An anonymous reader writes "Dheera Venkatraman explains in a webpage how an attacker might be able to extract personal information such as check or credit card numbers, from images blurred with a mosaic effect, potentially exposing the data behind hundreds of images of blurred checks found online, and provides a ficticious example.
While much needs to be developed to apply such an algorithm to real photographic images, he offers a simple, yet obvious solution: cover up the sensitive information, don't blur it."
Try GMask [nifty.com]. This method of mosaic masking is often used to make the images legal for Japanese webpages, yet allow perverts to recover the original image.
Now cue about 50 posts talkng about the "CSI Photoshop enhance plugin".
That's just funny. The source actually compiles on Linux but I have no idea how to use it. I always thought porn was for hiding Soviet spy messages. I suppose pictures could hide horse porn with steganography.
Translation aside, looks like it needs `gnome-config --cflags gnome` instead of `gtk-config --cflags` in Makefile at a bare minimum. And a lot of cleanup in general.
Witness the power of Open Source as it is unleashed in Real Time when faced with a pr0n related problem !
Only if the number of possible cunts is fixed and known.
Somehow, I feel like I'm not reading Slashdot. Did the channel get changed over to MTV's New Year's Countdown [youtube.com] (language NSFW)?
I hereby dub Tablizer the John Cleese of Slashdot. I've never seen anyone use that word here before (John Cleese said "fuck" during his eulogy of Graham Chapman at the televised funeral, and allegedly was the first to use the f-bomb on TV, or something like that).
While much needs to be developed to apply such an algorithm to real photographic images, he offers a simple, yet obvious solution: cover up the sensitive information, don't blur it."
And please, when you cover the information with black bars, use Adobe Acrobat. (this solution brought to you by the CIA)
If you don't remember or want a refresher on what happened, the original article is at http://it.slashdot.org/article.pl?sid=06/06/22/138 210 [slashdot.org] . It's worth bookmarking in case you ever need to do the same yourself.
damn right. I see this happening on CSI all the time, the licence plate, blurred, reflected in a window, with someone standing in front of it.. just 'clean up the image', and bobs your uncle - one licence plate revealed clear as day.:)
It's hilarious every time they do this. They start with a picture of some guy's face from 500 feet away that looks like a big skin-colored blur, and by the time they're done enhancing it, you can see right up the guy's nose. Of course, they want to keep it realistic: to show that you can only enhance an image so much, his nose hairs are slightly pixelated.
Whichis why it uses the authentic photpenhance sound effect as the image appears in rows, like dot matrix printer. Us imaging professionals see that every day.
The weird thing is that they must have a whole staff of highly qualified computer geeks who do their effects who could tell them this was bullshit.
The weird thing is that they must have a whole staff of highly qualified computer geeks who do their effects who could tell them this was bullshit.
You need to realize that CSI is science fiction masquerading as a cop show. Their impossible tricks with image processsing and the like are the show's equivalent of FTL travel. But despite having miraculous technology, they actually get the method and attidudes of science right, at least on the original series. They look at the evidence, and struggle to overcome their prejudices regarding what they would like to be true. Sometimes they follow false trails, and have to accomodate new facts by discarding the theory they've built up so far.
Gil Grissom may be the only character in TV history who actually behaves more-or-less like a real scientist.
They look at the evidence, and struggle to overcome their prejudices regarding what they would like to be true. Sometimes they follow false trails, and have to accomodate new facts by discarding the theory they've built up so far.
I suppose that's one way to look at it. For me, I gave up after the first season. The "false trails" thing just became a cliche; you KNOW that it's never the one or how who it seems to be first; that's always a red herring. And the complete unreality of the CSI geeks going around
Its actually quite easy to tell if they've caught the real killer. "Does the show have 20 minutes or less out of 1 hour to go? If yes, probably the right killer. If no then the wrong killer. If the show has 10 minutes or less then it is definitely the real killer."
