What is SecureLint and how does it work?

SecureLint is a Chrome extension that runs entirely in your browser. It scans text you type or paste into any web editor in real time, detects sensitive data (API keys, passwords, tokens, credentials), and masks it before it can leak. It also blocks phishing sites using a 14-layer detection engine before the page fully loads.

Is my data ever sent to a server?

For individual users — no. All detection, masking, and phishing checks happen 100% locally inside your browser. No page content, typed text, or detected secrets are ever transmitted to any server. For Enterprise users, masked incident reports (never raw secrets) can be sent to your organization's admin dashboard only when explicitly enabled by your IT admin.

Does SecureLint work on all websites?

Yes. SecureLint works across all websites — standard inputs, textareas, contenteditable elements, and rich text editors like CodeMirror, Monaco, Ace, TinyMCE, CKEditor, and popular productivity tools like Gmail, Slack, Notion, ChatGPT, and more.

How does phishing detection work?

SecureLint uses a 14-layer engine: bloom filter, URL heuristics, homograph/IDN analysis, typosquat detection, WHOIS domain-age check, SSL certificate validation, Google Safe Browsing, and page-content scanning for credential-harvesting language. If Google Safe Browsing confirms the site is safe, the site is automatically unblocked — no false positives.

What types of secrets does SecureLint detect?

SecureLint detects 100+ secret types including AWS, GCP, and Azure credentials; JWT tokens; OAuth access and refresh tokens; database connection strings (MongoDB, Redis, MySQL, PostgreSQL); private keys and certificates (RSA, EC, PGP); Stripe, Slack, and GitHub API keys; SSNs, Aadhaar numbers, and credit card patterns.

Is SecureLint free to use?

SecureLint is a paid product with Pro and Enterprise plans. The Pro plan is designed for individual developers and security professionals, while Enterprise is built for IT and security teams needing full DLP, admin dashboard, and SLA-backed support. Both plans can be activated instantly from securelint.in.

Can I switch plans or cancel anytime?

Yes. You can upgrade, downgrade, or cancel your subscription at any time from your dashboard. If you cancel, your Pro or Enterprise features remain active until the end of your current billing period.

What payment methods are accepted?

For Indian users we accept all major UPI apps (PhonePe, GPay, Paytm), credit and debit cards, and net banking via Razorpay. For international users we accept PayPal and Google Pay.

Does SecureLint check SSL certificates in real time?

Yes. SecureLint performs a real-time SSL/HTTPS certificate check on every page you visit. If the certificate is expired, self-signed, or the site is running on plain HTTP for a login or payment page, SecureLint raises an immediate alert so you never enter credentials on an insecure connection.

How does the domain age alert work?

Phishing sites are almost always newly registered — often less than 7 days old. SecureLint queries WHOIS data in real time and flags any site where the domain was registered recently, showing you the exact registration date before you interact with the page.

Is SecureLint a VAPT tool?

SecureLint performs a continuous, passive VAPT-style real-time scan directly in your browser. It detects exposed credentials, weak SSL, suspicious domains, phishing indicators, XSS attempts, and clickjacking on every page you visit — without requiring any manual test setup. It is not a replacement for a full penetration test, but gives developers and security teams instant, always-on threat visibility.

What is real-time browser security scanning?

Real-time browser security scanning means SecureLint analyses every page you open, every URL you visit, and every input you type — instantly, before threats can cause damage. It checks for phishing indicators, exposed API keys, SSL validity, domain age, redirect chains, crypto drainers, and XSS payloads — all within milliseconds and entirely inside your browser.

How do I install SecureLint?

Visit the Chrome Web Store, search for 'SecureLint' or click the direct install link on securelint.in. Click 'Add to Chrome', confirm permissions, and SecureLint is active immediately — no account required for the free tier.

Does SecureLint slow down my browser?

No. SecureLint is engineered for sub-millisecond detection using optimised regex engines and a local bloom filter for phishing checks. It runs in a content-script context with minimal CPU and memory footprint — independent benchmark tests show less than 2 ms latency per scan cycle.

What is the Enterprise plan?

Enterprise is designed for IT and security teams. It adds centralized policy management, email DLP and send blocking, WAF and social-domain blocking, incident reporting, admin dashboard, and dedicated support with an SLA. Contact our sales team for pricing.

SecureLint Research Team

VAPTLabs Security Research

Jun 2, 2026·5 min read

Webcam & Screen Recording Detection: How SecureLint Alerts You When a Site Activates Your Camera

Your laptop camera activates. The indicator light — if your device even has one — flickers on. Is it a legitimate video conferencing tool, or is it a web page that silently requested camera access while you were distracted? Most people would never know. SecureLint makes sure you always know exactly which site has activated your camera, microphone, or screen recording permission — and surfaces that information the instant it happens.

