Blurring Images Not So Secure

An anonymous reader writes "Dheera Venkatraman explains in a webpage how an attacker might be able to extract personal information such as check or credit card numbers, from images blurred with a mosaic effect, potentially exposing the data behind hundreds of images of blurred checks found online, and provides a ficticious example. While much needs to be developed to apply such an algorithm to real photographic images, he offers a simple, yet obvious solution: cover up the sensitive information, don't blur it."

Japanese porn

[Boccaccio]

Will this work on Japanese porn too? My friend wants to know.

Re:Japanese porn

Yes, it works even better on animations. Algorithmically it's a time-resolution tradeoff. You can buy deblockers on the Japanese market.

Re:Japanese porn

It does but everything comes out sideways. You'll need the flip 180-filter to get the footage back to what you're used to seeing.

Re:Japanese porn

[1u3hr]

Try GMask. This method of mosaic masking is often used to make the images legal for Japanese webpages, yet allow perverts to recover the original image.

Now cue about 50 posts talkng about the "CSI Photoshop enhance plugin".

Re:Japanese porn

Only on Slashdot would this man's question get an informative reply. I now remember why I've wasted 9 years of my life browsing this site. Thanks!

Re:Japanese porn

http://homepage3.nifty.com/furumizo/l_gmaskd.htm
And source code for linux. Untranslated, inconveniently.

Re:Japanese porn

Translation aside, looks like it needs `gnome-config --cflags gnome` instead of `gtk-config --cflags`
in Makefile at a bare minimum.
And a lot of cleanup in general.

Re:Japanese porn

[Fred_A]

Translation aside, looks like it needs `gnome-config --cflags gnome` instead of `gtk-config --cflags`
in Makefile at a bare minimum.
And a lot of cleanup in general.

Witness the power of Open Source as it is unleashed in Real Time when faced with a pr0n related problem !

Re:Japanese porn

Vous avez votre lat/lon dans le LOC de votre site aussi?
host -t LOC yahoo.com

Re:Japanese porn

[Tablizer]

Will this work on Japanese porn too?

Only if the number of possible cunts is fixed and known.

Re:Japanese porn

[Tablizer]

Witness the power of Open Source as it is unleashed in Real Time when faced with a pr0n related problem !

A new ad compaign: "Go with the Penguin, it can do pr0n better than the Gat35."

Re:Japanese porn

[mrmeval]

That's just funny. The source actually compiles on Linux but I have no idea how to use it.
I always thought porn was for hiding Soviet spy messages. I suppose pictures could hide horse porn with steganography.

Re:Japanese porn

[alphamugwump]

Right. Witness the single-keystroke cache-clearing abilities of firefox. Also, they refer to their image rendering library as "libpr0n"

Re:Japanese porn

[redcane]

You know I think I am ashamed that I get that joke. But now I'm trying to remember the source of that particular mythic factoid. (It's a movie right?)

Re:Japanese porn

[q-the-impaler]

Got no clue, but I once hooked up with a Phillipino girl in college and all my friends asked me about referenced joke. I didn't know there was a cult following.

No really, I really did hook up with a Phillipino girl, but that was before I declared CS as my major.

Re:Japanese porn

[FrozenFOXX]

Well you know the saying, given enough eyes no problem is too bi-...

You know, maybe we should just leave that saying alone this one time.

Re:Japanese porn

[bhiestand]

Got no clue, but I once hooked up with a Phillipino girl in college and all my friends asked me about referenced joke. Actually, the funny part is that what you said was twice as funny as what you meant. Being a former Spanish colony, Filipino refers to a male from the Philippines, and Filipina refers to a female from the Philippines. I don't think any filter, 180 included, can repair the damage caused by accidentally sleeping with a lady boy.

Re:Japanese porn

[TheoMurpse]

Only the unwashed masses come for those. The truly educated elite? Well, we come for the Natalie Portman hot grits jokes.

Speaking of Slashdot memes, do GNAA trolls still show up? I haven't browsed below +4 in a year, so I'm not entirely sure.

Re:Japanese porn

[TheoMurpse]

Only if the number of possible cunts is fixed and known.

Somehow, I feel like I'm not reading Slashdot. Did the channel get changed over to MTV's New Year's Countdown (language NSFW)?

I hereby dub Tablizer the John Cleese of Slashdot. I've never seen anyone use that word here before (John Cleese said "fuck" during his eulogy of Graham Chapman at the televised funeral, and allegedly was the first to use the f-bomb on TV, or something like that).

Re:Japanese porn

[EricTheO]

One word Merkin! http://www.merkinworld.com/

Re:Japanese porn

[Attrition_cp]

Yes.

Re:Japanese porn

[q-the-impaler]

HAHA! Like I said, it was just a hook up <grin>

I'll just be careful to never tell that story so as to not screw it up again. Got lots more, though. Being an RA on a freshman floor sure did diversify the available and willing gene pool. Then I majored in CS and that pool evaporated.

and please...

[macadamia_harold]

While much needs to be developed to apply such an algorithm to real photographic images, he offers a simple, yet obvious solution: cover up the sensitive information, don't blur it."

And please, when you cover the information with black bars, use Adobe Acrobat. (this solution brought to you by the CIA)

Re:and please...

[solafide]

If you don't remember or want a refresher on what happened, the original article is at http://it.slashdot.org/article.pl?sid=06/06/22/138 210 . It's worth bookmarking in case you ever need to do the same yourself.

Re:and please...

[FLEB]

Actually, if you look at the box for Acrobat 8 (USA, YMMV) they list "Secure redaction" as a bullet-point on the back of the box. Apparently they've put in a feature that allows you to select text and actually delete it underneath the redaction bar. Another blow struck in the battle for information transparency via stupidity.

Sqinting Works

[bmsleight]

Squinting your eyes also works.

Re:Sqinting Works

[jones_supa]

Squinting your eyes also works.

It really does. Some of the codes are so lightly blurred that they can be interpreted with only bare eyes.

Re:Sqinting Works

[Oddscurity]

Either that, or you end up seeing a 3D schooner.

