Paedophile Used 'Swirl' Effect To Hide. How Interpol 'Unswirled' Him:
<a href="https://www.ndtv.com/world-news/christopher-paul-neil-paedophile-used-swirl-effect-to-hide-how-interpol-unswirled-him-8494633" rel="nofollow">https://www.ndtv.com/world-news/christopher-paul-neil-paedop...</a>
The Flameshot screenshot tool uses an interesting variant of pixelation that does protect the text from unredaction: <a href="https://github.com/flameshot-org/flameshot/commit/533a1b7d55d3b50d8ccbc91b1abde8a87886034a" rel="nofollow">https://github.com/flameshot-org/flameshot/commit/533a1b7d55...</a><p>> Since pixelation does not protect the contents of the pixelated area (see e.g. <a href="https://github.com/bishopfox/unredacter" rel="nofollow">https://github.com/bishopfox/unredacter</a>), _pseudo-pixelation_ is used:<p>> Only colors from the fringe of the selected area are used to generate a pixelation-like effect. The interior of the selected area is not used as an input at all and hence can not be recovered.<p>The edges of the pixelated area are used the generate a color palette, and then each pixel is generated by randomly sampling from that pallete's gradient.
Or, you do the equivalent of adding a hash, and apply mosaic to it twice, with two slightly different size regions. Or apply both mosaic and swirl in random order. Or put a piece of random text over it before you mosaic it.<p>The main point here stands -- using something with a fixed algorithm for hashing and a knowable starting text is not secure. But there are a ton of easy fixes to add randomness to make it secure.
Surprised to see my article float up again so many years later.<p>I wouldn't consider a mosaic + swirl to be fully secure either though, especially considering both of these operations may preserve the sum of all pixels, which may still be enough entropy to dictionary attack a small number of digits.
To make it more fun for the maths nerds and to keep them guessing, replace the underlying contents with mostly random garbage (probably not full on obvious white noise) and then pixelize that: <a href="https://imgur.com/a/CTM4Zlv" rel="nofollow">https://imgur.com/a/CTM4Zlv</a> :)<p><i>Not serious advice.</i>
I remember a protocol which required the text to be replaced with random-length output of a Markov chain text generator, and only then pixelizing.<p>Oh, you've spent hours on unpixelizing my secrets? Well congratulations, is the last telescope that, nor drink from shrinking nothing out and this and shutting.
if you fully control the text and layout, you could just replace the redacted text with [redacted]
Only names are allowed, of long-dead people.
Oooh oooh I know, I know! Replace the text with strings of all-caps five-letter groups that look just like oldschool CW encrypted messages, and that'll keep the MXGJD SWLTW UODIB guessing until AMEJX OYKWJ SKYOW LKLLW MYNNE XTWLK!
Good article - one takeaway is that any redaction process which follows a <i>fixed</i> algorithmic sequence (convolutions, transformation filters, etc) is potentially vulnerable to a dictionary attack.
I see what you mean, but FWIW “fixed” doesn’t sufficiently constrain or describe it. For example, filling a rectangle with black or random pixels is a fixed algorithmic sequence, same might go for in-painting from the background. The redaction output simply should not be a function of the sensitive region’s pixels. The information should be replaced, not modified.
Or put simply - remove the info don't transform the info
related: <a href="https://news.ycombinator.com/item?id=43695701">https://news.ycombinator.com/item?id=43695701</a>
Also related<p><a href="https://news.ycombinator.com/item?id=34031568">https://news.ycombinator.com/item?id=34031568</a>
You should be blacking out information, to be sure, but credit card numbers are one of the very few examples where cracking makes sense, given that otherwise you don't know the pattern nor the font. Assuming it's text at all.
Or the common case of redacting a name, address, or other sensitive text in a screenshot of a web page, word doc or PDF. In those, getting the font is very straightforward.<p>You also don't need to match the whole redacted text at once - depending on the size of the pixels, you can probably do just a few characters at a time.