Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Blurring Images Not So Secure

CmdrTaco posted more than 7 years ago | from the release-the-blue-dot dept.

Security 166

An anonymous reader writes "Dheera Venkatraman explains in a webpage how an attacker might be able to extract personal information such as check or credit card numbers, from images blurred with a mosaic effect, potentially exposing the data behind hundreds of images of blurred checks found online, and provides a ficticious example. While much needs to be developed to apply such an algorithm to real photographic images, he offers a simple, yet obvious solution: cover up the sensitive information, don't blur it."

cancel ×

166 comments

Sorry! There are no comments related to the filter you selected.

Japanese porn (5, Funny)

Boccaccio (762644) | more than 7 years ago | (#17497332)

Will this work on Japanese porn too? My friend wants to know.

Re:Japanese porn (0)

Anonymous Coward | more than 7 years ago | (#17497366)

Yes, it works even better on animations. Algorithmically it's a time-resolution tradeoff. You can buy deblockers on the Japanese market.

Re:Japanese porn (0)

Anonymous Coward | more than 7 years ago | (#17497426)

It does but everything comes out sideways. You'll need the flip 180-filter to get the footage back to what you're used to seeing.

Re:Japanese porn (5, Informative)

1u3hr (530656) | more than 7 years ago | (#17497568)

Try GMask [nifty.com] . This method of mosaic masking is often used to make the images legal for Japanese webpages, yet allow perverts to recover the original image.

Now cue about 50 posts talkng about the "CSI Photoshop enhance plugin".

Re:Japanese porn (4, Funny)

Anonymous Coward | more than 7 years ago | (#17498070)

Only on Slashdot would this man's question get an informative reply. I now remember why I've wasted 9 years of my life browsing this site. Thanks!

Re:Japanese porn (0)

Anonymous Coward | more than 7 years ago | (#17498196)

http://homepage3.nifty.com/furumizo/l_gmaskd.htm [nifty.com]
And source code for linux. Untranslated, inconveniently.

Re:Japanese porn (0)

Anonymous Coward | more than 7 years ago | (#17498282)

Translation aside, looks like it needs `gnome-config --cflags gnome` instead of `gtk-config --cflags`
in Makefile at a bare minimum.
And a lot of cleanup in general.

Re:Japanese porn (4, Funny)

Fred_A (10934) | more than 7 years ago | (#17498380)

Translation aside, looks like it needs `gnome-config --cflags gnome` instead of `gtk-config --cflags`
in Makefile at a bare minimum.
And a lot of cleanup in general.
Witness the power of Open Source as it is unleashed in Real Time when faced with a pr0n related problem !

Re:Japanese porn (0)

Anonymous Coward | more than 7 years ago | (#17498438)

Vous avez votre lat/lon dans le LOC de votre site aussi?
host -t LOC yahoo.com

Re:Japanese porn (1)

Tablizer (95088) | more than 7 years ago | (#17499028)

Witness the power of Open Source as it is unleashed in Real Time when faced with a pr0n related problem !

A new ad compaign: "Go with the Penguin, it can do pr0n better than the Gat35."
     

Re:Japanese porn (5, Funny)

Tablizer (95088) | more than 7 years ago | (#17498990)

Will this work on Japanese porn too?

Only if the number of possible cunts is fixed and known.
     

bars (-1, Redundant)

eneville (745111) | more than 7 years ago | (#17497376)

use pr0n bars. i can see that things such as motion blur do not really obscure the image sufficiently. pixcelate could be reversible but i cannot see it restoring very much.

Re:bars (0)

Anonymous Coward | more than 7 years ago | (#17497468)

You basically repeated the article adding less information. Amazing.
Pixelate is exactly what he was demonstrating.
Early comments on /. are always blatant attempts to pass off 30 seconds of keyboard pounding as intellect to eke out a few moderation points.

Re:bars (2, Insightful)

eneville (745111) | more than 7 years ago | (#17497538)

and what is wrong with saying "i agree" to the article. this is a public forum for people to voice opinions, if you think that is wrong, just set the widget to show comments rated +5.

Re:bars (0)

Anonymous Coward | more than 7 years ago | (#17497626)

Ah, proof that you never expect to be modded up to +5.

Re:bars (1)

j00r0m4nc3r (959816) | more than 7 years ago | (#17497854)

Can someone agree with an article they didn't read?

Re:bars (1)

eneville (745111) | more than 7 years ago | (#17497894)

Can someone agree with an article they didn't read?
and some mod themselves +5...