Re:Sqinting Works

[Emetophobe]

Squinting your eyes also works.

What else would you squint?

Re:Sqinting Works

[iamblades]

Ha ha ha ha. You dumb bastard. It's not a schooner... it's a Sailboat.

Re:Sqinting Works

[zippthorne]

No it's not. It's a matrix of cones and spheres. or.. well.. half-spheres, since obviously you can't see the back of 'em to know for sure. Just pause the DVD on any SD screen.

Re:Sqinting Works

[markild]

If you can hear me through that wooshing sound of the joke going over your head, take a look at this

Re:Sqinting Works

[ThogScully]

And you missed his joke. The picture from the movie wasn't a sailboat. I remember stopping it at some point to see the image and it was a random picture of geometric shapes or something.
-N

old news - I see this on TV every day.

[gbjbaanb]

damn right. I see this happening on CSI all the time, the licence plate, blurred, reflected in a window, with someone standing in front of it.. just 'clean up the image', and bobs your uncle - one licence plate revealed clear as day. :)

Re:old news - I see this on TV every day.

[Dachannien]

It's hilarious every time they do this. They start with a picture of some guy's face from 500 feet away that looks like a big skin-colored blur, and by the time they're done enhancing it, you can see right up the guy's nose. Of course, they want to keep it realistic: to show that you can only enhance an image so much, his nose hairs are slightly pixelated.

Re:old news - I see this on TV every day.

[eneville]

CSI is the *worst* program on the TV for anything forensic related. If you forensics something better in the UK such as postmortem, murder detectives and the like is far better to find out how people are killed in their own homes.

Re:old news - I see this on TV every day.

[1u3hr]

Of course, they want to keep it realistic:

Whichis why it uses the authentic photpenhance sound effect as the image appears in rows, like dot matrix printer. Us imaging professionals see that every day.

The weird thing is that they must have a whole staff of highly qualified computer geeks who do their effects who could tell them this was bullshit.

Re:old news - I see this on TV every day.

[kfg]

The weird thing is that they must have a whole staff of highly qualified computer geeks who do their effects who could tell them this was bullshit.

It isn't weird at all if you understand that Jerry does this stuff because it's bullshit; and why.

KFG

Re:old news - I see this on TV every day.

[rednip]

I see this happening on CSI all the time Yea, and I see time and space travel on TV all the time too. CSI doesn't pretend to be anything more than fiction and expecting a TV show to be more realistic just because it's popular is like expecting blog writers to be accurate, it's nice when it happens, but I don't expect it.

Re:old news - I see this on TV every day.

[radtea]

The weird thing is that they must have a whole staff of highly qualified computer geeks who do their effects who could tell them this was bullshit.

You need to realize that CSI is science fiction masquerading as a cop show. Their impossible tricks with image processsing and the like are the show's equivalent of FTL travel. But despite having miraculous technology, they actually get the method and attidudes of science right, at least on the original series. They look at the evidence, and struggle to overcome their prejudices regarding what they would like to be true. Sometimes they follow false trails, and have to accomodate new facts by discarding the theory they've built up so far.

Gil Grissom may be the only character in TV history who actually behaves more-or-less like a real scientist.

Re:old news - I see this on TV every day.

Gil Grissom may be the only character in TV history who actually behaves more-or-less like a real scientist.

Duh, that's because he IS a real scientist on the show. I'm on the edge of my seat waiting for him to get back and open that box with the new miniature-killer scene in it though! They had wrapped that plot so nicely with the train dude, but now so many questions!

Re:old news - I see this on TV every day.

[1u3hr]

They look at the evidence, and struggle to overcome their prejudices regarding what they would like to be true. Sometimes they follow false trails, and have to accomodate new facts by discarding the theory they've built up so far.

I suppose that's one way to look at it. For me, I gave up after the first season. The "false trails" thing just became a cliche; you KNOW that it's never the one or how who it seems to be first; that's always a red herring. And the complete unreality of the CSI geeks going around with guns, interrogating people, being action heroes, made it harder to suspend disbelief. Actually, I think the X-Files got procedure more realistic.

Re:old news - I see this on TV every day.

[ScrewMaster]

Ah yes .... the patented CSI "reverse algorithmic". That one earned a chuckle from me.

Re:old news - I see this on TV every day.

[Hotawa+Hawk-eye]

Unfortunately, there are plenty of people who think of CSI as science fact, and when they get on juries they expect both sides to have CSI-like evidence.

Re:old news - I see this on TV every day.

[sahonen]

The weird thing is that they must have a whole staff of highly qualified computer geeks who do their effects who could tell them this was bullshit. If said geeks were right in the room with the script writer I would agree with you, but they don't come in until after the show's already been shot.

Re:old news - I see this on TV every day.

[JazzLad]

Gil Grissom may be the only character in TV history who actually behaves more-or-less like a real scientist. When I read this, I immediately thought that X-Files did a more realistic job, ironic given the subject matter.

Re:old news - I see this on TV every day.

Really they don't portray anyone as a cop/interrogator/investigator on the original CSI show. Mostly they just investigate, sometimes they interrogate the suspect. Don't see them with guns very often.
What bothers me more is their excessive flashlight use and inability to, oh, you know, TURN ON THE FUCKING LIGHT SWITCH.

You just have to accept the fact that its a TV show and it won't be 100% scientifically accurate.

Re:old news - I see this on TV every day.

[jandrese]

You know, that may not be an entirely bad thing. Having juries that expect the prosecutor to have some evidence beyond a couple of sketchy eyewitnesses would clear up a lot of the false imprisonments in this country. Eyewitness testimony is so unreliable that there is a strong argument for disallowing it.

Of course there is a problem with people taking it to extremes and wanting perfect photographic evidence, but overall I think Juries have been too lenient on what evidence they'll convict on.

Re:old news - I see this on TV every day.

I'd imagine they don't turn on the lights because flipping the light switch may harm evidence. And even if that isn't the case in one particular circumstance, they do it out of habit.

