Why blurring sensitive information is a bad idea (2007)

by Schiphol on 7/24/2014, 9:13 AM with 124 comments
  • by bithush on 7/24/2014, 11:15 AM

    I feel this is also very relevant http://en.wikipedia.org/wiki/Christopher_Paul_Neil

    Police took a photo with a "swirl" effect of a paedophiles face and reversed it to reveal a very usable picture. So good in fact he was found and arrested.

  • by mxfh on 7/24/2014, 10:07 AM

    So if something is 1337 days old it gets autoreposted? Could live with that.

    Previous discussion: https://news.ycombinator.com/item?id=1939607

    A bit more precise this post is even older, and was first discussed in 2007 prominently in these two places: http://www.reddit.com/comments/xaae/how_to_extract_personal_...

    https://www.schneier.com/blog/archives/2007/01/how_to_recove...

    (please refrain from responding with XKCD references, I'm aware of that, just want to link to older discussions)

  • by nnnnni on 7/24/2014, 10:23 AM

    Their answer is to "color over it", but BE CAREFUL if you do that. I'm sure that some of us remember the US government document(s) in the late 90s/early 2000s that were released in redacted form, but the person didn't realize/understand that people with the Acrobat editor program could remove the black bars.

  • by nathell on 7/24/2014, 12:06 PM

    In some cases, coloring over parts of the image might still not be enough. Specifically, when all of the following are true: (i) the domain of possible entries is reasonably small (e.g., a number or a name and surname), (ii) the text is printed in a proportional (not fixed-width) typeface, and (iii) enough of the rest of the line is visible to infer the font size and kerning settings.

  • by IvyMike on 7/24/2014, 12:17 PM

    Better yet: change the text to "you think you're clever, don't you" and then blur the image.

    It's a little easter egg for the people with an unblur plugin.

  • by bjourne on 7/24/2014, 12:17 PM

    Has this attack actually been proved possible? He writes that he thinks it should work but doesn't have the time or inclination to prove it. If anyone wants to take a stab at it, I'll gladly submit a mosaiced photo of my credit card because I don't think the attack is practical. If you crack it, you're free to keep whatever you can get. :)

  • by cookiecaper on 7/24/2014, 1:07 PM

    Most people want to blur because they think it makes their photo flow better than gaudy black highlights, but you can also use highlights that match the background color/image and make it blend it in, leaving a big white space on a white background instead of a big black space. Most people won't notice anything is missing at all.

    If you want that pixel mosaic look for extra futuristic feel, remove the original content by making it fade into background, replace with new, irrelevant content, and then pixelize.

  • by hawleyal on 7/24/2014, 12:16 PM

    Not really. You would need to have a copy of an uncovered version to know how many lines of text, font size, kerning et al.

  • by yeukhon on 7/24/2014, 10:24 PM

    Wouldn't cutting that hidden text out entirely with a photo editing tool be better? I've heard people talking about recovering text f. Well, in the case of edges sticking out of the black bar (this happens a lot for people who aren't careful) like using paint, I believe there is a chance to recover partial, if not, the entire content back.

    Also, doesn't adding a black bar on top of a text means just adding more bytes to the file, instead of removing the bytes belonging to the now hidden text?

  • by georgemcbay on 7/24/2014, 5:56 PM

    I think a lot of people are unaware of how easily you can achieve blind deconvolution on many images blurred with most blur algorithms and even real-world blurring effects (including motion, out-of-focus, etc blurs).

    The results won't be perfect, but they are usually close enough to see much of the detail that appeared to be lost.

    I never use blur to obscure sensitive information; black that shit out (and then also make sure you aren't saving it as metadata or in a layer) or just replace it with fake data.

  • by JoshTheGeek on 7/25/2014, 1:28 AM

    http://blog.mailgun.com/open-sourcing-our-email-signature-pa... (https://news.ycombinator.com/item?id=8081532) has some screenshots with blurred email addresses you can read without fancy deciphering.

  • by erikb on 7/24/2014, 10:10 AM

    In some cases even blurring faces might be a bad idea. Just because we are unable to unblur a face today doesn't mean we are unable in 10 years or 100 years. In many cases this might not be a problem but in some cases this might lead to trouble later on which can be avoided just as easily.

  • by Houshalter on 7/24/2014, 12:36 PM
  • by cnst on 7/25/2014, 5:50 PM

    Where did they find such a crappy font for body? SimHei for Latin letters looks absolutely horrendous with disabled font blurring.

    They advise you not to blur, yet require blurring for comfortable reading? How ironic!

  • by tshadwell on 7/24/2014, 4:37 PM

    And when you colour in the picture always use a pen of 100% opacity or the colour can be removed from the image to reveal the data underneath!

  • by ohazi on 7/24/2014, 11:00 PM

    I'll just leave this here:

    http://refocus-it.sourceforge.net/

  • by jheriko on 7/25/2014, 12:02 PM

    do those pixel blocks actually represent accumulated samples from the image?

    any number of very obvious methods can be used to avoid this besides using a black box...

  • by on 7/24/2014, 10:42 AM

    undefined

  • by wcummings on 7/24/2014, 1:02 PM

    I entered an underhanded contest one year where the challenge was recoverable-but-correct-looking redaction of jpegs. I used an insecure random seed based on the time (you could brute force an unredacted image based on the rough time it was generated). The winning solutions were more clever

  • by Udo on 7/24/2014, 10:00 AM

    A nice Gaussian blur would probably be fine, it's specifically the pixelation technique that's leaking data.