You're new here, aren't you? (5, Funny)

KH2002 (547812) | more than 7 years ago | (#17497896)

You're new here, aren't you?

and please... (4, Funny)

macadamia_harold (947445) | more than 7 years ago | (#17497392)

While much needs to be developed to apply such an algorithm to real photographic images, he offers a simple, yet obvious solution: cover up the sensitive information, don't blur it."

And please, when you cover the information with black bars, use Adobe Acrobat. (this solution brought to you by the CIA)

Re:and please... (3, Interesting)

solafide (845228) | more than 7 years ago | (#17497480)

If you don't remember or want a refresher on what happened, the original article is at http://it.slashdot.org/article.pl?sid=06/06/22/138 210 [slashdot.org] . It's worth bookmarking in case you ever need to do the same yourself.

Re:and please... (1)

FLEB (312391) | more than 7 years ago | (#17498748)

Actually, if you look at the box for Acrobat 8 (USA, YMMV) they list "Secure redaction" as a bullet-point on the back of the box. Apparently they've put in a feature that allows you to select text and actually delete it underneath the redaction bar. Another blow struck in the battle for information transparency via stupidity.

Sqinting Works (4, Funny)

bmsleight (710084) | more than 7 years ago | (#17497396)

Squinting [wiktionary.org] your eyes also works.

Re:Sqinting Works (2, Insightful)

jones_supa (887896) | more than 7 years ago | (#17497490)

Squinting your eyes also works.
It really does. Some of the codes are so lightly blurred that they can be interpreted with only bare eyes.

Re:Sqinting Works (4, Funny)

Oddscurity (1035974) | more than 7 years ago | (#17497630)

Either that, or you end up seeing a 3D schooner.

Re:Sqinting Works (1)

iamblades (238964) | more than 7 years ago | (#17498242)

Ha ha ha ha. You dumb bastard. It's not a schooner... it's a Sailboat.

Re:Sqinting Works (4, Funny)

Emetophobe (878584) | more than 7 years ago | (#17498038)

Squinting your eyes also works.
What else would you squint?

old news - I see this on TV every day. (4, Funny)

gbjbaanb (229885) | more than 7 years ago | (#17497404)

damn right. I see this happening on CSI all the time, the licence plate, blurred, reflected in a window, with someone standing in front of it.. just 'clean up the image', and bobs your uncle - one licence plate revealed clear as day. :)

Re:old news - I see this on TV every day. (4, Funny)

Dachannien (617929) | more than 7 years ago | (#17497450)

It's hilarious every time they do this. They start with a picture of some guy's face from 500 feet away that looks like a big skin-colored blur, and by the time they're done enhancing it, you can see right up the guy's nose. Of course, they want to keep it realistic: to show that you can only enhance an image so much, his nose hairs are slightly pixelated.

Re:old news - I see this on TV every day. (2, Funny)

1u3hr (530656) | more than 7 years ago | (#17497614)

Of course, they want to keep it realistic:

Whichis why it uses the authentic photpenhance sound effect as the image appears in rows, like dot matrix printer. Us imaging professionals see that every day.

The weird thing is that they must have a whole staff of highly qualified computer geeks who do their effects who could tell them this was bullshit.

Re:old news - I see this on TV every day. (1)

kfg (145172) | more than 7 years ago | (#17497772)

The weird thing is that they must have a whole staff of highly qualified computer geeks who do their effects who could tell them this was bullshit.

It isn't weird at all if you understand that Jerry does this stuff because it's bullshit; and why.

KFG

Re:old news - I see this on TV every day. (3, Interesting)

radtea (464814) | more than 7 years ago | (#17498548)

The weird thing is that they must have a whole staff of highly qualified computer geeks who do their effects who could tell them this was bullshit.

You need to realize that CSI is science fiction masquerading as a cop show. Their impossible tricks with image processsing and the like are the show's equivalent of FTL travel. But despite having miraculous technology, they actually get the method and attidudes of science right, at least on the original series. They look at the evidence, and struggle to overcome their prejudices regarding what they would like to be true. Sometimes they follow false trails, and have to accomodate new facts by discarding the theory they've built up so far.

Gil Grissom may be the only character in TV history who actually behaves more-or-less like a real scientist.

Re:old news - I see this on TV every day. (0)

Anonymous Coward | more than 7 years ago | (#17498698)

Gil Grissom may be the only character in TV history who actually behaves more-or-less like a real scientist.
Duh, that's because he IS a real scientist on the show. I'm on the edge of my seat waiting for him to get back and open that box with the new miniature-killer scene in it though! They had wrapped that plot so nicely with the train dude, but now so many questions!

