General 17 min read

Your Spell-Checker Is a Data-Egress Decision

MMNMNOTE
privacyspell-checklocal-firstdata-egresshunspellharpergrammarlychromeedge

A spell-checker is a data-egress decision. The local engines shipped inside Firefox, Safari, macOS, and Chrome's default mode never leave your device. The cloud engines — Chrome's Enhanced Spell Check, Microsoft Editor, Grammarly — ship your draft to a server, by design, the moment you opt in. The choice is yours; the honest framing is that it is a choice.

The vendors document the boundary themselves. Google's Chrome help page says the Enhanced toggle "sends the text you enter in your browser to Google for improved spelling suggestions"; Basic mode, by contrast, "doesn't send the text you enter in your browser to Google"1. Microsoft's support page says Edge with Microsoft Editor "sends your typed text to a Microsoft cloud service that processes the text to detect spelling and grammar errors," while local mode sends "no data" to Microsoft cloud for the spellchecking service2. Two vendors, the same shape, both quoted from their own pages.

The keystroke nobody audits

Most privacy audits stop at the model, the sync, and the analytics pixel. The spell-checker rarely makes the list. It runs in the background, marks red underlines you barely notice, and is on by default. In the cloud variants, it is the only feature in your editor whose payload is every keystroke you typed long enough to look mistyped.

That blind spot was the surprise of the 2022 disclosure. Josh Summitt, co-founder and CTO of the JavaScript security firm Otto-JS, reported that with Chrome's Enhanced Spell Check or Microsoft Editor enabled, his test of 30 control-group websites found "96.7 percent sent data with PII back to Google & Microsoft" and "73 percent sent passwords when 'show password' was clicked"3.

BleepingComputer's Bill Toulas, reporting the disclosure, quoted Google's on-record response in full. The text "is sensitive personal information" but "Google does not attach it to any user identity and only processes it on the server temporarily," and Google would "be working to exclude passwords proactively from spell check"4. The vendor admission and the vendor mitigation were both in the same statement.

The local path is already on your machine

The engines that perform the local pass are not boutique. Hunspell — the C++ library most desktop apps quietly rely on — describes itself on its own project page as "the spell checker of LibreOffice, OpenOffice.org, Mozilla Firefox & Thunderbird, Google Chrome, and it is also used by proprietary software packages, like macOS, InDesign, memoQ, Opera and SDL Trados"5.

It is, in its own self-description, "C++ library under GPL/LGPL/MPL tri-license"5. The GitHub repository carries 2,517 stars under the LGPL-2.1, last pushed 2026-06-156. Nuspell — a modern C++ port that reads the same dictionary files — claims to be "up to 3.5 times faster than Hunspell" and is "Free and open source software. Licensed under GNU LGPL v3 or later"7. The dictionary format is stable enough that a faster engine is a drop-in re-implementation, not a fork.

Apple's developer documentation describes the system spell-checker as "An interface to the Cocoa spell-checking service" and notes that "to handle all its spell checking, an app needs only one instance of NSSpellChecker, known as the spell checker"8. One process, one shared service, no documented network endpoint. The user dictionary is a plain text file in your home folder. The engine has been in macOS since before "the cloud" was the word people used.

Harper, the modern local-first option

Harper — the newer local entrant — is the offline grammar checker Automattic acquired in late 2024. Its GitHub description reads "Offline, privacy-first grammar checker. Fast, open-source, Rust-powered," and the repository carries 10,918 stars under Apache-2.0, last pushed 2026-06-269. The pitch is a project that does the cloud-checker's job, on your machine, in Rust.

The landing page makes four precise promises. "Every check happens locally. No cloud round-trips, no telemetry, no LLM in the loop"; "Your writing never leaves your computer"; "Suggestions in under 10ms"; and "For harper.js and those that use it under the hood like our Obsidian plugin, we support plaintext and/or Markdown"10. The four lines are quotable because they are checkable: each is a property a reader can verify by watching the network tab.

