Redaction failures are an old problem with new mechanics. In 2008 the DOJ released a court filing about an AT&T surveillance program with sensitive paragraphs covered by black highlighter — then unhighlighted by anyone who selected the text in the PDF. In 2010 the TSA published an operations manual with sections "redacted" by drawing black rectangles over the text in a content layer that stayed selectable underneath.
Those were tooling errors: someone trusted the visual appearance of a layer instead of physically removing the data. The pixelation-and-blur class of failures is different. The text is genuinely gone from the pixel data. The problem is that what remains is enough.
Why Mosaic Pixelation Leaks
A mosaic filter — the most common "blur" applied to screenshots — works by dividing a region into small squares and replacing each square with the average color of the pixels inside it. The result looks pleasingly anonymized: a smear of color blocks where the text used to be.
But that operation is deterministic. If you know the font, the font size, the colors of the original image (background and foreground), and the size of the mosaic blocks, you can render every possible candidate string through the same pipeline and compare the resulting block pattern to the redacted region. The candidate whose mosaic matches is, with high probability, the original.
That is, in essence, the algorithm behind Depix, a tool released publicly in 2020 by security researcher Sipke Mellema. Depix demonstrated against monospace fonts — the kind used in terminals, code editors, and password-display fields — that pixelated screenshots could be reversed in seconds. The result is not always perfect, but it is usually good enough that the redacted text is recognizable.
The mosaic block averaging is a many-to-one mapping in theory, but in practice the input space is small enough — known font, known sizes, alphanumeric characters — that the function is nearly injective for typical lengths. Reversal is just enumeration.
Gaussian Blur and Swirl Aren't Better
Switching from mosaic to Gaussian blur doesn't help in any meaningful way. Gaussian blur is a low-pass filter that spreads pixel values across their neighbors with a known kernel. If you know the kernel, the operation is invertible up to noise. Deconvolution algorithms have been used to deblur surveillance photographs and license plates for decades.
The "swirl" filter — applied as a stylized obfuscation in some highly publicized cases, including by an offender who used it to obscure his own face in photos — turned out to be even worse than blur, because it's a reversible geometric transformation. The Interpol case in 2007 of Christopher Paul Neil ("Vico") demonstrated this publicly when investigators unwound a swirl filter to identify the suspect.
What Actually Works
Reliable redaction has one property: after redaction, no information about the original content remains in the bytes of the published file. Anything less is a guess about how much information is "enough" to leak.
| Method | Reliable? |
|---|---|
| Mosaic / pixelation | No — reversible via Depix and similar tools |
| Gaussian blur | No — deconvolution recovers the underlying signal |
| Swirl / geometric distortion | No — geometric transforms are invertible |
| Black rectangle drawn over text in a PDF | Only if the underlying text layer is also removed (not just covered) |
| Replace pixels with a solid color (PNG export) | Yes — the pixels are gone from the output file |
| Crop the sensitive region out of the image | Yes — the cropped region is no longer in the file |
| Retype the redacted text and screenshot the retyped version | Yes — the original characters never existed in the published image |
For PDFs, the right tool is a proper redaction function — Adobe Acrobat, qpdf with `--redact`, or pdftk used carefully — that physically removes the underlying text objects from the PDF stream, not just paints rectangles over them. For images, the right tool is to fill the region with a solid color and re-encode, or simply to crop the image so the sensitive region is not present in the file.
Metadata Is Another Channel
Even when the visible content is properly redacted, metadata can leak independently. A "redacted" screenshot exported from a phone or screen-capture tool often still carries EXIF data including device model, timestamps, color profiles, and sometimes GPS coordinates. PDFs carry author names, software versions, and edit histories. See our companion piece on document metadata leaks for the full picture.
A Quick Verification Workflow
Before publishing any redacted screenshot, run two checks:
- Open the file in a different program than the one you redacted in. Open the PDF in a browser, the image in a hex viewer or a different image editor. Anything that doesn't share assumptions with the editing tool. If the redacted text is visible in any of them, the redaction is cosmetic.
- Strip metadata before publishing. `exiftool -all= image.png` for images. `exiftool -all= -overwrite_original document.pdf` for PDFs, followed by a re-flatten through Ghostscript to make sure no edit history survives.
The Underlying Lesson
The reason pixelation and blur fail so consistently is the same reason most low-effort privacy heuristics fail: they protect against the casual observer, not against the motivated adversary. A casual observer sees mosaic blocks and gives up. An adversary with a few hours of attention recognizes a deterministic transformation of a small input space and reverses it.
The question is never "does this look private to a human?" but "does this preserve any information about the secret?" If the answer is anything other than no, treat it as published.
It is the same principle that drives genuine end-to-end encryption: don't rely on the appearance of opacity. Rely on the cryptographic guarantee that the original is irrecoverable from what you've published. For screenshots, the equivalent is a solid black box or a crop. For documents, it's a redaction tool that physically removes the text. For everything else: assume that what you've left on the page will, eventually, be examined.