Re:old news - I see this on TV every day. (2, Insightful)

1u3hr (530656) | more than 7 years ago | (#17498818)

They look at the evidence, and struggle to overcome their prejudices regarding what they would like to be true. Sometimes they follow false trails, and have to accomodate new facts by discarding the theory they've built up so far.

I suppose that's one way to look at it. For me, I gave up after the first season. The "false trails" thing just became a cliche; you KNOW that it's never the one or how who it seems to be first; that's always a red herring. And the complete unreality of the CSI geeks going around with guns, interrogating people, being action heroes, made it harder to suspend disbelief. Actually, I think the X-Files got procedure more realistic.

Re:old news - I see this on TV every day. (1)

ScrewMaster (602015) | more than 7 years ago | (#17498974)

Ah yes .... the patented CSI "reverse algorithmic". That one earned a chuckle from me.

Re:old news - I see this on TV every day. (1)

eneville (745111) | more than 7 years ago | (#17497606)

CSI is the *worst* program on the TV for anything forensic related. If you forensics something better in the UK such as postmortem, murder detectives and the like is far better to find out how people are killed in their own homes.

Re:old news - I see this on TV every day. (1)

rednip (186217) | more than 7 years ago | (#17498284)

I see this happening on CSI all the time
Yea, and I see time and space travel on TV all the time too. CSI doesn't pretend to be anything more than fiction and expecting a TV show to be more realistic just because it's popular is like expecting blog writers to be accurate, it's nice when it happens, but I don't expect it.

Re:old news - I see this on TV every day. (1)

Hotawa Hawk-eye (976755) | more than 7 years ago | (#17499550)

Unfortunately, there are plenty of people who think of CSI as science fact, and when they get on juries they expect both sides to have CSI-like evidence [wikipedia.org] .

Impossible! (2, Insightful)

Anonymous Coward | more than 7 years ago | (#17497442)

You do realise that an algorithm to "un-blur" a blurred image is a total waste of time, right? There's no way for the algorithm to know how many times and in what various directions I blured the image - or if I added/deleted text before blurring. It's like a virus for Linux.. no one writes it because it's a waste of time. Leave it to slashdot to post bullshit.

Re:Impossible! (5, Informative)

dheera (1003686) | more than 7 years ago | (#17497464)

the problem is more the fact that so many people on the internet use just a simple mosaic to do blurring. i can cite enough examples from google image search if i wanted to. others resort to applying a motion blur effect just once which can be reversed by deconvolution if it's not blurred enough. if you use the smudge tool, good for you, i don't think there's a good way to reverse that. the problem is that blurring and mosaic techniques are simple, consistent transformations, while smudging is not.

Re:Impossible! (1)

ben there... (946946) | more than 7 years ago | (#17497618)

I really don't get why people post sensitive information on the web in any form. The example in the article shows a "Sample" check. Then mentions something about a real check involving winning 1 million dollars.

So, if you blurred it, you must have edited the photo. So in no way does a photoshopped photo prove you won a million dollars. Completely blanking out (with pure white, pure black, a texture, etc) the image proves just as much as the blur. WTF is the point? By contrast, PDFs and DOC files requires understanding the format and taking the necessary precautions to delete sensitive data. But images and text files are easy to completely remove data.

If it is more the screenshot/example/illustration type of image, why not remove the data and replace it with a photoshop text box containing invalid numbers? The font doesn't even need to match. Who cares? Doesn't matter. Similar to chain letters and internet hoaxes, I don't think I'll ever understand why people do stupid stuff like this.

Re:Impossible! (1)

mustafap (452510) | more than 7 years ago | (#17497744)

Personally, I just replace the part to be hidden with an image of a similar type. For example, in all my pictures of porn or gratuitous violence I replace the heads of any identifiable individuals with that of Bill Gates. Works great ( well, apart from the porn )

Re:Impossible! (0)

Anonymous Coward | more than 7 years ago | (#17497974)

A man with Bill Gates fetish.
Now i've seen everything.

Re:Impossible! (1)

KDR_11k (778916) | more than 7 years ago | (#17497466)

The idea is not to reconstruct arbitrary information from a blurred image, it's to "decrypt" text that was blurred.

Re:Impossible! (1)

TheSpoom (715771) | more than 7 years ago | (#17498292)

Did you read the article? (Yeah, I know, this is Slashdot.)

Dude was effectively talking about a dictionary attack on the blurred information; he was treating it as a one-way hash and was at no time attempting to decrypt the information. What he was doing was reencrypting (reblurring) every possible combination possible on the image in question and seeing which one was closest. For a mosaic effect like the one he described (which is used quite frequently), it seems to be pretty effective.