Re:old news - I see this on TV every day.

[AnotherBrian]

Tripping over a table can fuck up a lot of evidence too.

Re:old news - I see this on TV every day.

[pvt_medic]

But then they are able to extract from the picture a reflection in someone eye to see who is behind the photographer. Good stuff, I am obviously an unskilled photoshop user.

Re:old news - I see this on TV every day.

[aussie_a]

Its actually quite easy to tell if they've caught the real killer. "Does the show have 20 minutes or less out of 1 hour to go? If yes, probably the right killer. If no then the wrong killer. If the show has 10 minutes or less then it is definitely the real killer."

Re:old news - I see this on TV every day.

[aussie_a]

CSI is the *worst* program on the TV for anything forensic related. And I kid you not, the Queensland police in Australia used it as a teaching aid on what to do. I shit you not.

Re:old news - I see this on TV every day.

[kbjorklu]

I agree that it's hilarious, every time.

However, it is possible to "sharpen" blurred images, if you have more than one (differently) blurred image of the same object. Then each blurred image contains different information, and with suitable assumptions about the blurring mechanism you can reconstruct a sharper image.

I had to do this at school a couple of years ago, and it seems they still give the same assignment: http://www.cis.hut.fi/Opinnot/T-61.5040/Htyo2006/o mm06_project.pdf . The idea is to construct a Bayesian model, and feed several blurred images to it. The model assumes that blurring works so that each blurred pixel is a weighted average of the high-resolution pixels surrounding the center of the blurred pixel, and some white noise of course. Obviously the exercise is quite elementary, but the idea is solid.

If we were really, really optimistic about CSI, maybe the surveillance cameras have a low resolution, but a high framerate, and the criminals/cars/whatever typically stand still for long periods of time. Then it would actually be possible to do what they do! :)

Re:old news - I see this on TV every day.

[Slightly+Askew]

You obviously haven't watched it this season. The number of cases that roll over from one episode to the next has greatly increased this season. As a matter of fact, the one running plot (the miniature killer) that spanned, I believe, more than 4 or 5 episodes, which they neatly tied up a couple weeks ago, appears to have resurfaced in the season opener.

Re:old news - I see this on TV every day.

[twosmokes]

I may be remembering the show wrong (I haven't seen it since season one), but I seem to recall a lot of Gil "knowing" who did it then finding evidence in order to say "I told you so". That was one of the reasons I quit watching.

Re:old news - I see this on TV every day.

[aussie_a]

I'm in Australia so nope, haven't seen it yet :)

Re:old news - I see this on TV every day.

[radtea]

What bothers me more is their excessive flashlight use and inability to, oh, you know, TURN ON THE FUCKING LIGHT SWITCH.

Relief. Shadows. Focus of attention.

Impossible!

You do realise that an algorithm to "un-blur" a blurred image is a total waste of time, right? There's no way for the algorithm to know how many times and in what various directions I blured the image - or if I added/deleted text before blurring. It's like a virus for Linux.. no one writes it because it's a waste of time. Leave it to slashdot to post bullshit.

Re:Impossible!

[dheera]

the problem is more the fact that so many people on the internet use just a simple mosaic to do blurring. i can cite enough examples from google image search if i wanted to. others resort to applying a motion blur effect just once which can be reversed by deconvolution if it's not blurred enough. if you use the smudge tool, good for you, i don't think there's a good way to reverse that. the problem is that blurring and mosaic techniques are simple, consistent transformations, while smudging is not.

Re:Impossible!

[KDR_11k]

The idea is not to reconstruct arbitrary information from a blurred image, it's to "decrypt" text that was blurred.

Re:Impossible!

[ben+there...]

I really don't get why people post sensitive information on the web in any form. The example in the article shows a "Sample" check. Then mentions something about a real check involving winning 1 million dollars.

So, if you blurred it, you must have edited the photo. So in no way does a photoshopped photo prove you won a million dollars. Completely blanking out (with pure white, pure black, a texture, etc) the image proves just as much as the blur. WTF is the point? By contrast, PDFs and DOC files requires understanding the format and taking the necessary precautions to delete sensitive data. But images and text files are easy to completely remove data.

If it is more the screenshot/example/illustration type of image, why not remove the data and replace it with a photoshop text box containing invalid numbers? The font doesn't even need to match. Who cares? Doesn't matter. Similar to chain letters and internet hoaxes, I don't think I'll ever understand why people do stupid stuff like this.

Re:Impossible!

[mustafap]

Personally, I just replace the part to be hidden with an image of a similar type. For example, in all my pictures of porn or gratuitous violence I replace the heads of any identifiable individuals with that of Bill Gates. Works great ( well, apart from the porn )

Re:Impossible!

A man with Bill Gates fetish.
Now i've seen everything.

Re:Impossible!

[TheSpoom]

Did you read the article? (Yeah, I know, this is Slashdot.)

Dude was effectively talking about a dictionary attack on the blurred information; he was treating it as a one-way hash and was at no time attempting to decrypt the information. What he was doing was reencrypting (reblurring) every possible combination possible on the image in question and seeing which one was closest. For a mosaic effect like the one he described (which is used quite frequently), it seems to be pretty effective.

Re:Impossible!

[jbengt]

For an intentionally blurred image that's done right, it's not useful. But for a poorly done mosaic, some useful info may be retrievable.
I don't think the poster's scheme is plausible in real life, for one thing, you have no way of exactly matching up the resolution, zoom level, brightnesses, contrasts, position of the original text image, making his dictionary attack-style algorithm much harder.
But, slightly off-topic, in real life blurring is usually caused by something like bad focus, camera motion, aggressive quantization. It is plausible to get a more viewable image and extract some useful information by "un-blurring".
Still, one needs to understand, that after running an image enhancement, the resulting image will typically hold less information than the original, and at best will hold the same amount of information. The usefulness of enhancment is in presenting the information in a way the human eye can see.

Re:Impossible!

[Inquisitus]

RTFA. He's not suggesting an un-blurring technique.

