If you’re taking screenshots for documentation, then you might be tempted to use a blur effect to hide personal information, such as profile pictures, names, and credit card numbers. After all, tools such as Snagit and Skitch provide a blur effect just for this purpose, right? Wrong.
Don’t use a blur effect to preserve privacy, unless you’re OK with those details eventually becoming public.
Blurring gives a false sense of security in a world where attackers can use widely available tools (and some tricks of the trade) to see past the blur. Although such image effects can prevent casual human observers from making sense of text or images, it won’t stop determined attackers equipped with machine learning tools.
Attackers can use off-the-shelf machine learning tools and datasets to successfully recognize text, numbers, and faces, even when heavily obscured by a blur or pixelation effect. Researchers have demonstrated that machine learning methods can be used to decipher blurred text and recognize faces. The research showed the capabilities of machine learning tools alone, however.
In the real world, attackers can use machine learning together with contextual clues or social engineering to achieve success rates greater than tools alone. For example, an attacker could find possible credit card numbers in a blurred image, then use known patterns in credit card numbers to eliminate invalid candidates. An attacker trying to identify you with a pixelated profile picture might make a successful match by combining a machine learning algorithm with connections to your employer on LinkedIn.
If an attacker is sufficiently motivated, blurring will not protect your privacy for long.
If you want to keep personal information from being leaked by screenshots, use methods other than blurring to remove it from the image. Try one of these methods instead:
Cover personal information with opaque bars or patterns.
Falsify personal information with fictitious names, stock photography, and test numbers (see my list of fictitious credit card numbers, IP addresses, domains, and more).
Crop personal information out of the screenshot entirely.
That said, you can use blurring or pixelation to cover non-personally-identifying information. But in those cases, you have many better options. Read 4 ways to keep distractions out of your screenshots to learn more strategies for hiding distracting, irrelevant, or secret parts of screenshots.