Re:Impossible! (1)

jbengt (874751) | more than 7 years ago | (#17499176)

For an intentionally blurred image that's done right, it's not useful. But for a poorly done mosaic, some useful info may be retrievable.
I don't think the poster's scheme is plausible in real life, for one thing, you have no way of exactly matching up the resolution, zoom level, brightnesses, contrasts, position of the original text image, making his dictionary attack-style algorithm much harder.
But, slightly off-topic, in real life blurring is usually caused by something like bad focus, camera motion, aggressive quantization. It is plausible to get a more viewable image and extract some useful information by "un-blurring".
Still, one needs to understand, that after running an image enhancement, the resulting image will typically hold less information than the original, and at best will hold the same amount of information. The usefulness of enhancment is in presenting the information in a way the human eye can see.

Re:Impossible! (1)

Inquisitus (937664) | more than 7 years ago | (#17499238)

RTFA. He's not suggesting an un-blurring technique.

how about a big DUH..... (3, Funny)

p51d007 (656414) | more than 7 years ago | (#17497460)

Anytime I post a picture, such as a car with a license plate, I BLANK out the numbers/letters with three colors, a block of white, then a block of silver, then a block of black. Not layers, just the colors.

Re:how about a big DUH..... (1, Funny)

Anonymous Coward | more than 7 years ago | (#17497816)

I am confused as to how this three-color method protects any better than just applying that final black bar.

Re:how about a big DUH..... (1)

creysoft (856713) | more than 7 years ago | (#17498134)

Whoooooosh....

He was parodying the massive level of ignorance this thread is displaying about Photoshop, and image processing in general.

give that man a Cigar... (1)

p51d007 (656414) | more than 7 years ago | (#17499520)

He gets it :)

Re:how about a big DUH..... (1, Insightful)

Anonymous Coward | more than 7 years ago | (#17497872)

What would be wrong if you blanked out the numbers with just one color?

Re:how about a big DUH..... (3, Funny)

KDR_11k (778916) | more than 7 years ago | (#17498276)

He left the opacity slider at 80%

Blurring CAN be secure (1)

doktorstop (725614) | more than 7 years ago | (#17497472)

Blurring can be made secure, if the picture is blurred or pixelated) to the maximum. Then no one can see the original numbers any longer, therefore creating the highest possible degree of security.

Re:Blurring CAN be secure (3, Interesting)

dheera (1003686) | more than 7 years ago | (#17497500)

not always true. while it's reasonably good today, some day in the future, if we have 16-bit color channel depth ever become a standard (a 16-bit tiff for example), there will be enough data maintained at the edges of the blurred region to reconstruct the data. all you have to do is FFT the region, divide by a gaussian, inverse FFT, then keep repeating for different gaussians - this will basically divide out the system function used for blurring. 8-bit channels of today don't quite make it practical resolution-wise, but just a heads up so you don't get a false sense of security.

Re:Blurring CAN be secure (1)

Yetihehe (971185) | more than 7 years ago | (#17497574)

To cite one quote: Any sufficiently blurred image is indistinguishable from covered image.

RTFA (4, Informative)

porneL (674499) | more than 7 years ago | (#17497594)

The whole point of the article is that blurring and pixelating beyond recognition isn't enough. You don't need to see the original numbers, you just have to find numbers that blur to a similar blob. It's a dictionary attack with blur as a hash function.

Re:Blurring CAN be secure (1)

1u3hr (530656) | more than 7 years ago | (#17497636)

Blurring can be made secure, if the picture is blurred or pixelated) to the maximum. Then no one can see the original numbers any longer, therefore creating the highest possible degree of security.

Please, RTFA. If you know these are numbers and the font (as on a credit card) that means you only have to get 10 levels of grey to have an excellent chance of working each digit out. You can't "see" it, but the information is there. Just use the eyedropper to select one colour, then paint over it.

Re:Blurring CAN be secure (1)

Cpt. Fwiffo (42356) | more than 7 years ago | (#17498054)

Did you actually read the article?
the idea is that in (quite a lot) of cases, it is possible to do a brute force attack against the blurring (which is what is being described).
The blurring function can be thought of as a hash function. if the hash function is known (which is quite probable) and the dataset over which the hash occurs is known (say, a string of up to 20 numbers), it can be brute forced (nothing new here, but that's the actual thing)

However good blurring is, it is still comparable to a hash function. As such, as long as the underlying dataset over which it hashes is small, a brute force attack can simply hash all possible values of the dataset, compare it to the original, and see what the actual value probably (barring collisions) was.