You do realise that an algorithm to "un-blur" a blurred image is a total waste of time, right? There's no way for the algorithm to know how many times and in what various directions I blured the image - or if I added/deleted text before blurring. It's like a virus for Linux.. no one writes it because it's a waste of time. Leave it to slashdot to post bullshit.
the problem is more the fact that so many people on the internet use just a simple mosaic to do blurring. i can cite enough examples from google image search if i wanted to. others resort to applying a motion blur effect just once which can be reversed by deconvolution if it's not blurred enough. if you use the smudge tool, good for you, i don't think there's a good way to reverse that. the problem is that blurring and mosaic techniques are simple, consistent transformations, while smudging is not.
I really don't get why people post sensitive information on the web in any form. The example in the article shows a "Sample" check. Then mentions something about a real check involving winning 1 million dollars. So, if you blurred it, you must have edited the photo. So in no way does a photoshopped photo prove you won a million dollars. Completely blanking out (with pure white, pure black, a texture, etc) the image proves just as much as the blur. WTF is the point? By contrast, PDFs and DOC files requires un
Personally, I just replace the part to be hidden with an image of a similar type. For example, in all my pictures of porn or gratuitous violence I replace the heads of any identifiable individuals with that of Bill Gates. Works great ( well, apart from the porn )
Anytime I post a picture, such as a car with a license plate, I BLANK out the
numbers/letters with three colors, a block of white, then a block of silver,
then a block of black. Not layers, just the colors.
An unclassified report was released with information blacked out to make it unclassified. The problem is that whatever software was used to produce the PDF with classified information hidden had only applied a layer which was easily removed.
People who do not understand the technology they are working with should not have this kind of release authority. And that's the hard part--the higher up you are in the food chain, the less likely you are to understand the new tools your organization is working with.
There are very few users in government who could not do their jobs just fine using Windows 3.11, WordStar 3.x and an e-mail client on a fast but simple machine.
Slaved as the government is to Microsoft's development cycle, however, the government will always be at the cutting edge of compromised.
While I acknowledge knowning little about different blurring algorithms could someone enlight a bit how much of "unblurring" can be done? I realize there are some "sharpen" filters in Photoshop and Gimp but AFAIK they all seem to be based on highlighting edges or something like that.
As in the TFA, the Bill Gates picture has a small part of it blurred (his face). Could it be possible to calcute all the possible variations that give the same bitmap as the original when filtered with gaussian blur? What I
It's sort of like rot13 encryption. Do it enough times and you're bound to get the same things as what went in. 79 times - nope. 113 times - nope. But dammit, the 186th time works!
He basically points out that a blurred mosaic amounts to a form of inexact hash function. While
irreversable, if you have a small enough input space, you can exhaustively hash all possible
candidates and pick the one(s) that best match the target.
Interestingly enough, while he points out that most financial account numbers contain a degree
of error detection and correction, he chooses to use that to reduce the match set, rather
than the candidate set. I suppose this would matter if you wanted to prove a hypothesis
(if the best match yields a valid number, you have a p=[valid/total]), but if you just want to
steal someone's account info, you'd do better to reduce your processing time and just try the
best few results in order.
In a lot of advanced image processing where you want to upscale an image, you can actually use a wavelet-based scaling technique that recovers amazing amounts of detail. In most digital TVs these days, they use a two-dimensional polyphase finite impulse response filter tuned for a certain degree of Gibbs phenomenon (ringing around harder edges) versus detail loss. But this has its limits, and it doesn't intelligently reconstruct the image details. In addition, it's notoriously difficult to tune properly for all content.
In contrast, wavelet based scaling can actually reconstruct phenomenal amounts of detail from a degraded image. For digital TV applications where you have DVDs or standard definition content displayed on a high-definition fixed-resolution display, wavelet-based scaling can actually make real details re-emerge where they weren't there before. The bottom line explanation is understanding and interpreting the influence of adjacent pixels with a minimum of error as the article's author demonstrates (although, as the parent post explains, he's going about it in a convoluted way). I've actually seen the preliminary results that some engineers had shown me that makes it look like something a government agency would use to enhance satellite or surveillance camera images. It makes DVDs look almost exactly like HD-DVD or Blu-Ray HD content. In fact, I expressed my concern that this scaling method could be used on digital TVs to actually "unmask" blurred or blocked faces on TV shows and introduce liability issues.
