When there’s something in a photo that you’d like to keep personal—such as a credit card number or someone’s face—you might blur it or scribble over it. But that’s actually not a secure way to redact information—here’s why.

Why Blurring Isn’t Good Enough Anymore

People have been blurring sensitive information in screenshots and photos for a long time. It’s even used pretty heavily in the news and other forms of media. However, as technology advances, it’s become much easier to crack blurred and pixelated images. So what’s the problem?

Blurring or scribbling out something is indeed a great way to hide sensitive information from human eyes, but that’s not who you should be concerned about. Machine learning tools have made it relatively simple to get around simple redaction methods like blurring and pixelization.

blurred image

Researchers at the University of Texas and Cornell Universityput a simple deep-learning algorithm to the task of identifying blurred-out faces. While humans had a measly 0.19% accuracy, the algorithm had a crazy 71% accuracy—83% when given five guesses. That’s pretty alarming.

Tools like this have been around for a while—the study above was from 2016—and they’re not particularly difficult to use. Similar tools have been trained to identify faces blurred with YouTube’s built-in video tools. All you need is some open-source software and a bunch of blurred photos to train it.

Sony FTC docs with redacted text.

It’s not difficult to see how this same technology can be used on even more sensitive information, such as credit card numbers, license plates, social security numbers, and much more. Fooling humans is easy enough, but fooling machine algorithms is another story.

Avoid These Redacting Practices

Okay, so blurring or pixelating text and photos is clearing not great for sensitive information, but there’s more to it than that. Sometimes, scribbling things out poses security concerns as well. We can look to the Microsoft vs. FTC case as a perfect example.

Sony’s CEO of PlayStation supplied confidential documents with a bunch of numbers, dates, and figures crossed out with black Sharpie. However, when those documents were scanned, it was pretty easy tosee the text underneath the marker. Now everyone can see Sony’s business details.

Apple Card blurred out.

For the same reason, you should avoid simply using only a Sharpie, both in the physical and digital world. It’s relatively easy to see throughApple’s markup toolif you boost the gamma, andAndroid’s similar toolssuffer from the same thing.

Blurring and scribbling obscures information, but it doesn’t completely block it. And in the case of digital tools, you’re sometimes only creating a layer on top of the image, which could be removed if you’re not careful.

Apple Card blocked out.

Related:How to Mark Up and Share Your Apple Photos

The Best Method

The best way to truly cover sensitive information is to ensure there’s no trace left behind. This requires more effort on your part, but it’s worth it when obscuring sensitive information.

For example, look at this image of an Apple Card with the name blurred out. You can’t read it, but there is information there that could be used by a machine-learning tool to figure out what is concealed beneath the pixelation. Because remember, technically speaking, I haven’t removed anything—I’ve simply rearranged the data.

Compare that to this image, which has the name fully blocked out by a solid bar of color. There’s nothing there that could be used to piece together what’s underneath.

Finally, there is one additional crucial thing to consider. When you redact information from an image or document, you need to ensure the technique you’re using yields actual redaction and not just masking.

If whatever format you’re working in, be it an image file or a document file, supports layers and continued editing, then you can run into issues where you slap a solid colored bar over the sensitive information. Someone can turn right around and lift that bar off like somebody peeling masking tape off a canvas.

This is a historical and ongoing problem significant enough that tools like Adobe Acrobat andPreviewhave dedicated redaction tools that delete and overwrite the redacted data to avoid the problem. So whatever tool you use, double-check that you’re able to’t turn around and open the saved file right back up and peek under the redaction bar.

This is what you should aim for when hiding sensitive information. Think more about how you can erase more so than obscure. If you’re trying to cover something in the physical world, don’t be afraid to double down. Break out some good ol' Wite-Out and a Sharpie.

Sensitive information is, well, sensitive, so don’t take a shortcut when it comes to hiding it, and always double-check the method you used to redact it.