[HN Gopher] Show HN: Secure sensitive info while recording video...
___________________________________________________________________
Show HN: Secure sensitive info while recording videos live or
screen sharing
Author : theindianappguy
Score : 55 points
Date : 2021-06-05 12:10 UTC (10 hours ago)
(HTM) web link (blurweb.app)
(TXT) w3m dump (blurweb.app)
| thih9 wrote:
| After entering my email I see the downloads page but it has links
| for Chrome and Firefox only. The landing page listed Safari and
| Edge in the "available for" section; are these browsers supported
| at the moment?
| robbrown451 wrote:
| I always use OBS "virtual camera" when screen sharing, and this
| can help a lot. You can zoom in on part of the screen, have
| multiple views of parts of your screen, cover parts of the screen
| (I usually have the image of myself from the camera in the
| corner, and that can easily be moved around to cover areas of the
| screen), etc.
|
| Overall OBS can just create a generally better presentation, and
| make you look competent, in addition to helping with this
| specific issue. And of course it is free.
| smoldesu wrote:
| This looks neat, it's a shame I wouldn't be caught dead paying
| $24/year for a browser extension. I recommend that you seriously
| rethink your business model, even if that means consolidating it
| into a one-time purchase. Remember, you're selling zero-margin-
| utility here: this isn't an SAAS (and if it is, I'd argue you've
| done something wrong). Even still, it's hard to make the case for
| using this tool over other, free options...
| imperialdrive wrote:
| Impressive - I have a feeling this will come in pretty darn handy
| with corporate documentation and training videos. Kudos!
| Black101 wrote:
| Flameshot is also a great screenshot tool and includes a blurring
| tool among other things.. It also has a filled rectangle drawing
| tool that is probably better at hiding stuff...
| nickjj wrote:
| As someone who has recorded 500+ tech video screencasts while
| occasionally dealing with sensitive information, here's what I've
| come up with:
|
| 1. Do whatever you can to minimize sensitive info exposure before
| you even start streaming or recording. For example I created a
| shell script which backs up and clears my shell history and does
| other things[0]. Make a note to use a browser where your history
| is cleared too.
|
| 2. Sometimes it's easier to say screw it and show the sensitive
| information with full intent that you're going to change your API
| keys, password or whatever sensitive data is shown. This ends up
| being much better because now you don't need to worry about
| blurring anything because you know you'll re-roll your keys. This
| is really good for pre-recorded videos vs live streams.
|
| 3. If you need to hide secrets, put all secrets into an .env file
| and have a .env.example file handy to show how to set them up
| without showing your real secrets. This is another way to
| eliminate ever having to blur anything and have a 0% chance of
| ever exposing a secret.
|
| 4. If you need to hide something, put a solid color over it
| instead of blurring it so it can't be reversed.
|
| 5. One of the pain points with hiding something in a video is the
| sensitive info might be on a page where you're scrolling up and
| down on the page which means you need to move your solid color
| rectangle or expand it based on which frame is showing. But
| overall this isn't too bad with most video editors since you can
| click and drag a rectangle onto a specific point in your
| timeline. If you adhere to the first 3 steps, you'll often only
| need minor hiding in all of your streams and videos.
|
| 6. Often times you're hiding unexpected things, like maybe you're
| logged into GitHub to make a video about an open source project
| but you view your GitHub feed which shows a list of private
| organizations you do freelance work for. This is the type of
| stuff to watch out for, which IMO also makes certain editor
| plugins that try to hide secrets not that useful since you can
| hide them in other ways, and it sets you up with a false sense of
| security because there's many other sensitive things outside of
| your editor to think about.
|
| I'm not trying to deter you from building your tool, but I
| suppose I'm having trouble seeing how I would use it in practice.
| I'd be curious to hear how other folks handle this.
|
| [0]: https://nickjanetakis.com/blog/bash-aliases-to-prepare-
| recor...
| StavrosK wrote:
| I had much the same problems, but I came up with a different
| solution:
|
| https://gitlab.com/stavros/itsalive
|
| It's a Live is a piece of software that lets you prerecord all
| your commands (by typing them all up in a simple text file) and
| then replays them when you press keys on the keyboard.
|
| If you run through a rehearsal once or twice, there's no risk
| of exposing anything (since it'll always replay the
| presentation the same way), and it has some niceties like
| showing you the previous/current/next commands, allows you to
| take over control and resume easily, etc. I quite like it.
