How Browser Based Media Retrieval Tools Like Snapinstaink Handle HTTPS Requests

I wanted to start a discussion around the security and privacy aspects of browser based media retrieval tools from a web security perspective. Tools like snapinstaink that retrieve original quality media from public Instagram post URLs operate entirely through standard HTTPS requests in the browser without requiring any software installation or account creation. From a security standpoint this means there are no background processes, no stored credentials, and no persistent permissions on the user device. The tool simply parses a public URL and serves the media file as a direct browser download. I am curious how others in the security community evaluate the risk profile of this type of stateless browser based tool compared to installed applications that request device permissions for the same task. Has anyone done a comparative analysis of the attack surface differences between browser based and installed application approaches for social media content retrieval.