About

Exposing sensitive information in shared images creates legal liability under GDPR Article 4, HIPAA, and CCPA. License plates, faces, addresses, medical records, and financial data require redaction before distribution. This tool applies real box-blur convolution or pixelation mosaic directly in the browser. No image data leaves your device. The blur radius r controls the convolution kernel size of 2r + 1 pixels. Multiple iterations approximate a Gaussian distribution per the Central Limit Theorem. Pixelation replaces blocks of n × n pixels with their mean color, destroying spatial frequency data above 1n cycles per pixel.

Limitation: blur-based censorship can theoretically be reversed for small radii on text using deconvolution attacks. For maximum security on text content, prefer pixelation with block size ≥ 16 pixels, or use the solid fill mode. This tool processes images entirely client-side using Canvas API and Web Workers. Maximum recommended image dimension is 4096 × 4096 pixels.

Formulas

The box blur kernel averages all pixels within radius r of the target pixel. For a horizontal pass:

P_out(x, y) = 12r + 1 x + r∑i = x − r P_in(i, y)

Where P_out is the output pixel value, P_in is the source pixel, r is the blur radius, and the kernel width is 2r + 1. The same formula applies vertically. Repeated application (n iterations) converges toward Gaussian blur by the Central Limit Theorem. The effective Gaussian σ after n box blur passes of radius r:

σ_eff = √n ⋅ (2r + 1)² − 112

For pixelation (mosaic), each block of b × b pixels is replaced by the arithmetic mean of all pixel values within that block, effectively downsampling the spatial resolution by factor b.

Reference Data

Censoring Method	Security Level	Reversibility Risk	Best For	Min. Recommended Setting
Gaussian Blur	Medium	Moderate (deconvolution possible)	Faces, backgrounds	r ≥ 15, 3 iterations
Box Blur	Medium	Moderate	General content	r ≥ 12, 2 iterations
Pixelation (Mosaic)	High	Low (data destroyed)	Text, license plates, documents	Block size ≥ 16px
Solid Fill	Maximum	None (data erased)	Any sensitive content	N/A
Blur r = 5	Low	High	Aesthetic softening only	Not for censorship
Blur r = 10	Low-Medium	Moderate-High	Faces at distance	Add 2+ iterations
Blur r = 20	Medium	Low-Moderate	Close-up faces	1 iteration sufficient
Blur r = 40	High	Very Low	Large text blocks	1 iteration sufficient
Pixel block 8px	Medium	Moderate for text	Small faces	Double for text
Pixel block 16px	High	Low	License plates	Recommended minimum for text
Pixel block 32px	Very High	Very Low	Documents, large areas	Destroys most content
GDPR Compliance	Required	N/A	Any personal data (EU)	Blur r ≥ 20 or pixel ≥ 16
HIPAA Compliance	Required	N/A	Medical records (US)	Solid fill recommended
Social Media Sharing	Varies	JPEG recompression may reveal	Casual sharing	Export as PNG

Frequently Asked Questions

Yes, partially. Blur is a convolution operation, and deconvolution techniques (Wiener filter, Richardson-Lucy) can recover information from weakly blurred images. Text is particularly vulnerable because character shapes are predictable. Research has demonstrated successful recovery of blurred text at radii below 10 pixels. For text censorship, use pixelation with block size ≥ 16px or solid fill. Pixelation destroys spatial frequency data irreversibly, making recovery computationally infeasible.

GDPR does not specify exact technical parameters. However, the Article 29 Working Party guidelines require that re-identification be impossible with "reasonable effort." In practice, a blur radius r ≥ 20 with 2+ iterations, or pixelation at block size ≥ 16px, renders facial recognition algorithms ineffective. For legal certainty, consult your Data Protection Officer and test with automated recognition tools.

JPEG compression introduces artifacts that can slightly shift pixel values in censored regions but does not reverse censorship. However, JPEG's lossy compression at very high quality settings can sometimes create visible boundary artifacts around censored areas that reveal the region's shape. Export as PNG for lossless preservation of the censored result. This tool defaults to PNG export at full resolution.

Processing time scales linearly with the number of pixels in the selected region and the blur radius. A 4000 × 3000 pixel image contains 12 million pixels, each requiring summation over 2r + 1 neighbors per pass. The tool uses Web Workers to prevent UI freezing. Browser Canvas implementations typically support up to 4096 × 4096 or 16 megapixels, depending on device memory.

Yes. Draw as many rectangular regions as needed. Each region is stored independently and processed separately. You can adjust the censoring method and intensity per region, or apply uniform settings. Use the undo function to remove the last drawn region if placed incorrectly. All regions are applied simultaneously upon export.

No. The Canvas API strips all EXIF metadata when an image is drawn and re-exported. The output file contains only the pixel data of the censored image with no embedded metadata, GPS coordinates, camera information, or thumbnails. This is a side benefit of client-side Canvas processing.