Comment by Arch-TK
2 months ago
It sets a bad precedent to call things like this hacks.
Firstly, calling this redaction implies that the data is missing, and calling what was done "unredacting" is akin to saying someone "decrypted" a cryptographic hash function.
Nobody unredacted anything here, they merely discovered that it hadn't been redacted, and simply looked like it was redacted.
Calling this a hack places responsibility on the people who discovered the information, rather than on the people were put in charge of handling the redaction and screwed it up.
The journalist writing the story has the same level of technical knowledge about how to "redact" properly in the digital realm as the individuals doing the redaction. To the journalist, with zero knowledge of the technical aspects, viewing the "redacted" document, it appears to be "redacted", so when someone "unredacts" it, the action of revealing the otherwise hidden material appears to be "magical" to them (in the vein of the Arthur C Clarke quote of: "Any sufficiently advanced technology is indistinguishable from magic").
To the journalist, it looks like "hackers at work" because the result looks like magic. Therefore their editor attaching "hacks" to the title for additional clickbait as well.
To us technical people, who understand the concept of layers in digital editing, it is no big deal at all (and is not surprising that some percentage of the PDF's have been processed this way).
I would consider it gross negligence on the journalists part to not know the technical details here.
It’s really not that hard; as someone else on this thread pointed out even my grandma knows this…
You can find out the technical details in one quick search.
How someone like this gets a paying job as a journalist is beyond me.
>How someone like this gets a paying job as a journalist is beyond me.
You seem highly confused on what a journalists job is in this era. Very few publishers are about correctness. It's about speed of getting the article out and getting as many eyeballs as possible to look at the ads in the article.
Or as the saying goes, A lie can travel halfway around the world before the truth can get its boots on.
9 replies →
Gell Mann Amnesia ftw
My wife was a reporter with a top tier news agency in DC and I was shocked how they divvied up topics.
At best, it was "you're good with computers, go report on this hearing on cybersecurity" but more commonly, it was "who has this morning open? You do? Great. Go cover this 9am on the Israel-Palestine negotiations and what the implications are. We'll do a segment in the 11am hour."
It's important to understand who becomes a journalist in this age.
It's people who are very good with words, and at talking to anyone and everyone about anything, both is a friendly and confrontation way.
They also have almost no understanding of math, science or technology. If they did, they'd get better paying jobs.
Journalism used to be a well paid prestigious career that attracted brilliant people. There is not enough money in what's left of that industry to do that anymore.
16 replies →
>some of the file redaction can be undone with Photoshop techniques, or by simply highlighting text to paste into a word processing file.
That's the first sentence of the article, and that's all there is to it.
Journalists report, they don't analyze.
The error is consumers believing journalist news is anything but uninformed, hot take heresy; spun in the most sensationalistic way.
They are hired to get eyeballs for advertisers. Not to be accurate, thorough truthful, or unbiased.
To us, it's a life skill. To a non-technical person, it's black magic.
Some folks had to be taught on how folder structures work because they grew up with the appliance we called a "phone" as opposed to a real computer that also happened to be known as a "phone".
7 replies →
Most journalists are ex. English majors (or some other non-technical degree). I would not expect any (even the supposed tech. journalists) to understand the technology they report upon to the level that us here on HN understand that same technology.
Their job is to write coherent articles that gather views, not truly understand what it is they are writing about. That's why the Gell-Mann Amnesia [1] aspect so often crops up for any technical article (hint, it also crops up for every article, but we don't recognize the mistakes the journalist makes in the articles where we don't have the underlying knowledge to recognize the mistakes).
[1] https://www.epsilontheory.com/gell-mann-amnesia/
3 replies →
It's not a hard technical concept to grasp that placing a stick-it onto some thing doesn't make the thing behind it disappear.
No, it is not. But given the abysmal lack of technical knowledge of the "typical computer user" they don't see the redacted PDF's as "having black stick-it notes stuck on top of the text". They see the PDF as having had a "black marker pen" applied that has obliterated the text from view.
When someone then shows them how to copy/paste out the original text, because the PDF was simply black stick-it notes above the text, it appears to them as if that someone is a magical wizard of infinite intelligence.
This. Similar issue if you introduce someone to how you can "view source" and then edit (your view of) a website. They're like "omg haxors!"
True story: one time I used that technique to ask for a higher credit card limit than the options the website presented. Interestingly enough, they handled it gracefully by sending me a rejection for a higher amount and an acceptance for the maximum offered amount (the one I edited). And I didn't get arrested for hacking!
Using view-source to accomplish something could be considered hacking in the old school MIT sense* of curious exploration of some place or thing for clever purposes.
*: disclaimer, I didn't attend MIT, but did hang out with greybeards on 90s IRC
> "view source" and then edit (your view of) a website.
Yes, but you see it says "view source" not "edit page live". Don't really see why it wouldn't be "omg" for them.
I have helped someone get an executive job at a Fortune 500 company... by teaching them how to use the dev tools and edit the DOM to replace text and images.
They had been asked for an assignment as part of the interview process, where they were supposed to make suggestions regarding the company's offers. They showed up on the (MS teams) interview having revamped what looked like the live website (www. official website was visible in the browser bar).