Re:Impossible!

beg me pardon, but a virus for linux is possible the same way - its called user. no users, no problems with uptime.

users as root may execute any crap they like. if they do execute that stuff, they are fsck`ed. happens all the time. same is true for the pix.
if you blur it up to square inch mosaik blots, on a photo-size pic, its save. anything less is exceedingly less safe with smaller pixel size.
now cry me a river ans start using a really _trusted_ OS. and stop browsing intervirusnet.

Re:Impossible!

[duckpoopy]

You do realize that you are completely wrong, right. There are many approaches to blind deconvolution. Many of these techniques are quite old. Although it is a difficult problem, it is not cutting-edge stuff.

Re:Impossible!

[nacturation]

So, if you blurred it, you must have edited the photo. So in no way does a photoshopped photo prove you won a million dollars. Nor does coming over to your house to show you the actual million dollar check prove that I won it either. For all you know, I might have printed that one myself on my new color laser printer. Of course, I could deposit it and show you my online bank balance. But maybe I've setup some kind of strange proxy which does a man-in-the-middle with the bank and replaces a deposit for $100.00 with one for $1000000.00 instead. Or I could take you with me to the bank and deposit it with the teller. But maybe the teller is a friend of mine and is colluding with me just to pull a prank on you.

Maybe it doesn't work as proof. But putting an image online, ideally in conjunction with some kind of third-party information, functions as decent evidence.

Re:Impossible!

I'd like to see examples of random google image search images and the results of unblurring techniques.

Re:Impossible!

[Kjella]

A mosaic works perfectly, because it's lossy and one-way as hell. Take a 3x3 pixel block that is like
100 120 140
110 130 150
120 140 160
becomes
130 130 130
130 130 130
130 130 130
and there's no information here that can be recovered about the distribution. The only thing that happened here was that he conviently choose a block size and low-information data which essentially mapped 10 possible values (images of 0-9) to 256 shades of gray. Obviously, you can now find that there's one shade per number. In a photo there's more like (blocksize)^2x16,7mio possible values, and no way to guess which is the right one.

Re:Impossible!

Not totally true - see

http://en.wikipedia.org/wiki/Blind_deconvolution

Re:Impossible!

Well, considering this article was posted, I knew there must be somebody who qualifies as that idiot. Thanks for clarifying.

how about a big DUH.....

[p51d007]

Anytime I post a picture, such as a car with a license plate, I BLANK out the numbers/letters with three colors, a block of white, then a block of silver, then a block of black. Not layers, just the colors.

Re:how about a big DUH.....

I am confused as to how this three-color method protects any better than just applying that final black bar.

Re:how about a big DUH.....

What would be wrong if you blanked out the numbers with just one color?

Re:how about a big DUH.....

[creysoft]

Whoooooosh....

He was parodying the massive level of ignorance this thread is displaying about Photoshop, and image processing in general.

Re:how about a big DUH.....

[KDR_11k]

He left the opacity slider at 80%

Re:how about a big DUH.....

[jez9999]

For those of us who don't get this joke, could someone please explain what is funny about it??

Re:bars

You basically repeated the article adding less information. Amazing.
Pixelate is exactly what he was demonstrating.
Early comments on /. are always blatant attempts to pass off 30 seconds of keyboard pounding as intellect to eke out a few moderation points.

Blurring CAN be secure

[doktorstop]

Blurring can be made secure, if the picture is blurred or pixelated) to the maximum. Then no one can see the original numbers any longer, therefore creating the highest possible degree of security.

Re:Blurring CAN be secure

[dheera]

not always true. while it's reasonably good today, some day in the future, if we have 16-bit color channel depth ever become a standard (a 16-bit tiff for example), there will be enough data maintained at the edges of the blurred region to reconstruct the data. all you have to do is FFT the region, divide by a gaussian, inverse FFT, then keep repeating for different gaussians - this will basically divide out the system function used for blurring. 8-bit channels of today don't quite make it practical resolution-wise, but just a heads up so you don't get a false sense of security.

Re:Blurring CAN be secure

[Yetihehe]

To cite one quote: Any sufficiently blurred image is indistinguishable from covered image.

Re:Blurring CAN be secure

[1u3hr]

Blurring can be made secure, if the picture is blurred or pixelated) to the maximum. Then no one can see the original numbers any longer, therefore creating the highest possible degree of security.

Please, RTFA. If you know these are numbers and the font (as on a credit card) that means you only have to get 10 levels of grey to have an excellent chance of working each digit out. You can't "see" it, but the information is there. Just use the eyedropper to select one colour, then paint over it.

Re:Blurring CAN be secure

[Cpt.+Fwiffo]

Did you actually read the article?
the idea is that in (quite a lot) of cases, it is possible to do a brute force attack against the blurring (which is what is being described).
The blurring function can be thought of as a hash function. if the hash function is known (which is quite probable) and the dataset over which the hash occurs is known (say, a string of up to 20 numbers), it can be brute forced (nothing new here, but that's the actual thing)

However good blurring is, it is still comparable to a hash function. As such, as long as the underlying dataset over which it hashes is small, a brute force attack can simply hash all possible values of the dataset, compare it to the original, and see what the actual value probably (barring collisions) was.

Think. Then think some more. Blurring might work on a sufficiently large dataset. But it's similar to you having to guess my password, which I'll just give you the MD5 hash of, and, oh wait, it's no longer then 8 characters. You'll brute force it if you want to. Even if it's ^#`D_,Hy (or something similarly silly).
If you blur an entire page, then all of a sudden the dataset has become much larger (and probably out of brute-force range, although even that might not be the case: similar to cryptography you might be able to make out seperate words, and crack those, quickly reducing the number of total characters to separate strings instead.

And of course, yes, blurring can work. Mark everything black (or white). it's the uberform of blurring. and that works. But that's not what's being done mostly, and it *is* what *should* be done. It's just shown that this is bad security thinking. REALLY bad security thinking.

Re:Blurring CAN be secure

Thanks for putting that in cleartext, pal. Now I have to reset all my passwords...