The silent camera activation problem

Chrome requires a user permission prompt the first time a site requests camera or microphone access — but that is the only gate. Once you have granted a site permission, it can:

Reactivate the camera on every subsequent visit without prompting you again
Start the camera stream in a background tab that is not currently visible
Activate the microphone independently of the camera using the same previously-granted permission
Request screen capture through the getDisplayMedia API — which does show a picker dialog, but only until the user selects a source, after which the stream runs silently

Malicious sites exploit this by requesting camera or microphone access under a legitimate-seeming pretense (a fake support chat, a fake online exam proctoring tool, a fake webcam test), then using the persistent permission to capture media on subsequent visits. The browser provides no persistent notification that a stream is active in a background tab.

How SecureLint detects camera and microphone activation

SecureLint monitors the browser's permissions API in real time. Specifically, it watches for:

The camera permission state changing to granted on any page
The microphone permission state changing to granted on any page
Any page that holds both camera and microphone permissions simultaneously (strong meeting/surveillance signal)
Camera or microphone activations on pages outside of the known video conferencing URL list (meets.google.com, zoom.us, teams.microsoft.com, etc.) — a potential indicator of surveillance-ware

The detection runs as a background service worker that polls permission states across all open tabs every 3 seconds. When a camera activation is detected, SecureLint fires a real-time notification within 3 seconds of the stream starting.

Screen recording and tab capture detection

Beyond the camera, SecureLint also monitors for screen and tab capture activity:

Screen capture (getDisplayMedia) — Any page that successfully captures the screen, a window, or a tab is logged. SecureLint records the capturing page URL and the type of capture surface selected.
Tab capture via extension API — Browser extensions can capture the content of any tab using the tabCapture API. SecureLint flags extensions that use this API and do not match known legitimate video conferencing tools.
Invisible iframes capturing media — A technique where a hidden 0×0 pixel iframe requests camera access on behalf of a parent page. SecureLint flags camera activations from invisible or off-screen elements.

Note on Meeting Mode:SecureLint's Meeting Mode feature uses camera and microphone permission detection as one of its signals for activating credential blurring. The same detection engine that powers privacy alerts also powers Meeting Mode — so you get both protections from a single mechanism.

What the real-time alert shows

When SecureLint detects a camera, microphone, or screen recording activation, it fires a notification that includes:

The activating page URL — The exact page that started the media stream
The permission type — Camera, microphone, or screen recording
Domain risk score — Whether the activating domain is trusted (known video conferencing tool) or suspicious (young domain, phishing category)
One-click revoke — A button to immediately revoke the site's camera and microphone permissions without opening browser settings
Timestamp and duration — When the stream started and how long it has been active

Enterprise camera access controls

SecureLint Enterprise admins can configure camera and microphone access policies:

Camera access audit log — All camera activations across every employee browser are logged to the admin console with employee identity, activating URL, and duration
Approved site list — Define a list of domains that are approved for camera access (e.g. meet.google.com, zoom.us). Activations outside this list generate a High severity detection event
Auto-revoke on suspicious domains — For domains outside the approved list with a risk score above a configurable threshold, SecureLint automatically revokes camera permission without waiting for user action

Setting up webcam detection in SecureLint

✅Install SecureLint from the Chrome Web Store. Camera and microphone detection is enabled by default.
✅The next time any site activates your camera or microphone, SecureLint fires a notification within 3 seconds showing the activating URL and risk score.
✅Review your permission history in the SecureLint panel — it lists every site that has active camera or microphone permission in your browser.
✅Use the one-click revoke button in the notification or the SecureLint panel to remove camera access from any suspicious site instantly.

Frequently asked questions

Can a website activate my webcam without showing the browser permission prompt?

Not on first request — Chrome always prompts. But once a site has been granted permission, it can reactivate the camera on subsequent visits without prompting again. SecureLint detects this silent reactivation and alerts you every time the camera is accessed, even without a new permission prompt.

Does SecureLint block webcam and microphone access entirely?

No — SecureLint alerts and logs activations by default. You can revoke access with one click from the alert notification. Enterprise admins can configure auto-revoke for domains outside an approved list.

How is SecureLint's detection different from the Chrome camera indicator light?

Chrome's indicator shows that the camera is in use but gives no context about which page, why, or whether the domain is suspicious. SecureLint provides the activating URL, domain risk score, activation history, and one-click revoke — in a visible notification, not a subtle address bar icon.