> Only colors from the fringe of the selected area are used to generate a pixelation-like effect. The interior of the selected area is not used as an input at all and hence can not be recovered.
The edges of the pixelated area are used the generate a color palette, and then each pixel is generated by randomly sampling from that pallete's gradient.
To make it more fun for the maths nerds and to keep them guessing, replace the underlying contents with mostly random garbage (probably not full on obvious white noise) and then pixelize that: https://imgur.com/a/CTM4Zlv :)
I remember a protocol which required the text to be replaced with random-length output of a Markov chain text generator, and only then pixelizing.
Oh, you've spent hours on unpixelizing my secrets? Well congratulations, is the last telescope that, nor drink from shrinking nothing out and this and shutting.
Oooh oooh I know, I know! Replace the text with strings of all-caps five-letter groups that look just like oldschool CW encrypted messages, and that'll keep the MXGJD SWLTW UODIB guessing until AMEJX OYKWJ SKYOW LKLLW MYNNE XTWLK!
Flameshot (a screenshot tool) in its newer versions (!!) uses random noise for pixelation, and colors it based on the un-noised surroundings so it blends in reasonably.
It's a nice mix if optically unobtrusive, algorithmically secure, and pleasant to look at.
Good article - one takeaway is that any redaction process which follows a fixed algorithmic sequence (convolutions, transformation filters, etc) is potentially vulnerable to a dictionary attack.
I see what you mean, but FWIW “fixed” doesn’t sufficiently constrain or describe it. For example, filling a rectangle with black or random pixels is a fixed algorithmic sequence, same might go for in-painting from the background. The redaction output simply should not be a function of the sensitive region’s pixels. The information should be replaced, not modified.
> Remember, you want to leave your visitors with NO information, not blurred information.
Blacking out text still gives attackers an idea of the length of the original, which can be useful information, especially when the original is something like a person's name. You can mitigate that by either erasing the text completely (e.g. replace it with the background color of the paper) or making the bars longer.
Yeah I helped out a bit with Freenet before I saw what was being posted. Basically 4chan. Lots of edge lords.
But I helped because a friend dragged me to Amnesty International meetings in college and so I knew there were people who legitimately needed this shit.
Tor is the big example for me, created to allow people to have the ability to speak freely without being tracked, often criticized because it allows those things for our criminals (it has to be kept in mind that the spies and dissidents that are/were using Tor are considered criminals in their country)
When a law is unjust it will be broken by those on the right side of history. Software can’t tell if a law is just or not.
So if you want to support suffragists or underground railroads you’re making software that breaks the law.
Really we are all breaking some law all the time. Which is how oppression works. Selective enforcement. ‘Give me six lines from the most innocent man and I will find in them something to damn his soul.”
There is no such thing as "good" or "bad" - actions are meaningless - it's the context that makes the difference.
Example: Sex
Good when the context is consenting adult (humans)
Bad when the context is not.
Further, "One man's 'freedom fighter' is another man's 'terrorist'" - meaning context is very much in the eye of the beholder.
Couple this with the Taoist? fable "What luck you lost a horse" where the outcome of an event can not really be determined immediately, it may take days, months, years to show.
And you are left with - do we really have any idea on what is right/wrong
So, my philosophical take is - if it leads toward healthy outcomes (ooo dripping with subjective context there...) then it's /likely/ the right thing to do.
When I spoke with an AI on this recently the AI was quick to respond that "Recreational drug use 'feels good' at first, but can lead to a very dark outcome" - which is partly true, but also demonstrates the first point. Recreational drug use is fine (as far as I am concerned, after my 4th cup of tea) as long as the context isn't "masking" or "crutch" (although in some cases, eg. PTSD, drug use to help people forget is a vital tool)
Or, you do the equivalent of adding a hash, and apply mosaic to it twice, with two slightly different size regions. Or apply both mosaic and swirl in random order. Or put a piece of random text over it before you mosaic it.
The main point here stands -- using something with a fixed algorithm for hashing and a knowable starting text is not secure. But there are a ton of easy fixes to add randomness to make it secure.
Surprised to see my article float up again so many years later.
I wouldn't consider a mosaic + swirl to be fully secure either though, especially considering both of these operations may preserve the sum of all pixels, which may still be enough entropy to dictionary attack a small number of digits.
It's probably the least secure of the ones I mentioned, yes. But even so, it massively increases the search space for a dictionary attack because the attacker doesn't know which algorithm was applied first.
But yes, at the end of the day, the best bet is to just take a mosaic of a random text and place it over the text you're trying to obscure. The reason people use mosaic is because it is more aesthetic than a black box, but there is no reason it has to be a mosaic of the actual text.
I don't think this does enough to destroy the data you're trying to hide. Each blue operation on its own is reversible, I don't see why stacking blurring operations, even if they affect different areas each time, changes things.
You should be blacking out information, to be sure, but credit card numbers are one of the very few examples where cracking makes sense, given that otherwise you don't know the pattern nor the font. Assuming it's text at all.
Or the common case of redacting a name, address, or other sensitive text in a screenshot of a web page, word doc or PDF. In those, getting the font is very straightforward.
You also don't need to match the whole redacted text at once - depending on the size of the pixels, you can probably do just a few characters at a time.
> Since pixelation does not protect the contents of the pixelated area (see e.g. https://github.com/bishopfox/unredacter), _pseudo-pixelation_ is used:
> Only colors from the fringe of the selected area are used to generate a pixelation-like effect. The interior of the selected area is not used as an input at all and hence can not be recovered.
The edges of the pixelated area are used the generate a color palette, and then each pixel is generated by randomly sampling from that pallete's gradient.
reply