Since the KDE bugtracker tells you to come here if you don’t know if something is a bug or not, here I am. Hello peeps
In essence, blurring has been proved to be an insecure way of redacting data (read: Steven Hill, Zhimin Zhou, Lawrence Saul, and Hovav Shacham -
On the (In)effectiveness of Mosaicing and Blurring as Tools for Document Redaction (2016)).
Given that the latest version of spectacle seems to use a standard (insecure) blurring algorithm, I believe it’s beneficial to add an option for a “secure blur” tool, either as a separate standalone tool or as a setting to be enabled.
The implementation could be similar to what’s done in flameshot (the blurring is done by using pixels from immediately outside the selection area, so no sensitive data is used in the blurring process)
My idea was to submit this idea in the KDE bugtracker, but I’m not sure if that’s appropriate, since it’s not really a “bug” in the traditional sense. Should I go ahead and submit it?
Indeed, the process in the article is pretty involved, but it’s been almost 10 years since its publication, and AI has come a long way. I can’t point you to any specific tool for un-blurring images (or actual cases of data recovery out in the wild), but the proof of concept is there.
From my POV, this is a good tool to have for future-proofing data we leave around in the internet.
True, I’m pretty sure a solid black bar can’t get out-maneuvered in terms of redaction.
My original hope is that spectacle might follow the example set by flameshot: setting the secure blur as the default, and having the normal blur as a toggle-able option in settings. That way, people who mostly use the blur won’t be caught unaware in the future, in case they don’t know about its flaws.
However, that might be a very unwelcome and confusing change for people who weren’t expecting it, so I didn’t suggest secure blur as a replacement, but as an opt-in tool.
All in all, as long as it’s not a big undertaking, I think the addition of this option would be a great bonus for spectacle.
Simple by default, powerful when needed, and whatnot
I’d even say that, to keep things simple, the most secure algorithm should completely replace the old one and there’s no need of an option to use the old one.
Is the most secure algorithm so different in output compared to the other one that people could ever want to use the old one?
From what I understand, people almost always use blurring over blackout redaction because it looks visually appealing, and I personally think the secure version looks “cool enough”.
I am also aware that some people use blur for directing attention away from elements in a screenshot instead of redaction, however. In those cases, data destruction isn’t a necessity, so there might still be demand for an insecure blur
if there is a more secure blur that cannot be “unblurred” by guessing at the font and reversing the blur process then that should just be implemented as the blur.
i see no reason to have “secure” and “normal” versions of blur… why would anyone even choose the un-secure version and risk anyone finding out what was blurred.
I agree with you, but OP gave an example of why someone would prefer an insecure blur:
I am also aware that some people use blur for directing attention away from elements in a screenshot instead of redaction, however. In those cases, data destruction isn’t a necessity, so there might still be demand for an insecure blur.
The question now could be if it would be meaningful to place a toggle in Spectacle’s settings to switch to an insecure blur: this would match with the Simple by default, powerful when needed phylosophy.
unless the secure blur creates a significant burden on resources over normal blur, i still can’t see a reason why secure should be the only blur in town.
and i use the term “secure blur” as if that is an actual thing…which i don’t know that it is.
