Is it possible for someone to see under the "blacked out" part of this image (see below)?

  • Ok, so I sent some pictures to a journalist to report something I thought was noteworthy. However, one of the images contained my date of birth and other personal information so I blacked it out using markup tools in the Photos app of my iPhone 6 (running iOS 10.3.2). Then, I took a screenshot, then sent the screenshot from my phone to my email account, then downloaded the image to my laptop. Then, I sent that image from my desktop to the journalist.

    So, let's say this was the edited original picture (it's in JPEG format because when I sent it from my iPhone via iCloud mail to my other email address then downloaded it on to my laptop from that other email address, it downloaded in JPEG, but the screenshot downloaded as a PNG):

    This is the screenshot (PNG format):

    Using whatever technique you want, is there any way possible way to see what is under the blacked out parts in the screenshot, because that was what I actually then sent to the journalist.

    Thank you for your help!

    PS - The images above are examples and not the actual thing I sent! It just says "LALALALALA BATMAN!"

    I need to log in before I can see your images. Can you just upload them on this website so everyone can see them and there is no risk of link rot?

  • PNG is a bitmap format, thus "blackening out" is a destructive method: what was in the original picture before it was replaced by black pixels is no more in the blackened picture. You can use any fully opaque color (a color without a transparent value) for this process, not just black.

    This is not the same for other formats that are layered, like PDF, SVG (vector image), PSD (photoshop image), etc. In those formats, "blackening out" will most likely add a black layer that can easily be removed later.

    PNG doesn't have EXIF metadata like JPEG, but still can embed some king of metadata in the ancillary chunks. You would be wise to check what's contained in those chunks of your picture.

  • There are ways, but possibly not in your example case (blackeneing at end of line).

    If you blacken a word or short phrase (e.g., a name) in the middle of a paragraph of justified text in a proportional font then an attacker may be able to undo this. The reason is that the spacing between the other words in the same line may give away how many pixels exactly the hidden word takes. And for some fonts this length may be different for virtually all plausible candidate words.

    To "Hagen von Eitzen" - you indicate that there are other "ways", in the plural form, so I was wondering what other ways you may know of in addition to the one you already provided? Thanks!

    I like the idea, that's really smart. Probably wouldn't have thought if it. But I don't think it's very likely to succeed without a lot of research effort. You'd need to know how exactly "left-over" space in a line of justified text gets distributed to account for the gap between the start of the blacked-out word and the surrounding text, and you'd need to know just how many blank pixels are blacked out to the left and right of the actual blacked-out word. If you can't determine this, it leaves you with a few pixels unaccounted for, which will make identification of the word even harder.

    You'd also need to know the exact size in pixels of each character in the used font. Then you'd need to solve a knapsack problem, the letter widths being your elements to pack into the knapsack. This all strikes me as a huge amount of work just to get a very uncertain answer. But it's at least a possibility, and it might be used to *rule out* certain words or phrases.

    @Pascal I didn't just make up that attack (though I cannot remember my sources right now) and regarding different solutions to the knapsack problem: If one is `*Pascal* and another is *iiWuuA*, I dare say I'm confident that the hidden name is the former, not the latter

  • Assuming the virtual paint you used to black out the words in question is 100% opaque, and you painted over every single pixel you want to hide, and you sent a screenshot of the result, there is no way to restore the original pixels.

    Any method to recover text under the blacked-out parts would need to rely on surrounding context, as Hagen and Overmind point out.

  • It's not safe to use Markup's pencil or marker tools for redaction because they are not opaque. (Even if you use the opacity slider at its max setting.)

    If you search "ios markup redaction" you'll probably see PSA: iOS Markup is not designed to be a redaction tool for sensitive information. That article recommends against using the pen tool, even though they say it is opaque, because it's hard to completely write over text with such small lines. However I wouldn't be shocked if the pen tool was semi-transparent in other iOS versions.

    I suggest importing the image in GIMP, manipulating it, then export in JPEG or PNG format. The fool proof method would be to use the rectangle selection box, press delete, and fill (without deselecting) the same space black.

    Flood filling the space in with black doesn't redact anything more than what the deletion deletion did. Changing the color to black is just for the recipient's benefit. (Make the redactions more obvious.) I would not rely on the flood fill alone on the off chance that I accidentally use the wrong tool settings.

    Importing the image into GIMP probably does the same thing as what you want taking a screenshot of the marked-up image to do. (Strip the original metadata and history from the photo.)

    If you're paranoid you might worry about proprietary image editors embedding watermarks or steganographic information. (Or even if they're not paranoid you may worry about them unintentionally leaking some information in an exported image.) If you feel safe using MS Paint or Photoshop then you may use them instead. Or even Markup. The article I linked to says

    It is possible to add a rectangle shape with a solid color. Tap the +, select Square, position, and then tap the options button and change the style from outline to a filled in shape. This works fine, and not susceptible to the marker transparency issues, although it is quite buried in the interface.

    I would not trust a different smart phone app. The risks outweigh any convencience. even if it's not a huge problem if redacted data is leaked.

    Remember to make the rectangle a few pixels larger than the text itself, especially if it's a JPEG.

  • You can determine this given a certain font is used and of course assuming that the black area did not use a different font/size. There are heavy limitations though. Some fonts use just a few constant character-occupied area while some adapt the occupied area for each character.

    You can also determine a black word or group of words by analyzing the rest of the text. Won't work for specific dates or names, since you cannot extrapolate such things from the general text content (so it does not apply in your case).

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM