Is It Safe to Use a Webcam App to Stop Nail Biting? Privacy Explained
The core privacy concern with webcam habit apps
The idea of running a webcam continuously during work hours raises an obvious and legitimate concern: where does the camera data go? Most people have an intuitive understanding that webcam footage is sensitive — it captures your face, your environment, and potentially other people in your space.
The answer depends entirely on whether the app processes video on-device or sends it to a server. Cloud-based processing — where video frames are transmitted to a server for analysis — creates genuine privacy risks regardless of the app developer's stated policies. On-device processing, where all analysis happens locally on the user's own hardware, eliminates the transmission risk by design.
How on-device AI processing works
Stop Biting uses MediaPipe, Google's open-source machine learning framework, compiled to WebAssembly — a portable binary format that runs at near-native speed inside browsers and desktop applications. The hand and face landmark detection models run entirely on the user's local CPU or GPU. No video frames, no landmark coordinates, and no detection events are transmitted to any server.
This can be independently verified by anyone using network monitoring tools (Charles Proxy, Wireshark, or the browser's built-in Network tab in Developer Tools). Running Stop Biting while monitoring network traffic will show zero camera-related network requests. The absence of data transmission is architectural — there is no server endpoint to send data to, because all processing is local.
What data is and is not stored
Stop Biting stores the following data locally on your device: bite count statistics (number of detections per session), streak data (consecutive days without biting), and session logs used to generate the 7-day frequency chart. None of this data includes video, images, or biometric data. It is equivalent to a manual tally in a notebook — counts and timestamps, not recordings.
This data is stored in a local SQLite database. It is not synced to any cloud service, not accessible to the app's servers, and is deleted permanently when the app is uninstalled. Your Google account is used only for authentication (to verify your subscription status) and does not store any habit data.
The camera permission question
Stop Biting requests camera permission, as any webcam-based application must. On macOS, Windows, and in the browser, this permission can be revoked at any time through system privacy settings. The app cannot access the camera without active permission.
Importantly, granting camera permission does not mean your camera feed is being recorded or transmitted — it means the application has access to the camera stream for local processing. The distinction between access and transmission is the key architectural fact. MediaPipe receives each frame as a JavaScript object, performs landmark detection, and discards the frame. No frame is written to disk or sent over the network.
How to verify the privacy claims yourself
Independent verification is straightforward. Open your browser's Developer Tools (F12), navigate to the Network tab, and start a Stop Biting session. Filter network requests by "Media" or "WebSocket." During normal detection operation, you will see no camera-related traffic. The only outgoing requests will be to the authentication API (to verify your session token) — not camera data.
For desktop app users, tools like Little Snitch (macOS) or GlassWire (Windows) provide real-time network monitoring and will similarly show no camera-related outbound traffic during app operation. Privacy claims that can be independently verified by users are meaningfully different from privacy policies that must be taken on trust.