How secure is 'blacking out' sensitive information using MS Paint?

As mentioned in the answers to a very similar question, scribbling over part of an image will destroy the original pixels, assuming that your editor doesn't store any layers or undo history in the saved image. (Paint doesn't.) There are some things to watch out for, though:

  • The width of the blanked region places an upper bound on the length of the secret data
  • The height of the region could tell attackers whether the text representation of the data has ascenders or descenders (like in the letters b and p)
  • Any spaces in the blanked region provide information about the relative lengths of the data's parts/words (mentioned in David Schwartz's comment)

If you use a blur rather than a plain opaque rectangle/brush, a determined attacker could try lots of different possibilities in the image to see what text(s) get close to your image when blurred. Some effects can be undone almost perfectly, so make sure the one you use involves a lot of randomness or actual data destruction (e.g. a blocky pixellization). Of course, Paint doesn't have any special effects, so you should be fine.

One possible thing to be wary of is JPEG compression artifacts around the secret data, which could be used to get clues about the shape of the text. It never hurts to overwrite more information than necessary when you're concerned about secrecy. (This attack isn't a problem if the image never went through JPEG compression before your redaction.)


Ditto Ben N, but let me add a couple of points that are too long to fit as comments.

I'd emphasize the distinction between layered and un-layered data formats. Drawing a black box over a section of a GIF, JPG, or PNG image destroys the previous contents. Drawing a black box over a section of a Photoshop, Corel Draw, or Paint Shop Pro native image does not destroy the previous contents if it's on a different layer.

I'd be very cautious about blurring. You'd have to know how the software does the blur. If the blurring does not involve any randomness, if it's a deterministic algorithm, it may be possible to undo the blur with appropriate software. No way would I rely on it without thoroughly understanding the algorithm. Unless there was some very good reason to blur rather than black out, I just wouldn't do it.

Of course any attempt to redact with solid blocks must completely cover the original contents to be safe. You want to draw a black box, not scribble over it with a black pen that might leave gaps.

Some formats may keep an internal history log. Not quite the same thing, but I once had a case where my organization produced documents in PDF, another company edited those documents and then sent then back to us. We found that errors had been introduced in the documents and, to put it bluntly, blamed them. They claimed that the documents must have been like this to begin with because they didn't do it. Apparently they were unaware that PDF has an internal log of all changes, and I was able to identify exactly what text was changed and the exact time and date of every change.


When blacking out sensitive information in Paint the original pixels are destroyed. But using Inkscape to black out part of a vector image does not destroy the pixels, but instead covers them. If someone removes the black cover they can see the pixels. The same applies to things like Foxit Reader (I almost sent a document with sensitive information which had been covered with a black square).

So using MS Paint to black out sensitive information is safe. JPEG artifacts might show some of the text like @BenN says.

Just don't blur it if you don't blur enough and MS Paint doesn't support blur anyway.