Pixelation is one of these hilarious instances of where a needlessly complicated approach is used to do something that can be done much quicker, easier, and, as it turns out, way more secure.
Wanna redact text?
Put a solid bar over it. There, done. No takesies-backsies from that one.
Lol, that's really a stretch/nitpick, like saying:
> Delete it.
And this is not so good advice if you're using software that supports history and your deletion action is in another action that you can simply revert.
...then really you should know how to flatten? Not understanding the tools you use for sensitive tasks like hiding/redacting data is a recipe for disaster.
Seems like "flatten" ought to be a trivially easy mechanism to implement in software somewhere, and maybe even as a standalone application for the less familiar. Basically just a nicely trimmed screenshot, no?
Sure, but you should still delete it. You can always add a bar at the old position afterwards. Then it's still a visible redaction, but you don't end up having a hidden copy of the unredacted text.
>Redacting PDFs – What did the Manafort Lawyers get wrong?
Date: May 18, 2020
>With Paul Manafort being released from Jail on May 13th, for those in the document space like Alfresco, it was worth revisiting the PDF redaction issue that surfaced during his trial. Back in 2019, lawyers representing Paul Manafort (a former lobbyist, political consultant, and lawyer, who chaired the Trump Presidential campaign team) filed a response to special counsel Robert Mueller’s claims that he violated his cooperation agreement by repeatedly lying to prosecutors. On pages five, six, seven and nine either the lawyers or the special council staffers attempted to redact sensitive passages.
>Although parts of the public version of this filing appeared to be redacted by black bars at first glance, it quickly became apparent that anyone with Adobe Acrobat, or other PDF viewing tool, or even browser-based viewing tools, could easily copy and paste the text that still existed under the redaction blocks to another document to simply reveal the passages that had been redacted. From the UK, a similar incident happened back in 2011 with the Ministry of Defence.
> Most pdf editors will put a square over the text
Redaction is usually a "Pro" feature in commercial PDF editors. People who use PDF's annotation feature to draw a big filled shape over the text/image to be redacted, don't know what they're doing and should be prepared for poor outcomes.
Adobe Acrobat and Foxit have "Pro" variants that redact properly, I'd love to know exactly how they do it. The open-source approach I'm familiar with, essentially converts the PDF to a flattened image and edits it to apply a colored shape over it. Example[1].
I saw a variant of that last year. Someone sent courthouse floor plan to a contractor who needed office layouts, with security information "removed". Turns out it was just an overlay and he could see all security cameras by dragging the layer aside in an editor.
Would "print to PDF" be a good enough scenario for most people putting a square over the text? I admittedly haven't looked hard enough into it but theoretically it should be flattening it.
No, because “Print to PDF” preserves text (i.e. text is selectable in the resulting .pdf document), so it’s gonna be selectable behind a black square as well.
Although I just checked, MacOS Preview has a feature “redact” that (is supposed to) actually redact text. Well done!
On MacOS 10.15 Preview, I drew an "annotated" black box over a paragraph that was recognized as text. I exported it in two ways, 1) "Export as PDF" and 2) Print -> Save as PDF. Both results did not include the underlying text under the box.
That's not to say it's definitely not there, but it's at least something.
> Put a solid bar over it. There, done. No takesies-backsies from that one.
Well, mostly. But say you know the name that's redacted belongs to a small group (eg: US president since 1970 to today) - you could probably rule out (and mabye rule-in, determine) the redacted name, based on font-size, kerning etc in the document.
I wonder how fare a machine learning model could go, for longer reports - say 1000 pages with ~100 pages redacted - and the style of writing could be approximately inferred from the visible content - how many sentences/paragraphs could the AI fill in with some probability?
> But say you know the name that's redacted belongs to a small group
True, but sometimes there is no way around this, because redacting part of the text visually, so that it is clear where and how much was redacted, may be a requirement.
If there is no such requirement, one can always just replace the part of text like so:
This is the original text that I am going to redact now.
This is [REDACTED] now.
> you could probably rule out (and mabye rule-in, determine) the redacted name, based on font-size, kerning etc in the document.
Depending on what you're redacting you can eliminate this variable.
For example when I want to redact a piece of sensitive text in a video often times I'll make the solid black bar longer than the text being hidden. This way you can't infer the length of it based on the length of the bar. Of course this only works when you can extend the bar in such a way where it won't hide non-sensitive info that's important to see. In practice it works well, for example for redacting browser history just make the bar the entire width of the browser URL bar and for API keys or secrets often times the key exists as an env variable on its own line so extending the black bar is no problem.
I always get a little paranoid with a solid bar even. For example, if I'm trying to block my SSN on a PDF out, I don't trust that the block won't stay a mutable block when saving it. I tend to "print" a new PDF in hopes that it flattens the document.
Wanna redact text?
Put a solid bar over it. There, done. No takesies-backsies from that one.