Forum Discussion
Blurring text for privacy
"The bottom line is that when you need to redact text, use black bars covering the whole text. Never use anything else. No pixelization, no blurring, no fuzzing, no swirling...the last thing you need after making a great technical document is to accidentally leak sensitive information because of an insecure redaction technique." -- Dan Petro, Lead Researcher at offensive security firm Bishop Fox.
When redacting text, it should be edited as an image, rather than being obscured using simple HTML/CSS styling. For example, text masked using the same background color as that of the text body itself can be trivially revealed when
highlighted
.
Researcher "Reverses" Redaction, Extracts Words From Pixelated Image
"The reason why Google and Apple don’t offer a simple blur or pixelate tool might be rooted in the inherent insecurity that these methods bring with them. While it’s not entirely trivial, it’s easy enough to revert pixelated and blurred images to their former state, especially when you try to use these tools to make text unrecognizable. Rather than offer an option that’s proven to be insecure, the two companies might opt to not offer anything at all."