Nevertheless, it is possible to reconstruct a LOT of detail from blocked out or blurred faces or pretty much any content. Doing it in real time on HD resolution displays is a different matter altogether as it requires enormous computing power. But it is coming in the next 3-5 years. If you're really interesting in blocking out content on digital photos, use a solid black color over the part you don't want recognized.
Wouldn't multiple blurs over the same area also make it much harder to decipher? Yes, [evil person] could apply the affect multiple times as well, but that would be assuming they knew that a) the person had done it more than once and b) how many times they'd actually done it.
This is a kind of maximum entropy [maxent.co.uk] method, like the unsharp mask in image processing. Basically, if you know the blurring (convolving) function, you can reverse it. There are more sophisticated algorithms for cases where the blurring function is unknown, based on certain regularities; for example motion blur has a fixed direction and magnitude.
This kind of problem is indeed quite easy to solve with a good algorithm. It's a hard(!) inverse problem, meaning that there are many possible model solutions (guessed number combinations) that match your data (pixels). The weakest link is knowing exactly the blurring algorithm that was used.
In the real world, data is imperfect and noisy, so the article is thus far correct. What is not correct is simply to pick the data with the nearest match, because it's a best match to the noise also. Maximum entropy is one algorithm which gives you a probabilistic answer, i.e. "the chances that this particular combination is the right one is [whatever] percent". You then pick the most likely one. Astronomers use this technique all the time for removing the blur and diffraction on their images. I personally use it regularly for nuclear spectroscopy, and it's absolutely solid if you use it carefully.
This reminds me of when a company sent out a PDF file with a lot of very sensitive information covered in black, but it was done with a black box in Acrobat.
If you read it on screen or printed it out, it worked as they expected. But when you selected the text and copy and pasted it somewhere else, you could read every bit, including the names and details they thought were obscured.
See that little icon on the toolbar that looks like an eraser. Click it and then drag it over the area you want to remove (the credit card number or whatever else). The information is gone and there is no way to bring it back.
(from about 2/3 down the page): So yes, I used an image against itself and designed it to work here. But the algorithem can surely be improved to work on real stuff. I don't have the time nor desire to improve this any further, though, because I'm not the one after your information.
Yeah, like: surely someone else can make it work - I've only described a fantasy in an article that'll work only under fabricated examples and circumstances and I don't want to put myself in a position of proving it unworkable in general use.
not always true. while it's reasonably good today, some day in the future, if we have 16-bit color channel depth ever become a standard (a 16-bit tiff for example), there will be enough data maintained at the edges of the blurred region to reconstruct the data. all you have to do is FFT the region, divide by a gaussian, inverse FFT, then keep repeating for different gaussians - this will basically divide out the system function used for blurring. 8-bit channels of today don't quite make it practical resolut
The whole point of the article is that blurring and pixelating beyond recognition isn't enough. You don't need to see the original numbers, you just have to find numbers that blur to a similar blob. It's a dictionary attack with blur as a hash function.
Blurring can be made secure, if the picture is blurred or pixelated) to the maximum. Then no one can see the original numbers any longer, therefore creating the highest possible degree of security.
Please, RTFA. If you know these are numbers and the font (as on a credit card) that means you only have to get 10 levels of grey to have an excellent chance of working each digit out. You can't "see" it, but the information is there. Just use the eyedropper to select one colour, then paint over it.
and what is wrong with saying "i agree" to the article. this is a public forum for people to voice opinions, if you think that is wrong, just set the widget to show comments rated +5.
you can still do this even if your background isn't one solid colour:)
unless of course you're obsessed by the looks of a box over your check online, but i'd be more concerned about my data than how my check looks online.
if you're trying to prove a point, such as winning a million dollars, i think it's less credible if you can so skillfully edit out the numbers to make it look like the rest of the background, than just take a picture and draw a box over what you want to hide, leaving everything else uned
This isn't really about getting the picture back, but getting the data (in this case numbers) back. If there is a 4 number sequence you only have 10000 possibilities, On a face you would have billions of possibilities.