Think. Then think some more. Blurring might work on a sufficiently large dataset. But it's similar to you having to guess my password, which I'll just give you the MD5 hash of, and, oh wait, it's no longer then 8 characters. You'll brute force it if you want to. Even if it's ^#`D_,Hy (or something similarly silly).
If you blur an entire page, then all of a sudden the dataset has become much larger (and probably out of brute-force range, although even that might not be the case: similar to cryptography you might be able to make out seperate words, and crack those, quickly reducing the number of total characters to separate strings instead.

And of course, yes, blurring can work. Mark everything black (or white). it's the uberform of blurring. and that works. But that's not what's being done mostly, and it *is* what *should* be done. It's just shown that this is bad security thinking. REALLY bad security thinking.

And cover it correctly... (4, Interesting)

haakondahl (893488) | more than 7 years ago | (#17497494)

An unclassified report was released with information blacked out to make it unclassified. The problem is that whatever software was used to produce the PDF with classified information hidden had only applied a layer which was easily removed.

People who do not understand the technology they are working with should not have this kind of release authority. And that's the hard part--the higher up you are in the food chain, the less likely you are to understand the new tools your organization is working with.

There are very few users in government who could not do their jobs just fine using Windows 3.11, WordStar 3.x and an e-mail client on a fast but simple machine.

Slaved as the government is to Microsoft's development cycle, however, the government will always be at the cutting edge of compromised.

Re:And cover it correctly... (1)

The MAZZTer (911996) | more than 7 years ago | (#17497634)

I thought of the PDF thing too when I read the article!

Yeah, that's decidedly the exception to this rule.

Un-blurring photos (2, Interesting)

rzei (622725) | more than 7 years ago | (#17497496)

While I acknowledge knowning little about different blurring algorithms could someone enlight a bit how much of "unblurring" can be done? I realize there are some "sharpen" filters in Photoshop and Gimp but AFAIK they all seem to be based on highlighting edges or something like that.

As in the TFA, the Bill Gates picture has a small part of it blurred (his face). Could it be possible to calcute all the possible variations that give the same bitmap as the original when filtered with gaussian blur? What I glanced from gaussian blur page [wikipedia.org] the group including all the possible solutions has to be finite, I guess, while being very huge..

This combined with a monkey (or bored computer user) could "help" refine the patter by selecting the most likely variation until the user is satisfied. Or is this something for which there already exists programs?

Re:Un-blurring photos (1)

sarahbau (692647) | more than 7 years ago | (#17497562)

He isn't un-blurring anything. He is blurring numbers until he gets the same blurred image as the original. I personally don't think it's very likely anyone will do this successfully, as the account number on a check is rarely black. You'd have to know the original color. OK, so it's possible that the same color might be used elsewhere on the check, but I've also never seen anyone use a mosaic blur, which seems to be required for this method (since he said you have to measure the mosaic size). You would also need to use the same font as the check, or you will get different results.

Re:Un-blurring photos (1)

basscomm (122302) | more than 7 years ago | (#17498352)

Your bank number, account number, and sometimes check number are all along the bottom of your check, in a unique font [wikipedia.org] and in my experience always in black.

Re:Un-blurring photos (0)

Anonymous Coward | more than 7 years ago | (#17497600)

The article is about demosaicing a picture, not unblurring it. A mosaic filter is a low pass filter. Blur is what is called a convolution filter. Each new pixel is composed of the weighted pixels in the vicinity of the corresponding pixel in the original picture. The inverse of the process is called deconvolution. It's a very time-intensive task, but it can be done, especially if the blur is artificial and uniform.

Re:Un-blurring photos (1)

gEvil (beta) (945888) | more than 7 years ago | (#17497658)

It's sort of like rot13 encryption. Do it enough times and you're bound to get the same things as what went in. 79 times - nope. 113 times - nope. But dammit, the 186th time works!

Re:Un-blurring photos (1)

mindstrm (20013) | more than 7 years ago | (#17499406)

This depends on your search set size. You can't re-compute a face, but if you knew it was one of 10 people, you could certainly go from there.

If it's the last 4 digits of a credit card number, you know the color and font, and can therefore compute blurs for every single valid combination and see what matches.

Summary of technique (5, Insightful)

pla (258480) | more than 7 years ago | (#17497512)

He basically points out that a blurred mosaic amounts to a form of inexact hash function. While irreversable, if you have a small enough input space, you can exhaustively hash all possible candidates and pick the one(s) that best match the target.

Interestingly enough, while he points out that most financial account numbers contain a degree of error detection and correction, he chooses to use that to reduce the match set, rather than the candidate set. I suppose this would matter if you wanted to prove a hypothesis (if the best match yields a valid number, you have a p=[valid/total]), but if you just want to steal someone's account info, you'd do better to reduce your processing time and just try the best few results in order.