Harper's stated motivation, in its own README, is direct. The first-person voice writes that Harper "is an English grammar checker designed to be just right. I created it after years of dealing with the shortcomings of the competition"11. The follow-up is contentious: "Everything you write with Grammarly is sent to their servers. Their privacy policy claims they don't sell the data, but that doesn't mean they don't use it to train large language models and god knows what else"12. That is Harper's characterization, not a settled fact about Grammarly. We quote it as the stated motivation of a project whose pitch is local-only, then steelman the alternative.

Grammarly, steelmanned honestly

The fair write-up of Grammarly is not that it leaks. The data leaves your machine — by design — after which the trip is encrypted, audited, and well-governed. Grammarly's controls are real, and the company documents them on its own pages. The trade is structural, not safety-versus-danger.

Grammarly's Storage support article says "Grammarly data is stored on servers hosted by Amazon Web Services in the US"13. Its compliance and security pages add that transfers use "TLS 1.2 protocol" with "AES-256 server-side encryption" at rest, and that Grammarly is "GDPR-compliant" and "HIPAA compliant" with a Business Associate Agreement available for protected health information14. Each of those is a real and well-documented control.

The trade-off is where the data is at the moment of correction, against who is positioned to do something about it. Encryption in transit and at rest is genuine protection against the wire and the disk. It is not the same statement as "the text never left your device." A reader who needs both kinds of comfort has to pick one. The picking is a decision worth making on purpose, in writing, once.

Aaron Gustafson's contrary read

The honest contrary voice on the 2022 disclosure is Aaron Gustafson, a web-standards expert who has worked on Microsoft Edge. Writing on his own site, Gustafson called the original Otto-JS post "a tad alarmist and lacking when it came to recommending solid protections"15. His objection was to the framing, not to the underlying network behaviour.

He confirmed the transmission. "In both Chrome and Edge, the information sent to their services is the text value itself," he wrote, but added that the data was "disconnected from any specific field name," and that he "did not see the same exfiltration happen with Safari or Firefox"15. The honest middle is plain: the text does leave the device when the cloud spell-checker is on; it is not a labelled, structured payload of "home address, password, credit-card number"; it is a stream of typed strings with the field names stripped. Both halves matter.

The boundary, restated

Read the vendor pages back-to-back and the geometry is plain. Chrome's Basic mode and Firefox's built-in check use the engine sitting in your operating system, and the text never leaves your machine. Chrome's Enhanced toggle and Edge with Microsoft Editor "send the text you enter in your browser" to the vendor for improved suggestions, per each vendor's own help12.

Grammarly's product is, end-to-end, a hosted service. Your text moves to Amazon's US data centres, is encrypted in transit and at rest, and is processed there1314. None of these is a secret. Each is documented on the vendor's own help.

The argument for the cloud path is real. Bigger models catch more errors; grammar coaching needs context a local checker may not have; a Microsoft Editor sentence-rewrite is doing more work than a dic/aff lookup. The argument for the local path is also real: a check that never leaves the device cannot leak from somewhere it was never sent. The boundary-call is whether, for this draft and this folder, the marginal gain is worth the marginal egress.

How this fits next to your notes

A draft that stays on your device is just a file on your device. A draft your spell-checker has been streaming to a server is something else. The cloud spell-checker is the smallest data-egress in your editor, which is why it deserves a conscious decision rather than a default. The same instinct underwrites everything else you do not silently send.

The instinct says audit what you send to the AI16 and write a policy file for what never gets sent17. It applies one layer down, to the always-on, opt-out-by-default keystroke pipe most people forget to look at. The cloud spell-checker is the smallest concrete instance of that rule, and the easiest to miss — adjacent to running the model itself on your own machine18, and to keeping the original of every AI summary19.

A few honest caveats follow. Cloud spell-checkers are not malicious by default; the engineering is open, the disclosures are real, and Gustafson's middle read is the calmer one15. Local engines are not magically perfect either: Hunspell catches misspellings, not subtle grammar, and Harper is comparatively young against decades of cloud-side tuning11.