Re:Blurring CAN be secure

[NiceRoundNumber]

There are even better ways to undo a smudge or motion blur. The linked process takes about an hour to compute, but gives impressive results... I give it three years til it shows up in Photoshop.

The mosaic effect cannot be directly deconvolved the same way; the approach in the article is based on a priori knowledge of the original image, which greatly constrains the problem and makes it well-posed. The basic reason it works is that different numerals use different amounts of ink, a property which is not completely destroyed by blurring or mosaicing. An approach such as this one (scroll down to Figure 8) would solve this problem, and also make documents less readable by someone looking at them from further away.

Re:Blurring CAN be secure

[John+Hasler]

Seems like it would be less work to just change the number.

And cover it correctly...

[haakondahl]

An unclassified report was released with information blacked out to make it unclassified. The problem is that whatever software was used to produce the PDF with classified information hidden had only applied a layer which was easily removed.

People who do not understand the technology they are working with should not have this kind of release authority. And that's the hard part--the higher up you are in the food chain, the less likely you are to understand the new tools your organization is working with.

There are very few users in government who could not do their jobs just fine using Windows 3.11, WordStar 3.x and an e-mail client on a fast but simple machine.

Slaved as the government is to Microsoft's development cycle, however, the government will always be at the cutting edge of compromised.

Re:And cover it correctly...

[The+MAZZTer]

I thought of the PDF thing too when I read the article!

Yeah, that's decidedly the exception to this rule.

Un-blurring photos

[rzei]

While I acknowledge knowning little about different blurring algorithms could someone enlight a bit how much of "unblurring" can be done? I realize there are some "sharpen" filters in Photoshop and Gimp but AFAIK they all seem to be based on highlighting edges or something like that.

As in the TFA, the Bill Gates picture has a small part of it blurred (his face). Could it be possible to calcute all the possible variations that give the same bitmap as the original when filtered with gaussian blur? What I glanced from gaussian blur page the group including all the possible solutions has to be finite, I guess, while being very huge..

This combined with a monkey (or bored computer user) could "help" refine the patter by selecting the most likely variation until the user is satisfied. Or is this something for which there already exists programs?

Re:Un-blurring photos

[dheera]

(see above) http://it.slashdot.org/article.pl?sid=07/01/07/135 2242&threshold=-1

Re:Un-blurring photos

[sarahbau]

He isn't un-blurring anything. He is blurring numbers until he gets the same blurred image as the original. I personally don't think it's very likely anyone will do this successfully, as the account number on a check is rarely black. You'd have to know the original color. OK, so it's possible that the same color might be used elsewhere on the check, but I've also never seen anyone use a mosaic blur, which seems to be required for this method (since he said you have to measure the mosaic size). You would also need to use the same font as the check, or you will get different results.

Re:Un-blurring photos

The article is about demosaicing a picture, not unblurring it. A mosaic filter is a low pass filter. Blur is what is called a convolution filter. Each new pixel is composed of the weighted pixels in the vicinity of the corresponding pixel in the original picture. The inverse of the process is called deconvolution. It's a very time-intensive task, but it can be done, especially if the blur is artificial and uniform.

Re:Un-blurring photos

[gEvil+(beta)]

It's sort of like rot13 encryption. Do it enough times and you're bound to get the same things as what went in. 79 times - nope. 113 times - nope. But dammit, the 186th time works!

Re:Un-blurring photos

[basscomm]

Your bank number, account number, and sometimes check number are all along the bottom of your check, in a unique font and in my experience always in black.

Re:Un-blurring photos

[mindstrm]

This depends on your search set size. You can't re-compute a face, but if you knew it was one of 10 people, you could certainly go from there.

If it's the last 4 digits of a credit card number, you know the color and font, and can therefore compute blurs for every single valid combination and see what matches.

Re:Un-blurring photos

Wow, I may know something about this. My I took some Masters courses back in 88 and we did a ton of deblurring. I haven't had to do it for nearly 20 years but I doubt the science has changed much.

As I recall if the process to blur was linear and time invariant (like it would be with a lens focus problem) and you have a large enough sample of the blurred image you chop the sample into small pieces, find the average power spectra of the pieces and subtract that from the average power spectra of orignal image. The only thing the sub pieces have in common with the original is the blur.

I remember doing this on an image that was a photo of page that contained a handwritten message (that said "if you can read this then you have properly deblurred the image"). It was totally unreadable (you almost couldn't even tell there was writing on it). Afterward it was totally readable.

Wow, my adviser was really just using me to figure out how to deblur checks!

Summary of technique

[pla]

He basically points out that a blurred mosaic amounts to a form of inexact hash function. While irreversable, if you have a small enough input space, you can exhaustively hash all possible candidates and pick the one(s) that best match the target.

Interestingly enough, while he points out that most financial account numbers contain a degree of error detection and correction, he chooses to use that to reduce the match set, rather than the candidate set. I suppose this would matter if you wanted to prove a hypothesis (if the best match yields a valid number, you have a p=[valid/total]), but if you just want to steal someone's account info, you'd do better to reduce your processing time and just try the best few results in order.

Text Black-Out

[sciop101]

Lazy Programmers black out text by just makint the background color equal to the text color. Hi-lighting the blacked out text makes the text reappear.

Re:Text Black-Out

[Aladrin]

Not only do you have no idea what TFA is about, you're wrong about what you're talking about as well.

That isn't 'lazy programmers'. That's people trying to up their search engine rank without bothering their customers with a ton of pointless text.

Re:bars

[eneville]

and what is wrong with saying "i agree" to the article. this is a public forum for people to voice opinions, if you think that is wrong, just set the widget to show comments rated +5.

Multiple passes?

[RebelWebmaster]

Wouldn't multiple blurs over the same area also make it much harder to decipher? Yes, [evil person] could apply the affect multiple times as well, but that would be assuming they knew that a) the person had done it more than once and b) how many times they'd actually done it.

Re:Multiple passes?

Maybe.