You can actually go one step further with wavelets (4, Insightful)

StandardCell (589682) | more than 7 years ago | (#17497986)

In a lot of advanced image processing where you want to upscale an image, you can actually use a wavelet-based scaling technique that recovers amazing amounts of detail. In most digital TVs these days, they use a two-dimensional polyphase finite impulse response filter tuned for a certain degree of Gibbs phenomenon (ringing around harder edges) versus detail loss. But this has its limits, and it doesn't intelligently reconstruct the image details. In addition, it's notoriously difficult to tune properly for all content.

In contrast, wavelet based scaling can actually reconstruct phenomenal amounts of detail from a degraded image. For digital TV applications where you have DVDs or standard definition content displayed on a high-definition fixed-resolution display, wavelet-based scaling can actually make real details re-emerge where they weren't there before. The bottom line explanation is understanding and interpreting the influence of adjacent pixels with a minimum of error as the article's author demonstrates (although, as the parent post explains, he's going about it in a convoluted way). I've actually seen the preliminary results that some engineers had shown me that makes it look like something a government agency would use to enhance satellite or surveillance camera images. It makes DVDs look almost exactly like HD-DVD or Blu-Ray HD content. In fact, I expressed my concern that this scaling method could be used on digital TVs to actually "unmask" blurred or blocked faces on TV shows and introduce liability issues.

Nevertheless, it is possible to reconstruct a LOT of detail from blocked out or blurred faces or pretty much any content. Doing it in real time on HD resolution displays is a different matter altogether as it requires enormous computing power. But it is coming in the next 3-5 years. If you're really interesting in blocking out content on digital photos, use a solid black color over the part you don't want recognized.

Text Black-Out (0, Offtopic)

sciop101 (583286) | more than 7 years ago | (#17497518)

Lazy Programmers black out text by just makint the background color equal to the text color. Hi-lighting the blacked out text makes the text reappear.

Re:Text Black-Out (1)

Aladrin (926209) | more than 7 years ago | (#17497532)

Not only do you have no idea what TFA is about, you're wrong about what you're talking about as well.

That isn't 'lazy programmers'. That's people trying to up their search engine rank without bothering their customers with a ton of pointless text.

Multiple passes? (1)

RebelWebmaster (628941) | more than 7 years ago | (#17497544)

Wouldn't multiple blurs over the same area also make it much harder to decipher? Yes, [evil person] could apply the affect multiple times as well, but that would be assuming they knew that a) the person had done it more than once and b) how many times they'd actually done it.

sims (0)

Anonymous Coward | more than 7 years ago | (#17497584)

they can do this for the naked people from the sims game too

mod 0p (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17497598)

MaxEnt (4, Informative)

TeknoHog (164938) | more than 7 years ago | (#17497612)

This is a kind of maximum entropy [maxent.co.uk] method, like the unsharp mask in image processing. Basically, if you know the blurring (convolving) function, you can reverse it. There are more sophisticated algorithms for cases where the blurring function is unknown, based on certain regularities; for example motion blur has a fixed direction and magnitude.

Re:MaxEnt (1)

SharpFang (651121) | more than 7 years ago | (#17497958)

Not always. Convolution matrix can be a lossy transform operation. If you're replacing a 5x5 pixels area with medium average of values of pixels contained within ('resolution drop blur') there's no way in hell you could reproduce all 25 pixel values just from the color they've been averaged to. If each pixel is an average of itself and 24 surrounding pixels within 2 pixels range, solution becomes an enormous set of equations, because it depends on unknown values of pixels which depend on its own (unknown) value. It is solvable but not trivial. If the pixels are just displaced by a random factor, you can't reproduce them without knowing the random seed, which was lost long ago. Apply JPEG compression of 95% - and the information is gone. There are many filters that are safe.

Re:MaxEnt (1)

MobyDisk (75490) | more than 7 years ago | (#17498496)

You didn't read the article, which is why you are completely wrong. An unsharp mask cannot recover data from a blur. And knowing the convolving function does not allow you to reverse it. The best you can do is guestimate, which is what the maxent algorithm you linked to does. It does not reverse the function since that is mathmeatically impossible. And the method discussed in the article does not use this approach.

Re:MaxEnt (1)

TeknoHog (164938) | more than 7 years ago | (#17498702)

I did read the article, and I wanted to point out that what they are doing is not entirely new. Their approach is somewhat different than what you usually see, but the idea is basically the same.