Nothing about a local spell-check pass changes the egress profile of the other things in your editor — the sync, the AI, the plugins20, the passkeys21. Each is its own boundary-call to make once and re-read later22.

Plain Markdown files on your own device, written in a browser editor, end up using whatever spell-checker your browser and operating system already provide. That is local by default on Chrome Basic, Firefox, Safari, and the macOS system service.

It is a separate cloud feature only if you opt into Chrome Enhanced, Edge with Microsoft Editor, or Grammarly's extension. The four local engines never see the bytes; the three cloud engines do. Knowing which is which is the whole privacy gesture.

Frequently asked questions

These seven questions are the verbatim shapes of what people search before they reach for a spell-checker decision. The answers are short on purpose; the long forms live above. Each one names the toggle, the destination, and what the vendor itself says happens to the text.

Is my spell-checker sending my notes to a server? It depends on which one. Chrome's default Basic spell check, Firefox's built-in checker, Safari, and the macOS system service all run locally — the text never leaves your device. Chrome's opt-in Enhanced spell check, Microsoft Edge's Microsoft Editor mode, and Grammarly's browser extension all send your typed text to a server, per each vendor's own help page1213. The boundary is the toggle.

Is Grammarly safe? Grammarly's data-handling controls are real: transit is encrypted with TLS 1.2, storage uses AES-256 at rest in Amazon's US data centres, and the company is GDPR- and HIPAA-compliant with a BAA available1314. The trade-off is structural, not safety-versus-danger: every keystroke leaves your device for processing. Whether that trade is right depends on the draft, the folder, and the device, not on whether the company is trustworthy.

Where does Grammarly store my data? On servers hosted by Amazon Web Services, in the US, per Grammarly's own Storage support article: "Grammarly data is stored on servers hosted by Amazon Web Services in the US"13. Transfers use TLS 1.2; storage uses AES-256 server-side encryption14.

Does Chrome's spell check send my text to Google? Chrome's Basic mode does not — Google's own help page says it "doesn't send the text you enter in your browser to Google"1. Chrome's Enhanced mode does — the same page says it "sends the text you enter in your browser to Google for improved spelling suggestions"1. The toggle is under Settings → Languages → Spell check.

Does Microsoft Edge send my typed text to Microsoft? With Microsoft Editor enabled, yes — Microsoft's own page says Edge "sends your typed text to a Microsoft cloud service that processes the text" and that the data "is not stored and is deleted after processing"2. With Editor disabled, Edge "will perform only local spellchecking on the device, and no data will be sent to Microsoft cloud for spellchecking services"2.

What is a local, open-source spell-checker for Markdown notes? Two solid choices, both free and both local. Hunspell — the engine already inside Firefox, Thunderbird, Chrome, LibreOffice, macOS, and many other apps — under a GPL/LGPL/MPL tri-license56. Harper — Automattic-owned, Apache-2.0, with explicit Markdown support — runs locally with no telemetry and suggestions in under ten milliseconds910.

Does turning off cloud spell-check break anything? For routine misspellings, no. The local pass shipped inside your browser or operating system catches the same red-underline errors it always did. What you lose is the cloud-only grammar and style suggestions — the rewrite of an awkward sentence, the contextual subject-verb fix, the tone change. For drafts where those help, the trade is worth re-making per session; for sensitive notes, the cleaner rule is the local one.


The text under your cursor is yours until the moment it is not. Choose, in writing, which spell-checker gets to see it. The choice has been a vendor toggle all along; treat it as the small, deliberate boundary it is.

This essay is anchored on disclosures the vendors made themselves — on their own help pages, on their own developer docs, and in their own README files — read back-to-back so the geometry of the choice is plain. The other side of the same coin lives at mnmnote.com.