You would have to be careful to make sure that when you apply the second blur to the first blur, that you don't end up with something that looks a lot like just applying to second blur to begin with. That can be like applying a cypher to something that has a cypher applied to it... the person trying to break the cypher doesn't even need to realize there's a middle cypher, he can go straight from the what he has to the end result.

Re:Multiple passes?

[phantomcircuit]

As several other people have pointed out the blur effect is simply a hashing function.

A fundamental of cryptography is that the algorithm will be known by the attacker, that only the key is unknown.

So no multiple passes would not stop the attack from succeeding (it may slow it down however).

Re:Multiple passes?

[Pieroxy]

In other words, security through obscurity. When it's so simple to just mask the offending area... Go figure.

sims

they can do this for the naked people from the sims game too

RTFA

[porneL]

The whole point of the article is that blurring and pixelating beyond recognition isn't enough. You don't need to see the original numbers, you just have to find numbers that blur to a similar blob. It's a dictionary attack with blur as a hash function.

MaxEnt

[TeknoHog]

This is a kind of maximum entropy method, like the unsharp mask in image processing. Basically, if you know the blurring (convolving) function, you can reverse it. There are more sophisticated algorithms for cases where the blurring function is unknown, based on certain regularities; for example motion blur has a fixed direction and magnitude.

Re:MaxEnt

[SharpFang]

Not always. Convolution matrix can be a lossy transform operation. If you're replacing a 5x5 pixels area with medium average of values of pixels contained within ('resolution drop blur') there's no way in hell you could reproduce all 25 pixel values just from the color they've been averaged to. If each pixel is an average of itself and 24 surrounding pixels within 2 pixels range, solution becomes an enormous set of equations, because it depends on unknown values of pixels which depend on its own (unknown) value. It is solvable but not trivial. If the pixels are just displaced by a random factor, you can't reproduce them without knowing the random seed, which was lost long ago. Apply JPEG compression of 95% - and the information is gone. There are many filters that are safe.

Re:MaxEnt

[MobyDisk]

You didn't read the article, which is why you are completely wrong. An unsharp mask cannot recover data from a blur. And knowing the convolving function does not allow you to reverse it. The best you can do is guestimate, which is what the maxent algorithm you linked to does. It does not reverse the function since that is mathmeatically impossible. And the method discussed in the article does not use this approach.

Re:MaxEnt

[TeknoHog]

I did read the article, and I wanted to point out that what they are doing is not entirely new. Their approach is somewhat different than what you usually see, but the idea is basically the same.

I also know that convolution isn't always reversible, but in many cases it is. I've made professional use of deconvolution to cancel motion blur in a well-defined system. In less defined systems you need to use stuff like MaxEnt, but it also assumes that there is some unknown, well-defined convolving function.

Re:bars

Ah, proof that you never expect to be modded up to +5.

maximum entropy

[localoptimum]

This kind of problem is indeed quite easy to solve with a good algorithm. It's a hard(!) inverse problem, meaning that there are many possible model solutions (guessed number combinations) that match your data (pixels). The weakest link is knowing exactly the blurring algorithm that was used.

In the real world, data is imperfect and noisy, so the article is thus far correct. What is not correct is simply to pick the data with the nearest match, because it's a best match to the noise also. Maximum entropy is one algorithm which gives you a probabilistic answer, i.e. "the chances that this particular combination is the right one is [whatever] percent". You then pick the most likely one. Astronomers use this technique all the time for removing the blur and diffraction on their images. I personally use it regularly for nuclear spectroscopy, and it's absolutely solid if you use it carefully.

Re:maximum entropy

[mattwarden]

I personally use it regularly for nuclear spectroscopy

Yeah, who doesn't?

Cut the number out

[Elentari]

In that example, as the background is one solid colour, it would be easy to protect it by cutting out the number and filling the space in with white. If the image doesn't have the number in it, no one can take it out.

I see that this would be harder with people's faces; there'd be a lot of headless people in photos.

Re:Cut the number out

[dheera]

you can still do this even if your background isn't one solid colour :) unless of course you're obsessed by the looks of a box over your check online, but i'd be more concerned about my data than how my check looks online. if you're trying to prove a point, such as winning a million dollars, i think it's less credible if you can so skillfully edit out the numbers to make it look like the rest of the background, than just take a picture and draw a box over what you want to hide, leaving everything else unedited.

Re:Cut the number out

[Lussarn]

This isn't really about getting the picture back, but getting the data (in this case numbers) back. If there is a 4 number sequence you only have 10000 possibilities, On a face you would have billions of possibilities.

Hand Written Checks

[Joebert]

This is precisely why I hand write all my checks with a sharpe marker, here's an Example.

Fragment-based image completion/reconstruction

[Oddscurity]

Daniel Cohen-Or manages something I consider far more interesting. Take for instance this PDF about image reconstruction.

There's quite a few more impressive papers on his page, for those interested in graphics.

Re:bars

[j00r0m4nc3r]

Can someone agree with an article they didn't read?

Re:bars

[eneville]

Can someone agree with an article they didn't read? and some mod themselves +5...

You're new here, aren't you?

[KH2002]

You're new here, aren't you?

PDF Files

[DigitalRaptor]

This reminds me of when a company sent out a PDF file with a lot of very sensitive information covered in black, but it was done with a black box in Acrobat.

If you read it on screen or printed it out, it worked as they expected. But when you selected the text and copy and pasted it somewhere else, you could read every bit, including the names and details they thought were obscured.

Re:PDF Files

[NevarMore]

That wasn't just a company, that was the US government.

Re:PDF Files

[MrAngryForNoReason]

This reminds me of when a company sent out a PDF file with a lot of very sensitive information covered in black, but it was done with a black box in Acrobat.

Not a company, 'The Company'. They were declassified CIA documents if I remember rightly.

Dont waste time bluring stuff, erase it.

[jonwil]

See that little icon on the toolbar that looks like an eraser. Click it and then drag it over the area you want to remove (the credit card number or whatever else). The information is gone and there is no way to bring it back.

Re:Dont waste time bluring stuff, erase it.

