Follow

Warning: There’s an app for blurring out sensitive information in images called Obfuscate being featured on Software right now.

Please be careful.

The default blur setting can easily be reversed.

The default should be to replace the areas with a solid colour or a pattern not derived from the underlying information.

This really should not be a featured app in its current state.

Case it point, the text in my image was revealed by @janale about fifteen minutes after my original post.

toki.social/@janale/1083740420

Right, the app’s developer has agreed to change the default tool to pure colour replacement (which is secure).

While he wants to keep the blur tool also (for non-sensitive stuff/aesthetic uses), I hope that he’ll be adding a warning to it when it is first used that alerts people not to use it for sensitive information and/or that the app description reflects that.

All in all, a positive development.

And now I can go back to coding…

@aral Wow, that's baaaad. Blurred images can easily be seen simply by standing a little bit further away from the image. Never, blur...ever

@paul Yeah. Just opened an issue and wrote a warning in GNOME Software in the reviews also.

gitlab.gnome.org/World/obfusca

@paul I mean the icon for the app is a credit card with the number obfuscated (ironically, the technique in the icon _is_ secure, unlike the default behaviour of the tool itself). I’m worried this will lead people to do exactly what is shown using it.

@aral I see too many occurrences of people blurring already, maybe it's because it's so commonplace it's been set as default. Still, so bad though, well done for raising it as an issue

@aral 😬 This really should be common knowledge, I've seen lots of people make the same mistake.

Having this misfeature in a "featured app" is absolutely dangerous.

@tml @aral yeah, but before then, we can get it off Circle by arguing that it fails "basic features and functionality work as expected". considering that the developer seems quite stuck-up, he'll need quite a push to actually fix his app

@aral@mastodon.ar.al
Good info. And I agree, always black out text with a solid color.
PS. that comment section is a shitshow.

Contents of blur 

@aral

extension

this.addEventListenerFile(filePath)

Contents of blur 

@janale Yep. (And yes, that’s an autocomplete corruption – the screenshot was from a bug report I filed for Helix Editor) :)

Contents of blur 

@janale And, of course, thank you for the case in point :)

@aral @nanda It seems that some progress has been made, if they put the black bars as default and issue a warning when the blur is selected is good news, but the arrogance of the dev will make steer away from this app. Constructive criticism, like in this case, should always be welcomed. Really don't get it

@astrisk @nanda Well at least he came around eventually – that’s more than you can say for some folks :) It’s also understandable that folks become defensive sometimes when you criticise their baby. That said, all I really care about is that no one is hurt by revealing sensitive information about themselves. Fingers crossed this will be a quick update.

@aral @astrisk I really don't understand why the dev got so defensive at the point of denial, just say "I'll check this" even without planning to do anything would still have been a better first response.

@nanda @aral @astrisk

Please just remember that we are humans and that we can sometimes react in a wrong way.

He is currently involved in a lot of FOSS projects and cares about the end users as much as you do

@aral i found using a rectangle the matches the color of the underlying text somewhat (instead of pure black) can be an aesthetic solution while still being reasonable secure, especially for text with a dark theme (where a black rectangle would just completely disappear)

i wonder how hard would it be to automate that – perhaps quantizing the color to a small palette, to avoid disclosing information through quirks in the color auto-detection algorithm

@aral
Went to flathub and saw Obfuscate in the recent updated apps, took a look and the dev already applied the corrections, great news

@aral it seems like this could be achieved more safely with a combined effect like pixelate first and then blur

@aral Right on with you for pointing out a thing and the developer working on it "toot" de suite!

@nikomaruhito @aral Pretty sure even gnomes on board tools can do better

But positioning it as a specialized tool for exactly this one purpose just makes it worse

@aral Blurring or pixelating are terrible options to hide the stuff. iirc, coloring over the image with an 100% opaque brush is better.

@aral what the heck? I can literally read that with just my eyes

@aral what if you do it multiple times on the same spot?

Sign in to participate in the conversation
Aral’s Mastodon

This is my personal Mastodon.