Footnotes

  1. Google. Turn Chrome spell check on and off. Chrome Help, Article 12027911. https://support.google.com/chrome/answer/12027911. Accessed 2026-06-28. 2 3 4 5

  2. Microsoft. Microsoft Editor checks grammar and more in documents, mail, and the web. Microsoft Support. https://support.microsoft.com/en-us/topic/microsoft-editor-checks-grammar-and-more-in-documents-mail-and-the-web-91ecbe1b-d021-4e9e-a82e-abc4cd7163d7. Accessed 2026-06-28. 2 3 4 5

  3. Otto-JS Research Team. Chrome & Edge Enhanced Spellcheck Features Expose PII, Even Your Passwords. otto-js.com, 2022-09-15. Cited via Wayback (live page since changed): https://web.archive.org/web/20220918193317/https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords.

  4. Toulas, B. Google, Microsoft can get your passwords via web browser's spellcheck. BleepingComputer, 2022-09-17. https://www.bleepingcomputer.com/news/security/google-microsoft-can-get-your-passwords-via-web-browsers-spellcheck/. Accessed 2026-06-28.

  5. Hunspell project. Hunspell. https://hunspell.github.io/. Accessed 2026-06-28. 2 3

  6. GitHub. hunspell/hunspell repository — 2,517 stars, LGPL-2.1, last push 2026-06-15. https://github.com/hunspell/hunspell. Accessed 2026-06-28. 2

  7. Nuspell project. Nuspell. https://nuspell.github.io/. Accessed 2026-06-28.

  8. Apple. NSSpellChecker — An interface to the Cocoa spell-checking service. Apple Developer Documentation. https://developer.apple.com/documentation/appkit/nsspellchecker. Accessed 2026-06-28.

  9. GitHub. Automattic/harper repository — 10,918 stars, Apache-2.0, "Offline, privacy-first grammar checker. Fast, open-source, Rust-powered," last push 2026-06-26. https://github.com/Automattic/harper. Accessed 2026-06-28. 2

  10. Harper. Write With Harper. https://writewithharper.com/. Accessed 2026-06-28. 2

  11. Harper. README.md (Automattic/harper, master branch). https://raw.githubusercontent.com/Automattic/harper/master/README.md. Accessed 2026-06-28. 2

  12. Harper. README.md (Automattic/harper, master branch). https://raw.githubusercontent.com/Automattic/harper/master/README.md. (Quote attributed in prose as Harper's stated motivation, not as MNMNOTE's view of Grammarly.) Accessed 2026-06-28.

  13. Grammarly. Where does Grammarly store my data? Is it on their servers? Grammarly Support, Article 360003835291. https://support.grammarly.com/hc/en-us/articles/360003835291. Accessed 2026-06-28. 2 3 4 5

  14. Grammarly. Security and Compliance pages. https://www.grammarly.com/security · https://www.grammarly.com/compliance. Accessed 2026-06-28. 2 3 4

  15. Gustafson, A. Spellcheckers exfiltrating PII? Not so fast. aaron-gustafson.com Notebook, 2022-09-29. https://www.aaron-gustafson.com/notebook/spellcheckers-exfiltrating-pii_-not-so-fast/. 2 3

  16. MNMNOTE blog. Some Notes Should Never Reach the AI: A Plain-Text Boundary You Decide Once. https://blog.mnmnote.com/posts/decide-what-not-to-feed-the-ai.

  17. MNMNOTE blog. Does Your AI Assistant Train on Your Notes? https://blog.mnmnote.com/posts/does-your-ai-assistant-train-on-your-notes.

  18. MNMNOTE blog. Run Private AI on Your Own Notes (No Cloud). https://blog.mnmnote.com/posts/local-private-ai-notes.

  19. MNMNOTE blog. The Summary Is a View, the Note Is the Source. https://blog.mnmnote.com/posts/let-the-ai-summarize-but-keep-the-original.

  20. MNMNOTE blog. Your Note App's Plugins Are an Attack Surface. https://blog.mnmnote.com/posts/your-note-apps-plugins-are-an-attack-surface.

  21. MNMNOTE blog. 5 Billion Passkeys Later: Holding a Key Is Not the Same as Owning It. https://blog.mnmnote.com/posts/passkeys-own-your-keys.

  22. MNMNOTE blog. Software Is Quietly Moving Back to Your Device. https://blog.mnmnote.com/posts/local-first-own-your-data-2026.