[kyknos.org]

if the layer has alpha, it may be even less secure than blurring :) not a problem when using plain jpegs, of course (but may affect png)

You can actually go one step further with wavelets

[StandardCell]

In a lot of advanced image processing where you want to upscale an image, you can actually use a wavelet-based scaling technique that recovers amazing amounts of detail. In most digital TVs these days, they use a two-dimensional polyphase finite impulse response filter tuned for a certain degree of Gibbs phenomenon (ringing around harder edges) versus detail loss. But this has its limits, and it doesn't intelligently reconstruct the image details. In addition, it's notoriously difficult to tune properly for all content.

In contrast, wavelet based scaling can actually reconstruct phenomenal amounts of detail from a degraded image. For digital TV applications where you have DVDs or standard definition content displayed on a high-definition fixed-resolution display, wavelet-based scaling can actually make real details re-emerge where they weren't there before. The bottom line explanation is understanding and interpreting the influence of adjacent pixels with a minimum of error as the article's author demonstrates (although, as the parent post explains, he's going about it in a convoluted way). I've actually seen the preliminary results that some engineers had shown me that makes it look like something a government agency would use to enhance satellite or surveillance camera images. It makes DVDs look almost exactly like HD-DVD or Blu-Ray HD content. In fact, I expressed my concern that this scaling method could be used on digital TVs to actually "unmask" blurred or blocked faces on TV shows and introduce liability issues.

Nevertheless, it is possible to reconstruct a LOT of detail from blocked out or blurred faces or pretty much any content. Doing it in real time on HD resolution displays is a different matter altogether as it requires enormous computing power. But it is coming in the next 3-5 years. If you're really interesting in blocking out content on digital photos, use a solid black color over the part you don't want recognized.

Mathematically speaking, a blurred image...

[exp(pi*sqrt(163))]

...contains almost the same information as the original. Consider a 1D example with a sequence of pixels:

1-10-20-5-8-10

Now perform a simple blur by averaging each pixel withh its neighbors (padding with zero at edges):

3.7-10.3-11.7-11-7.7-6

Suppose we lose the original. Note that we have still have 6 values and we know the equation that generated each one. So we have 6 equations in 6 unknowns, and we can solve. (In real life blurs are more complex, but in practice they are still linear, including blur from camera defocus.) The catch is numerical error, especially if there's quantization. But it's not beyond the realm of possibility to solve these equations and there are countless published 'deconvolution' algorithms out there.

Re:Mathematically speaking, a blurred image...

[exp(pi*sqrt(163))]

That's a 'pixellate' rather than a blur. What I describe corresponds to many types of 'blur' that appear in image manipulation packages. The original story has a stupid name, but as a general principle, many image processing operations are theoretically invertible.

Re:Mathematically speaking, a blurred image...

[kyjl]

My head is sweating REALLY HARD right now

"But, really..."

[solitas]

(from about 2/3 down the page):
So yes, I used an image against itself and designed it to work here. But the algorithem can surely be improved to work on real stuff. I don't have the time nor desire to improve this any further, though, because I'm not the one after your information.

Yeah, like: surely someone else can make it work - I've only described a fantasy in an article that'll work only under fabricated examples and circumstances and I don't want to put myself in a position of proving it unworkable in general use.

Re:"But, really..."

[SillySilly]

Give the article some credit -- the author is trying to warn people about the risks of using pixelation or blurring on personal information, and rightly says that such information should be blacked out instead. Read some of the other comments on this thread and you'll see that people have already come up with several ways to improve the algorithm, strengthening the main point of the article.

Holliwood was right after all

[PietjeJantje]

Endless magnification, not such a stupid concept after all.

Next, computers will have huge letters, beep whenever you press a key, an Override function for those pesty Permission Denied errors, and in general be Apples.

Whoops...

Just accidentally moderated someone Overrated instead of Funny. Posting to get rid of it.

Crop

[electronerdz]

Why not just crop the image? Oh wait...

This would only work if you know the exact setting

[KnightMB]

Long ago, I posted up a picture about Vonage 911 and a screenshot for dslreports.com long ago.
You'll find it here:
http://www.dslreports.com/r0/download/800075~433b0 c31ec1520970b77229393b7d713/vonage.png

Now, unless you know what mosaic settings I used, I don't see anyone cracking these numbers anytime soon. I think this sounds good in theory, but no good in practice unless everyone is using the exact same software to do the mosaic modification.

Easy solution pt2

[SuperStretchy]

Import the picture into PS or Fireworks and then draw the black lines on top. Save as the program-specific proprietary format. Upload to teh internets.

Similar to the pfd layers issue, but more readily viewed and edited.

Not blur, pixelation

[Animats]

First, this isn't blur, it's pixelation, with big pixels. That's not the same as blur. True blur, like Gaussian blur in Photoshop, doesn't actually destroy that much information. After Gaussian blurring, each pixel has a unique value, but it's a linear combination of values from nearby pixels. There's almost as much information as before blurring; the only true losses are from rounding. That's a reversible process.

Pixelation, though, substantially reduces the amount of information in the image. Before, each pixel had a unique value. After, only each square has a unique value. So information really has been destroyed. However, if, after pixelation, the target object to be identified still has several pixels, some kind of attack might work. You need to use big enough pixel blocks that multiple target objects (like three or more letters or numbers) map to a single block. Of course, visually this will lose you the "there's sort of some number there but I can't make it out" look.

Pixelation with some crypto-grade noise added would probably solve the problem. (Remember, if the attacker can predict the noise algorithm, it doesn't help.)

first off....

[lordvalrole]

I rarely ever see someone use mosaic filter applied to something like a check or a credit card. I am sure it happens but it is pretty rare. Also if someone really likes the mosaic effect but thinks someone really wants to spend time trying to deal with it...then you can always use the smudge tool in and sweep it across the numbers before applying the mosaic effect or even after the effect. There is no way anyone will read that. Or you could just completely black it out which would be the optimal choice. Not too mention you could mosaic a mosaic to give you a different set of values which makes the so called "script" invalid.

Re:first off....

