Don't tell people what not to do. Figure out why they're doing it, and provide what they actually want while still achieving the goals (here: security).
Very coarse mosaic, add noise, then blur seems reasonably safe, and doesn't have to look like crap.
"seems reasonably safe" seems like a terrible cryptographic analysis. in fact, given that we already know that both blurring and mosaicing are individually reversible, and noise is easily removable from a sufficiently wide mosaic, this seems like a particularly terrible algorithm. that's not the point though: any man can create an encryption algorithm that he himself cannot break. maybe you can come up with an obfuscation algorithm that cannot be trivially broken, but that doesn't mean it's even remotely a good idea.
I was writing a HN comment, not a scientific paper, which is why I wrote "seems safe" instead of making stronger claims.
I'd also like to know how mosaicing is reversible, since it demonstrably reduces the total available amount of information from e.g. 20x20 = 400 RGB values to a single RGB value. This is not sufficient for text where you can start brute-forcing individual options because the search space is small and inputs can be reconstructed precisely, but I'd like to see an explanation why you think this is reversible for photos (even without noise added). I'd also like to know how you want to remove random noise applied to each mosaic block.
The mosaicing is supposed to be the security step here. The blur is optional eye candy not expected to remove further information.
In particular, if you claim that a face mosaiced with a large "pixel" size (e.g. so that the typical face is 5x5 "mosaic blocks" big), you're effectively claiming that you can perform facial recognition based on noisy 5x5 pixel images.
it doesn't matter though. as I've explained, it's far easier to come up with flawed schemes than prove them insecure. just because I can't explain why your specific scheme is insecure doesn't mean it stands a chance against real cryptographers.
The 20x26 example is indeed scary, but in line with what was known about facial recognition. (It also becomes a bit less scary when you don't look at a zoomed-in version of the image.)
Hence my suggestion to reduce a face to something like 5x5 blocks.
While I'm familiar with the crypto design problem, this is not a crypto algorithm. Sure, it can't be ruled out that someone in the future will find a way to do it, but the state of the art says that 5x5 pixels are not anywhere near enough to run face recognition.
And a solution that may be broken in the future is often much better than a solution that people don't use because it doesn't meet their needs, which in this case is not having fugly black boxes in their picture.
Don't tell people what not to do. Figure out why they're doing it, and provide what they actually want while still achieving the goals (here: security).
Very coarse mosaic, add noise, then blur seems reasonably safe, and doesn't have to look like crap.