Obfuscate tool is not a secure way to hide sensitive information and should be removed


Machine learning and brute force techniques can be used to identify information in blurred images. Images blurred using the obfuscate tool in Greenshot are vulnerable to these types of techniques and should not be used for hiding sensitive information if the user truly wants it to be protected. The average person is most likely not aware that these vulnerabilities exist and will choose to use the obfuscate tool thinking that it is secure. I know I wasn't aware of this until I recently stumbled upon the literature I linked above.

I recommend that the obfuscate tool is removed all together or replaced with a tool that simply colors over the image using a black box (or any color the user wants) which is the safest way to hide sensitive information. If there is a strong sentiment to keep the obfuscate tool the way that it is currently, then at the very least I recommend that a warning message be included somewhere in the user interface to let the user know the obfuscate tool is not a secure way of hiding sensitive information.






Ryan Forrest



Affects versions