I also know that convolution isn't always reversible, but in many cases it is. I've made professional use of deconvolution to cancel motion blur in a well-defined system. In less defined systems you need to use stuff like MaxEnt, but it also assumes that there is some unknown, well-defined convolving function.

maximum entropy (5, Informative)

localoptimum (993261) | more than 7 years ago | (#17497640)

This kind of problem is indeed quite easy to solve with a good algorithm. It's a hard(!) inverse problem, meaning that there are many possible model solutions (guessed number combinations) that match your data (pixels). The weakest link is knowing exactly the blurring algorithm that was used.

In the real world, data is imperfect and noisy, so the article is thus far correct. What is not correct is simply to pick the data with the nearest match, because it's a best match to the noise also. Maximum entropy is one algorithm which gives you a probabilistic answer, i.e. "the chances that this particular combination is the right one is [whatever] percent". You then pick the most likely one. Astronomers use this technique all the time for removing the blur and diffraction on their images. I personally use it regularly for nuclear spectroscopy, and it's absolutely solid if you use it carefully.

mod' uP (-1, Troll)

Anonymous Coward | more than 7 years ago | (#17497654)

peoplje already; I'm BEen the best, what provides the From the OpenBSD

Cut the number out (1)

Elentari (1037226) | more than 7 years ago | (#17497656)

In that example, as the background is one solid colour, it would be easy to protect it by cutting out the number and filling the space in with white. If the image doesn't have the number in it, no one can take it out.

I see that this would be harder with people's faces; there'd be a lot of headless people in photos.

Re:Cut the number out (1)

dheera (1003686) | more than 7 years ago | (#17497862)

you can still do this even if your background isn't one solid colour :) unless of course you're obsessed by the looks of a box over your check online, but i'd be more concerned about my data than how my check looks online. if you're trying to prove a point, such as winning a million dollars, i think it's less credible if you can so skillfully edit out the numbers to make it look like the rest of the background, than just take a picture and draw a box over what you want to hide, leaving everything else unedited.

Re:Cut the number out (1)

Lussarn (105276) | more than 7 years ago | (#17497864)

This isn't really about getting the picture back, but getting the data (in this case numbers) back. If there is a 4 number sequence you only have 10000 possibilities, On a face you would have billions of possibilities.

Hand Written Checks (2, Funny)

Joebert (946227) | more than 7 years ago | (#17497728)

This is precisely why I hand write all my checks with a sharpe marker, here's an Example [mises.org] .

Fragment-based image completion/reconstruction (2, Informative)

Oddscurity (1035974) | more than 7 years ago | (#17497764)

Daniel Cohen-Or [tau.ac.il] manages something I consider far more interesting. Take for instance this PDF about image reconstruction [tau.ac.il] .

There's quite a few more impressive papers on his page, for those interested in graphics.

PDF Files (1)

DigitalRaptor (815681) | more than 7 years ago | (#17497914)

This reminds me of when a company sent out a PDF file with a lot of very sensitive information covered in black, but it was done with a black box in Acrobat.

If you read it on screen or printed it out, it worked as they expected. But when you selected the text and copy and pasted it somewhere else, you could read every bit, including the names and details they thought were obscured.

Re:PDF Files (1)

NevarMore (248971) | more than 7 years ago | (#17498492)

That wasn't just a company, that was the US government.

Dont waste time bluring stuff, erase it. (1)

jonwil (467024) | more than 7 years ago | (#17497950)

See that little icon on the toolbar that looks like an eraser. Click it and then drag it over the area you want to remove (the credit card number or whatever else). The information is gone and there is no way to bring it back.

Re:Dont waste time bluring stuff, erase it. (1)

kyknos.org (643709) | more than 7 years ago | (#17498264)

if the layer has alpha, it may be even less secure than blurring :) not a problem when using plain jpegs, of course (but may affect png)

Mathematically speaking, a blurred image... (1)

exp(pi*sqrt(163)) (613870) | more than 7 years ago | (#17498004)

...contains almost the same information as the original. Consider a 1D example with a sequence of pixels:
1-10-20-5-8-10
Now perform a simple blur by averaging each pixel withh its neighbors (padding with zero at edges):
3.7-10.3-11.7-11-7.7-6
Suppose we lose the original. Note that we have still have 6 values and we know the equation that generated each one. So we have 6 equations in 6 unknowns, and we can solve. (In real life blurs are more complex, but in practice they are still linear, including blur from camera defocus.) The catch is numerical error, especially if there's quantization. But it's not beyond the realm of possibility to solve these equations and there are countless published 'deconvolution' algorithms out there.