[dheera]

Here's a once-top story on Digg.
http://digg.com/offbeat_news/How_much_was_this_che ck_written_for
Google image search will give you tons more examples... not just of checks but people block all kinds of things. Scanned bills, paystubs, etc. and mosaic parts of images.

I use the smudge tool in Gimp

[screeble]

Recently, I scanned and placed 20+ pages of my old high school writing on my blog to provide continuity between some old diary entries I had converted to blog and my current blog entries.

I didn't edit the pages much but I did obscure signatures and addresses on the top of some of the pages as some of my poems were submitted for publication in a local zine.

I first tried block selecting and pixellating the text I wanted to obscure with Gimp.

I wasn't happy with the results as there seemed to be a lot of clues left behind that might enable someone to reverse engineer the text.

So, I decided to undo the pixellating and picked the smudge tool instead.

Since you control the H&V coords for the dragging tool manually It's like scrubbing crayon off a wall.

Just scrub until the data is gone.

Seems to me that this is a much safer way than pixellation to strip out unwanted data while still leaving the suggestion of text in the image.

give that man a Cigar...

[p51d007]

He gets it :)

Re:Squinting Works

[UncleTogie]

Ask the guys with talented girlfrends. ;)

Heh

[GregNorc]

I've seen personal info blurred so poorly simple adjustment with the levels tool in photoshop made them visible. The information in question was a credit card number. The guy was lucky, he had an AIM screenname in his profile. I contacted him and he replaced the image.

Re:You can actually go one step further with wavel

[iangoldby]

Found this link for GreyCstoration which sounds similar to what the parent mentions. This isn't a wavelet technique, but it seems to produce quite good results. But I'm always very skeptical of any claim to restore detail not in the original image - in this case it seems to rely on the idea of

locally smooth the image preferably along the image structures

which can give the subjective impression of improving detail, but only because that is what our brains expect to see in a sharp image.

Does anyone have a link to code doing wavelet-based scaling techniques, especially a GIMP plugin?

It's called Deconvolution

[DancesWithBlowTorch]

Try a Google (Scholar) search for ("blind") "Deconvolution", e.g. the Lucy-Richardson (if I recall correctly) algorithm. MatLab's image processing toolkit has some of them as built-in functions. It's one of the standard machine-learning problems.

In short: "Blurring", as most image processing software does it is a convolution (i.e. a multiplication in Fourier-Space) of the original image with a Gaussian kernel. Since the resulting image is real but the multiplication takes place in the full complex Fourier spectrum, information about the original image is lost during the convolution (the blurring): There is no inverse function to the convolution, in general. Nevertheless we can find the most probable original image, given the blurred one and, using knowledge about the struture of the original images (like, say, its Fourier spectrum, its entropy, etc), we can enhance this reconstruction.

Contemporary de-convolution algorithms (they are used in Astronomy, Microscopy, in Digital Cameras and a lot of other places) are much better than a layman would expect. While they can do no mathematical wonders, they definitely can restore amazingly clear images from what looks to the human eye like one big blurry blob.

Unless there are many frames?

[Flexagon]

an algorithm to "un-blur" a blurred image is a total waste of time

Maybe for a single image, but how about blurred or pixelated informants or (increasingly) logos on TV, with many closely correlated frames?

Re:You can actually go one step further with wavel

[John+Hasler]

> If you're really interesting in blocking out content on digital photos, use a
> solid black color over the part you don't want recognized.

No need for black. Just replace the part you don't want recognized with something else rather than blurring it (or better yet replace it and then blur it. Let them waste their computing power).

Comment removed

[account_deleted]

Comment removed based on user account deletion

the mystery of tubgirl

[notoriousE]

thanks to this new technology, we will find out that there are numbers hidden in Tubgirl image, they hold the key to the meaning of life!

Re:bars

[Frnknstn]

I agree.

Blur is sketchy.

[RomulusNR]

Blur is of course insecure. Beyond this reverse-engineering trick, it's also a known visual trick that something which up close looks blurry and unrecognizable is actually more readable from a distance.

I agree that blur is not a great idea, but "black bar" is tacky. Either get the area to match the surrounding area, via copy-and-paste (and then blur or something), or match the color and paint over.

If those techniques make it look obvious, I've used Noise and Scatter in the past. Since Scatter is presumably random, it should obliviate any ability to recover the source, and the added noise shouldn't help.

still secure way, even if you have to use blur

If for whatever reason you were forced to show blurred content, you could always paste a fake blurred image on top of what you wanted to hide. As far as people can tell, it's the real deal but you know that if this "deblurring" technique is used, it will only reveal a fake text, like "Got you", "Ah-ha! or something like that.

AC

Just use black

[brunes69]

Just use a black brush and brush over the stuff you want hidden. This is what I always do.

I don't care what algorithm you're using, you can't reverse a black paint stroke to discover what is underneath, those pixels are gone. (short of using code that exploits the multi-layers aspect of some image formats - but paint is not susceptable to this :P)

Mosaic 2.0

[LunarCrisis]

So how long before someone writes a new mosaic effect which looks as neat as the existing one while actually having little to do with the underlying image?

Re:You can actually go one step further with wavel

[NickDngr]

In most digital TVs these days, they use a two-dimensional polyphase finite impulse response filter tuned for a certain degree of Gibbs phenomenon (ringing around harder edges) versus detail loss.

That is an awesome sentence. You win the prize for stringing together the most buzzwords.

Autostereogram

[Oddscurity]

Only because you didn't tilt your head and squint... doh!

Re:Autostereogram

[ThogScully]

Wow... buncha' idiots on here I guess. I KNOW it's a stereogram. But it was not a stereogram of a sailboat. It was a stereogram of a bunch of random shapes like he described. I forgot why I stopped posting here, but thanks for reminding me.
-N

Re:You can actually go one step further with wavel

[QuantumFTL]

Okay so I'm replying to this rather late, despite enjoying the post when the article first came out. Is there a way to tell which, if any, HDTVs and/or DVD players on the market employ wavelet based techniques? Cheers, Justin