December 28, 2025

Blurred and busted

Article URL →HN comments →

Never Use Pixelation to Hide Sensitive Text (2014)

Pixelation won’t hide your card number — the crowd says just delete it

TLDR: Pixelating text isn’t safe; attackers can guess numbers by matching the blurred pattern. Commenters roast mosaic filters and push a simple fix: don’t blur, just remove or black out sensitive info. It matters because posting “hidden” card or check details can still leak your data to anyone determined.

An old-but-gold warning just resurfaced: pixelating sensitive text (like card numbers or checks) doesn’t hide it—it can be guessed by matching the blocky brightness pattern. The comments explode with PSA energy. Havoc sums it up: “remove the info don’t transform the info.” vunderba warns that any fixed filter is basically a “dictionary attack” waiting to happen—if the blurring recipe is predictable, the guesswork gets easy.

Of course, there’s humor. KronisLV trolls the thread with “replace the contents with random garbage” and even drops an example, then adds “Not serious advice.” MadameMinty adds nuance: cracking text from a blur only really works when you know the format—credit cards fit a pattern, random fonts don’t. tom1337 plugs a related HN thread, and the dogpile begins: stop posting your checks for clout, stop mosaic-filtering numbers, and start using black boxes, cropping, or just don’t upload.

The vibe? Faces blur fine; numbers don’t. The crowd agrees: pixelation is “security theater.” If you must share, remove the sensitive stuff completely. Because on the internet, that blur is just a puzzle—and someone will solve it

Key Points

  • The article shows pixelation (mosaic blur) is ineffective for redacting sensitive text or numbers.
  • Attack method: generate blank reference images and iterate candidate numbers to create many versions.
  • Apply identical mosaic blur (same tile size and offset) to each candidate image to mirror the original.
  • Compute brightness vectors for blurred candidates and compare to the original using normalized distances.
  • Validation (e.g., credit card number checks) further narrows viable candidates, aiding identification.

Hottest takes

“remove the info don’t transform the info” — Havoc
“replace the contents with random garbage… Not serious advice” — KronisLV
“credit card numbers are one of the very few examples where cracking makes sense” — MadameMinty

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.