"But, really..." (3, Insightful)

solitas (916005) | more than 7 years ago | (#17498086)

(from about 2/3 down the page):
So yes, I used an image against itself and designed it to work here. But the algorithem can surely be improved to work on real stuff. I don't have the time nor desire to improve this any further, though, because I'm not the one after your information.

Yeah, like: surely someone else can make it work - I've only described a fantasy in an article that'll work only under fabricated examples and circumstances and I don't want to put myself in a position of proving it unworkable in general use.

Holliwood was right after all (0, Offtopic)

PietjeJantje (917584) | more than 7 years ago | (#17498308)

Endless magnification, not such a stupid concept after all.

Next, computers will have huge letters, beep whenever you press a key, an Override function for those pesty Permission Denied errors, and in general be Apples.

Whoops... (0)

Anonymous Coward | more than 7 years ago | (#17498592)

Just accidentally moderated someone Overrated instead of Funny. Posting to get rid of it.

Crop (1)

electronerdz (838825) | more than 7 years ago | (#17498598)

Why not just crop the image [hutta.com] ? Oh wait...

This would only work if you know the exact setting (1)

KnightMB (823876) | more than 7 years ago | (#17498640)

Long ago, I posted up a picture about Vonage 911 and a screenshot for dslreports.com long ago.
You'll find it here:
http://www.dslreports.com/r0/download/800075~433b0 c31ec1520970b77229393b7d713/vonage.png [dslreports.com]

Now, unless you know what mosaic settings I used, I don't see anyone cracking these numbers anytime soon. I think this sounds good in theory, but no good in practice unless everyone is using the exact same software to do the mosaic modification.

Easy solution pt2 (1)

SuperStretchy (1018064) | more than 7 years ago | (#17498732)

Import the picture into PS or Fireworks and then draw the black lines on top. Save as the program-specific proprietary format. Upload to teh internets.

Similar to the pfd layers issue, but more readily viewed and edited.

Not blur, pixelation (1)

Animats (122034) | more than 7 years ago | (#17498806)

First, this isn't blur, it's pixelation, with big pixels. That's not the same as blur. True blur, like Gaussian blur in Photoshop, doesn't actually destroy that much information. After Gaussian blurring, each pixel has a unique value, but it's a linear combination of values from nearby pixels. There's almost as much information as before blurring; the only true losses are from rounding. That's a reversible process. [nist.gov]

Pixelation, though, substantially reduces the amount of information in the image. Before, each pixel had a unique value. After, only each square has a unique value. So information really has been destroyed. However, if, after pixelation, the target object to be identified still has several pixels, some kind of attack might work. You need to use big enough pixel blocks that multiple target objects (like three or more letters or numbers) map to a single block. Of course, visually this will lose you the "there's sort of some number there but I can't make it out" look.

Pixelation with some crypto-grade noise added would probably solve the problem. (Remember, if the attacker can predict the noise algorithm, it doesn't help.)

first off.... (1)

lordvalrole (886029) | more than 7 years ago | (#17498812)

I rarely ever see someone use mosaic filter applied to something like a check or a credit card. I am sure it happens but it is pretty rare. Also if someone really likes the mosaic effect but thinks someone really wants to spend time trying to deal with it...then you can always use the smudge tool in and sweep it across the numbers before applying the mosaic effect or even after the effect. There is no way anyone will read that. Or you could just completely black it out which would be the optimal choice. Not too mention you could mosaic a mosaic to give you a different set of values which makes the so called "script" invalid.

Re:first off.... (1)

dheera (1003686) | more than 7 years ago | (#17498860)

Here's a once-top story on Digg.
http://digg.com/offbeat_news/How_much_was_this_che ck_written_for [digg.com]
Google image search will give you tons more examples... not just of checks but people block all kinds of things. Scanned bills, paystubs, etc. and mosaic parts of images.

I use the smudge tool in Gimp (1)

screeble (664005) | more than 7 years ago | (#17498996)

Recently, I scanned and placed 20+ pages of my old high school writing on my blog to provide continuity between some old diary entries I had converted to blog and my current blog entries.

I didn't edit the pages much but I did obscure signatures and addresses on the top of some of the pages as some of my poems were submitted for publication in a local zine.

I first tried block selecting and pixellating the text I wanted to obscure with Gimp.

I wasn't happy with the results as there seemed to be a lot of clues left behind that might enable someone to reverse engineer the text.

So, I decided to undo the pixellating and picked the smudge tool instead.

Since you control the H&V coords for the dragging tool manually It's like scrubbing crayon off a wall.

Just scrub until the data is gone.

Seems to me that this is a much safer way than pixellation to strip out unwanted data while still leaving the suggestion of text in the image.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?