Japanese porn (Score:5, Funny)
Re:Japanese porn (Score:5, Informative)
Now cue about 50 posts talkng about the "CSI Photoshop enhance plugin".
Parent
Re:Japanese porn (Score:4, Funny)
Parent
Re: (Score:3, Funny)
Speaking of Slashdot memes, do GNAA trolls still show up? I haven't browsed below +4 in a year, so I'm not entirely sure.
Re: (Score:3, Interesting)
I always thought porn was for hiding Soviet spy messages. I suppose pictures could hide horse porn with steganography.
Re:Japanese porn (Score:5, Funny)
Parent
Re:Japanese porn (Score:5, Funny)
Only if the number of possible cunts is fixed and known.
Parent
Re: (Score:3, Insightful)
Somehow, I feel like I'm not reading Slashdot. Did the channel get changed over to MTV's New Year's Countdown [youtube.com] (language NSFW)?
I hereby dub Tablizer the John Cleese of Slashdot. I've never seen anyone use that word here before (John Cleese said "fuck" during his eulogy of Graham Chapman at the televised funeral, and allegedly was the first to use the f-bomb on TV, or something like that).
and please... (Score:5, Funny)
And please, when you cover the information with black bars, use Adobe Acrobat. (this solution brought to you by the CIA)
Re: (Score:3, Interesting)
Sqinting Works (Score:5, Funny)
Re: (Score:2, Insightful)
Re:Sqinting Works (Score:4, Funny)
Parent
Re:Sqinting Works (Score:5, Funny)
Parent
old news - I see this on TV every day. (Score:5, Funny)
Re:old news - I see this on TV every day. (Score:5, Funny)
Parent
Re: (Score:3, Funny)
Whichis why it uses the authentic photpenhance sound effect as the image appears in rows, like dot matrix printer. Us imaging professionals see that every day.
The weird thing is that they must have a whole staff of highly qualified computer geeks who do their effects who could tell them this was bullshit.
Re:old news - I see this on TV every day. (Score:4, Interesting)
You need to realize that CSI is science fiction masquerading as a cop show. Their impossible tricks with image processsing and the like are the show's equivalent of FTL travel. But despite having miraculous technology, they actually get the method and attidudes of science right, at least on the original series. They look at the evidence, and struggle to overcome their prejudices regarding what they would like to be true. Sometimes they follow false trails, and have to accomodate new facts by discarding the theory they've built up so far.
Gil Grissom may be the only character in TV history who actually behaves more-or-less like a real scientist.
Parent
Re: (Score:3, Insightful)
I suppose that's one way to look at it. For me, I gave up after the first season. The "false trails" thing just became a cliche; you KNOW that it's never the one or how who it seems to be first; that's always a red herring. And the complete unreality of the CSI geeks going around
Re: (Score:3, Insightful)
Re: (Score:3, Funny)
Impossible! (Score:2, Insightful)
Re:Impossible! (Score:5, Informative)
Parent
Re: (Score:2)
So, if you blurred it, you must have edited the photo. So in no way does a photoshopped photo prove you won a million dollars. Completely blanking out (with pure white, pure black, a texture, etc) the image proves just as much as the blur. WTF is the point? By contrast, PDFs and DOC files requires un
Re: (Score:2)
how about a big DUH..... (Score:3, Funny)
Re: (Score:3, Funny)
And cover it correctly... (Score:4, Interesting)
People who do not understand the technology they are working with should not have this kind of release authority. And that's the hard part--the higher up you are in the food chain, the less likely you are to understand the new tools your organization is working with.
There are very few users in government who could not do their jobs just fine using Windows 3.11, WordStar 3.x and an e-mail client on a fast but simple machine.
Slaved as the government is to Microsoft's development cycle, however, the government will always be at the cutting edge of compromised.
Re: (Score:2)
I thought of the PDF thing too when I read the article!
Yeah, that's decidedly the exception to this rule.
Un-blurring photos (Score:2, Interesting)
While I acknowledge knowning little about different blurring algorithms could someone enlight a bit how much of "unblurring" can be done? I realize there are some "sharpen" filters in Photoshop and Gimp but AFAIK they all seem to be based on highlighting edges or something like that.
