HN

Comments (35)

• alright2565
  The Flameshot screenshot tool uses an interesting variant of pixelation that does protect the text from unredaction: https://github.com/flameshot-org/flameshot/commit/533a1b7d55...> Since pixelation does not protect the contents of the pixelated area (see e.g. https://github.com/bishopfox/unredacter), _pseudo-pixelation_ is used:> Only colors from the fringe of the selected area are used to generate a pixelation-like effect. The interior of the selected area is not used as an input at all and hence can not be recovered.The edges of the pixelated area are used the generate a color palette, and then each pixel is generated by randomly sampling from that pallete's gradient.
• quchen
  Flameshot (a screenshot tool) in its newer versions (!!) uses random noise for pixelation, and colors it based on the un-noised surroundings so it blends in reasonably.It's a nice mix if optically unobtrusive, algorithmically secure, and pleasant to look at.
• Menu

  KronisLV
  To make it more fun for the maths nerds and to keep them guessing, replace the underlying contents with mostly random garbage (probably not full on obvious white noise) and then pixelize that: https://imgur.com/a/CTM4Zlv :)Not serious advice.
• kmoser
  > Remember, you want to leave your visitors with NO information, not blurred information.Blacking out text still gives attackers an idea of the length of the original, which can be useful information, especially when the original is something like a person's name. You can mitigate that by either erasing the text completely (e.g. replace it with the background color of the paper) or making the bars longer.
• Menu

  vunderba
  Good article - one takeaway is that any redaction process which follows a fixed algorithmic sequence (convolutions, transformation filters, etc) is potentially vulnerable to a dictionary attack.
• Menu

  petters
  Paedophile Used 'Swirl' Effect To Hide. How Interpol 'Unswirled' Him: https://www.ndtv.com/world-news/christopher-paul-neil-paedop...
• Havoc
  Or put simply - remove the info don't transform the info
• Menu

  jedberg
  Or, you do the equivalent of adding a hash, and apply mosaic to it twice, with two slightly different size regions. Or apply both mosaic and swirl in random order. Or put a piece of random text over it before you mosaic it.The main point here stands -- using something with a fixed algorithm for hashing and a knowable starting text is not secure. But there are a ton of easy fixes to add randomness to make it secure.
• Menu

  ElijahLynn
  When I blur out sensitive information, I blur out: * the whole thing * then a random subset * then another random subset * then the whole thing againThis feels safe to me, I suppose with machine learning it could still be cracked though. Thoughts on this technique?
• tom1337
  related: https://news.ycombinator.com/item?id=43695701
• Menu

  ectospheno
  You take the original document and manually retype it into a different file format. Very hard to reverse that.
• hyperific
  Also relatedhttps://news.ycombinator.com/item?id=34031568
• Menu

  MadameMinty
  You should be blacking out information, to be sure, but credit card numbers are one of the very few examples where cracking makes sense, given that otherwise you don't know the pattern nor the font. Assuming it's text at all.