| faeyanpiraat wrote:
| Its particularly easy to miss info leaks when you manipulate
| fields which have some kind of autofill or live search
| functionality.
|
| You start up something by typing into the start menu, but
| between pressing the first and second letters for some frames
| unintended documents could flash up.
|
| You need to try typing the alphabet one by one into these
| fields to see whether anything sensitive comes up.
|
| Edit: nice recommendations on your part!
| Fnoord wrote:
| Yeah, autocomplete can screw things up. It can do so in a
| browser when you show a friend (or co-employee or your child)
| something as well. It is something to keep in mind.
|
| If you use a VM or burner device the chance of such happening
| is negligible. You can also use a second account which has
| less rights than your main account. A feature which Google's
| Android conveniently has (guest mode).
| dceddia wrote:
| Autocomplete is super annoying for this. I ended up setting
| up a separate Chrome profile for screencasting, but you can
| also use Guest mode. Either way will give you a separate
| history, no autocomplete, and no extensions cluttering up the
| menu bar. Wrote up a little guide here:
| https://daveceddia.com/setup-chrome-for-screencasting/
| tedyoung wrote:
| I like the idea of being able to save the blurred areas, having
| standard sets of these for popular sites (e.g., GitHub API keys,
| Twilio, AWS, etc.) would be worth paying for.
|
| As others have mentioned, I'd like more secure ways to blur the
| area, e.g., completely blanking it out, or filling with random
| text and then blurring.
|
| Edit: Would also be useful to replace the text instead of
| blurring, that way viewers could see realistic information
| without revealing real keys, etc.
|
| Edit: Please allow the plus (+) symbol for emails.
| theindianappguy wrote:
| Its been months of work building and improving blurweb app i will
| love your all input on how we can make it better
| logifail wrote:
| > i will love your all input on how we can make it better
|
| You have some typos on your page, I found two within the first
| ten seconds of [skim-]reading. Find them and fix them! :)
| martinald wrote:
| Looks cool. I'd recommend getting a professional voice over
| artist do the video audio you have though. It makes a huge
| difference and isn't expensive at all on upwork etc.
| chrisseaton wrote:
| Voice over sounds great to me as it is! Very clear, engaging,
| good audio quality.
| Isinlor wrote:
| Blur can be reverted with deep neural networks. You should not
| rely on it for hiding sensitive info.
|
| http://yuzhikov.com/articles/BlurredImagesRestoration1.htm
| apodolny wrote:
| Yes - this is definitely an issue, especially with text data.
| One thing I'm curious about: Google Street View apparently
| adds noise and then blurs. Is this a viable option?
| sibrahim wrote:
| If I wanted to keep the blur aesthetic, I'd probably do a
| full removal, run an inpainting algorithm to replace the
| removed region with something less jarring in context and
| then blur the result. The inpainting algorithm can be
| fairly low quality and still get acceptable results since
| it won't be seen directly.
| lucb1e wrote:
| If you really really want blur, just apply enough of it.
| Otherwise, just pick a solid color that matches the
| environment.
|
| The text example in the article that GP linked[1] looks
| pretty reversible to me indeed. Not sure it needs a neural
| network, or at least it could be enhanced a lot with
| character frequency checking or matching words against a
| dictionary, but I haven't ever seen text unblurred where I
| didn't expect it might be possible.
|
| Personally I don't find blurring to be less annoying than a
| reasonable color. Pitch black stands out a lot, but
| something close to the background color (but clearly
| distinct) is unobtrusive while also being clear that
| something was censored and not just a broken image.
|
| [1] https://hsto.org/storage2/eff/36d/77a/eff36d77a583b46e4
| 61c12...
| throwamon wrote:
| When dealing with text, couldn't the software replace the
| area with some text block of Lorem ipsum-style gibberish
| before blurring it? It could even try to be a little
| clever and mimic the format of the original text. This
| way you get the desired effect with absolute secrecy,
| with the added bonus that you bait people who try to
| unblur it into wasting their time. :)
| lucb1e wrote:
| Certainly the text not being under the blur would be the
| best way to hide what was under the blur. The trick is of
| course in actually making it do that in an automated
| fashion.
| ta988 wrote:
| To avoid that, I always run zoom or obs or any other tool inside
| a Xephyr (main desktop is on walynand) and eventually a container
| if I have to navigate files. I've seen so many horror stories,
| aws keys, paswwords, porn...
___________________________________________________________________
(page generated 2021-06-05 23:01 UTC)