DCT+SVD decomposition. You send each member their copy through their normal channel. When the leak surfaces, you drop it into the tracker's verify step and the embedded variant ID names the leaker. The watermark survives the platform recompression that usually destroys this kind of tag — Instagram, Twitter, Telegram round-trips, JPEG re-encoding down to q40, light cropping, partial occlusion. It dies on rotation past a few degrees and on AI image-to-image rewrites; those are the honest limits.
When this scenario hits you
- A small leadership team where one member is leaking strategy decks to a competitor; you want to identify without firing the wrong person.
- A private friend group where someone keeps screen-grabbing intimate jokes and posting them on Twitter for clout.
- A union or activist chat where you suspect an infiltrator and need to test it discreetly.
- A wedding-planning group where one member is leaking surprise details to the bride; you want to neutralize the leaker without confrontation.
- An NDA-bound product preview shared with a press pool, and one outlet broke embargo — you need to identify which.
What you actually do
- 01
Open /track and drop the screenshot you're about to share.
Same browser-side hashing as the regular sealer. The screenshot itself stays on your device; only hashes and the recipient list leave (and the recipient list only goes to your local storage — we see hash + variant ID mapping, not names).
- 02
Enter one recipient name per line.
Member A, Member B, Member C, etc. Use whatever name you'll remember each by — Discord handle, real name, group-chat nickname. The list lives on your machine; we don't store it. Each name maps to a unique 60-bit ID our worker assigns and signs.
- 03
Download the watermarked variants — one per recipient.
The tracker mints one invisibly-watermarked copy per name. Each looks identical to the original; the watermark is embedded at three frequency bands of a DWT+DCT+SVD decomposition so it survives platform recompression without being visible to anyone, including you. You'll also get a parent receipt URL that ties all variants together for your records.
- 04
Send each member their named copy.
DM them their variant via whatever channel you'd normally use — WhatsApp, Telegram, iMessage, Signal. Each member gets a different file with a different invisible watermark. Visually, nobody can tell the difference; nobody knows their copy is unique.
- 05
When the leak surfaces, drop the leaked image into the Snitch Tracker verify step.
The extractor reads the embedded variant ID, looks up which name you assigned to it (locally, from your stored list), and tells you who leaked. Robust to canonical platform pipelines (Instagram/Twitter/Telegram re-encoding), JPEG quality down to q40, resize 0.5×-2×, partial crop ≤50%. Less robust to rotation past a few degrees or AI image-to-image rewrites.
Why the receipt holds
- DWT+DCT+SVD decomposition embeds the watermark in mid-frequency coefficients that survive lossy re-encoding — the same bands that JPEG quantization preserves.
- CRC validation on extraction means false positives are vanishingly rare. If the tracker says 'this is variant 7 (Member G)', it's not guessing.
- Per-variant signatures + a parent receipt mean the chain of custody is cryptographic: you can prove you minted variant 7 and assigned it to Member G, even if Member G claims you fabricated the variant after the fact.
- The watermark is computed and embedded in your browser — we never see the image bytes; we only see hashes and IDs.
Where the receipt stops
- It doesn't survive rotation past about ±5°. A leaker who knows what they're doing can run the image through a 30° rotation, screenshot the result, and the watermark is gone.
- It doesn't survive being passed through an AI image-to-image generator (img2img, inpainting). The model rewrites pixels at a level that destroys the watermark.
- It can't tell you why someone leaked. It tells you the variant ID; the motive is up to the conversation that follows.
Specific questions about this scenario
How invisible is the watermark really?
Invisible to the human eye in normal viewing. A trained eye looking for the watermark, knowing where to look, on a high-contrast region, with image-difference tooling against the original — can sometimes detect it. In the wild, where the leaker has only their own copy, it's effectively invisible.
Can a leaker strip the watermark by saving as JPEG / posting on Twitter / running through Photoshop?
Single-pass JPEG re-encoding, platform CDN re-encoding, mild crops, and resizes do not strip it — that's specifically what the DWT+DCT+SVD design targets. Multi-pass aggressive degradation (q20 JPEG → resize 0.25× → q20 JPEG again) starts to degrade extraction. Deliberate attacks (geometric rotation, AI rewrites) defeat it.
What if I'm wrong and Member G didn't leak — could the extractor false-positive?
The CRC validation makes false positives extremely unlikely. If the tracker confidently returns a variant ID, it's almost certainly correct. The bigger risk is a false negative on a deliberately-attacked image — the extractor returns 'no watermark recovered' rather than confidently naming the wrong person. That's the conservative design.
Can I use this for non-sensitive content too — like just signing my work?
Yes — the same workflow works for any image you want to fingerprint per recipient. Photographers use it for proofs sent to clients; lawyers use it for draft contracts shared with multiple counsel; designers use it for unreleased mockups. Anywhere a leak would matter, mint per-recipient.
Do I need to keep the original screenshot somewhere safe?
It helps. Extraction works best with the original as reference, though it can extract from the leaked image alone if the CRC matches. Save the original and the parent receipt URL together; the rest can be derived.
Related scenarios
Mint, send, extract. Three steps.
The Snitch Tracker is free, browser-only, no signup. The watermark stays invisible until you need it.