I don't doubt that Signal has put a significant amount of effort into making sure its blurs can't be reversed. But when I look at the results in the photo, I don't understand why they would put in that effort. Why derive a blur from the base photo at all?
Things that seem way easier to me:
A) blacking out the face entirely with a solid color,
B) if that looks ugly, replacing it with some kind of clip-art,
C) if that still looks ugly, replacing it with a gradient
D) if that still looks ugly, replacing it with a pre-blurred face from a generic set of buckets.
I sort of get the aesthetic argument, but I also really don't, because the way Signal is blurring faces is ugly, at least in the photo they show. It's not a seamless thing that blends into the background and looks way better than a solid color. It's giant squares, and the amount of blurring means that the contents are basically indistinguishable from a radial gradient to my eyes anyway. Am I missing something? Would a gradient really look any worse than this?
Is there some kind of use-case where blurs give aesthetically much better results than what we're seeing in the photo? Are the concerns I'm seeing below about de-masking just fear-mongering? Are blurs in general just pretty safe, fast, and easy to do? Moxie isn't stupid, I assume in situations like this he knows what he's doing.
In https://arxiv.org/abs/1905.05243, we presented a measure of the effectiveness of eight face obscuration techniques. We did so by attacking the redacted faces in three scenarios: obscured face identification, verification, and reconstruction. Based on our evaluation, we show that the k-same based methods are the most effective.
Also consider the social effect. To the ordinary eye, it's not obvious that this blur is resistant to reversal, unlike standard blur effects. However, someone seeing the use of this blur effect, without understanding what it is, may come to the false conclusion that a non-Signal blur is safe too.
That's a good point. I've already seen at least one other person on this post comment to a Github repo that blurs faces. It might be secure, it might not be. I wouldn't trust it by default.
With a static overlay, the method is simple enough that I can evaluate the security. With a blur, I don't know the difference between a good one and a bad one, so I can only trust the reputation of the author.
I like to be able to look at the output of an anonymizer and to be able to tell myself at a glance whether it worked.
Things that seem way easier to me:
A) blacking out the face entirely with a solid color,
B) if that looks ugly, replacing it with some kind of clip-art,
C) if that still looks ugly, replacing it with a gradient
D) if that still looks ugly, replacing it with a pre-blurred face from a generic set of buckets.
I sort of get the aesthetic argument, but I also really don't, because the way Signal is blurring faces is ugly, at least in the photo they show. It's not a seamless thing that blends into the background and looks way better than a solid color. It's giant squares, and the amount of blurring means that the contents are basically indistinguishable from a radial gradient to my eyes anyway. Am I missing something? Would a gradient really look any worse than this?
Is there some kind of use-case where blurs give aesthetically much better results than what we're seeing in the photo? Are the concerns I'm seeing below about de-masking just fear-mongering? Are blurs in general just pretty safe, fast, and easy to do? Moxie isn't stupid, I assume in situations like this he knows what he's doing.