As in the TFA, the Bill Gates picture has a small part of it blurred (his face). Could it be possible to calcute all the possible variations that give the same bitmap as the original when filtered with gaussian blur? What I
Re: (Score:2)
Summary of technique (Score:5, Insightful)
Interestingly enough, while he points out that most financial account numbers contain a degree of error detection and correction, he chooses to use that to reduce the match set, rather than the candidate set. I suppose this would matter if you wanted to prove a hypothesis (if the best match yields a valid number, you have a p=[valid/total]), but if you just want to steal someone's account info, you'd do better to reduce your processing time and just try the best few results in order.
You can actually go one step further with wavelets (Score:5, Insightful)
In contrast, wavelet based scaling can actually reconstruct phenomenal amounts of detail from a degraded image. For digital TV applications where you have DVDs or standard definition content displayed on a high-definition fixed-resolution display, wavelet-based scaling can actually make real details re-emerge where they weren't there before. The bottom line explanation is understanding and interpreting the influence of adjacent pixels with a minimum of error as the article's author demonstrates (although, as the parent post explains, he's going about it in a convoluted way). I've actually seen the preliminary results that some engineers had shown me that makes it look like something a government agency would use to enhance satellite or surveillance camera images. It makes DVDs look almost exactly like HD-DVD or Blu-Ray HD content. In fact, I expressed my concern that this scaling method could be used on digital TVs to actually "unmask" blurred or blocked faces on TV shows and introduce liability issues.
Nevertheless, it is possible to reconstruct a LOT of detail from blocked out or blurred faces or pretty much any content. Doing it in real time on HD resolution displays is a different matter altogether as it requires enormous computing power. But it is coming in the next 3-5 years. If you're really interesting in blocking out content on digital photos, use a solid black color over the part you don't want recognized.
Parent
Multiple passes? (Score:2)
MaxEnt (Score:5, Informative)
maximum entropy (Score:5, Informative)
In the real world, data is imperfect and noisy, so the article is thus far correct. What is not correct is simply to pick the data with the nearest match, because it's a best match to the noise also. Maximum entropy is one algorithm which gives you a probabilistic answer, i.e. "the chances that this particular combination is the right one is [whatever] percent". You then pick the most likely one. Astronomers use this technique all the time for removing the blur and diffraction on their images. I personally use it regularly for nuclear spectroscopy, and it's absolutely solid if you use it carefully.
Hand Written Checks (Score:2, Funny)
Fragment-based image completion/reconstruction (Score:2, Informative)
There's quite a few more impressive papers on his page, for those interested in graphics.
PDF Files (Score:2)
If you read it on screen or printed it out, it worked as they expected. But when you selected the text and copy and pasted it somewhere else, you could read every bit, including the names and details they thought were obscured.
Dont waste time bluring stuff, erase it. (Score:2)
"But, really..." (Score:4, Insightful)
So yes, I used an image against itself and designed it to work here. But the algorithem can surely be improved to work on real stuff. I don't have the time nor desire to improve this any further, though, because I'm not the one after your information.
Yeah, like: surely someone else can make it work - I've only described a fantasy in an article that'll work only under fabricated examples and circumstances and I don't want to put myself in a position of proving it unworkable in general use.
Re: (Score:3, Interesting)
RTFA (Score:5, Informative)
The whole point of the article is that blurring and pixelating beyond recognition isn't enough. You don't need to see the original numbers, you just have to find numbers that blur to a similar blob. It's a dictionary attack with blur as a hash function.
Parent
Re: (Score:2)
Please, RTFA. If you know these are numbers and the font (as on a credit card) that means you only have to get 10 levels of grey to have an excellent chance of working each digit out. You can't "see" it, but the information is there. Just use the eyedropper to select one colour, then paint over it.
Re: (Score:2)
That isn't 'lazy programmers'. That's people trying to up their search engine rank without bothering their customers with a ton of pointless text.
Re: (Score:2, Insightful)
Re: (Score:2)
You're new here, aren't you? (Score:5, Funny)
Parent
Re: (Score:2)
Re: (Score:2)