The interviewers gave them the job pretty much on the spot, but did timidly ask at the end "do you mind putting it back though, for now?", which we still laugh about 5 years later
The journalist is not necessarily responsible for the title. Editors often change those and they don’t need to get the approval of the journalist. The editor knows what they are doing and that it will irk some tech folks.
I seriously doubt the journalist doesn’t understand exactly how this “hack” worked too. Right in the first paragraph, “simply highlighting text to paste into a word processing file.”
A lot of people in the thread here are calling them a non-technical English major who doesn’t understand the technology. Word processors also happen to be the tools of their trade, I am sure they understand features of Word better than most of the computer science majors in this thread…
1 reply →
As far as creating a click bait title, yep, the editor knows what they are doing, and most likely picked the word for the click bait factor.
But I'd also bet the editors technical knowledge of how this "revelation" of the hidden material really works is low enough that it also appears to be magic to them as well. So they likely think it is a 'hack' as well.
> The journalist writing the story has the same level of technical knowledge ...
You are supposing. The article doesn't read like that at all. Your post smells of exceptional tech elitism.
Typical quality of The Guardian unfortunately. Don't read their energy reporting if you're at all literate about any of those topics. Any time they do a story on fusion I just about have an embolism.
I also like to think this was maybe done as a form of malicious compliance. Someone inside the agency was tasked with redacting this, and found a way to sneak the information through but still getting it passed by their supervisors, so that the information got out.
It reminds me of the 2008 Underhanded C code contest. The subject was exactly this.
https://www.underhanded-c.org/_page_id_17.html
And the winner's solution is incredibly simple and clever.
To me this is the only explanation that makes sense. However wouldn’t they risk repercussions when this is inevitably found out? I assume they have records who redacted which documents
> I assume they have records who redacted which documents
(1) Considering it was a rush job (2) general ineptness of this administration and (3) the management wouldn't have defined the explicit job description ("completely black out, not use black highlighter"), the likeliness that there is any evidence that this was intentionally malicious is pretty low.
Some peopledo things acknowledging that there may be backlash for an action when they feel it's the right thing to do.
1 reply →
This happens too regularly across both minor and major issues for me to think this is entirely redactors intentionally messing up. It's just a lot of people being pulled on to the job and not all of them are competent. Maybe some of it is intentional but not all of it I'm certain.
Out of a thousand people? Where they probably have an email from a PHB that says something like "put a black box over all references to <this list of things?"?
Yes they may get fired, but it will be difficult to prove intent and very easy to claim incompetence.
So I don’t think there will be jail time if that’s what you’re referring to.
3 replies →
Furthermore, this happens so often, so frequently, in so many high profile cases that even my 80 year old mother knows this "secret hack to unredact a pdf".
If you are CIA / FBI / Court / Lawyer or professional full time redactor of documents you should know that the highlighter doesn't delete the text underneath it.
I think the more likely cause was precisely that it wasn't a technical professional/lawyer/writer doing the redacting, but someone in the administration or close to it that has no idea how to redact information correctly.
You’re absolutely correct but I think your comment also highlights something important: we don’t have a good word to represent what it is
Unfortunately “hack” became a catch all word long ago. Just look at “life hacks”.
They failed to redact data. That's it. People just read the files afterwards, only formatting was wierd.
If you unlock a lock, that's still a lock.
Also, in light of everything that is happening, is incredible that the top comment on this thread is about some minor semantic definitions.
3 replies →
They're likely viewing the electronic documents by analogy to photocopies with blacked out sections where there is nothing to distinguish the text from the redacting marks and nothing you can project out. They don't know the structure of the file format and how information in it is encoded or rendered, or even that there is a distinction between encoding and rendering.
(A better analogy might be the original physical document with redaction marks. If the text is printed using a laser printer or a type writer, and the marker used for redaction uses some other kind of ink - let's say one that doesn't dissolve the text's ink or toner in any way - then you can in principle distinguish between the two and thus recover visibility of the text.)
2 replies →
I think that doesn’t do the scenario justice. They tried to redact and did so in a way that looks visibly redacted (in screenshots many have seen) but can be uncovered.
If you say “they failed to redact data” to a layperson looking at a visibly redacted document they’re going to be confused.
How about "the documents were clarified" or "their contents were revealed"? Maybe "formatted for reading on your device"?
> You’re absolutely correct
They are not. They are factually incorrect. Look up the various definitions of redacted. They fit perfect for the title. Arguing otherwise suggests you are making up definitions and words, in which case, I am still correct.
Just like my friends and family call everything AI now.
Special effects in movies? AI
Some edited photo? AI
Illustration for advertising? AI
To be fair, I put partial blame on the advertisers. They've been claiming "AI" on their products on anything that has an algorithm basically for the past few years.
I'd call it a "workaround," which has less connotation of technical cleverness (or malice) than "hack."
Just look at hackernews
> It sets a bad precedent to call things like this hacks.
That ship sailed a long time ago. The “phone hacking scandal” in ~2010¹ was mostly calling answering services that didn't have pins or other authorisation checks set.
These days any old trick gets called a hack, heck tying your shoelaces might get called a miraculous footwear securing hack.
--------
[1] https://en.wikipedia.org/wiki/News_International_phone_hacki...
The funny part is that people with screen readers may have gone through the redaction without realizing it.
That is pretty funny. All it takes to be a hacker is to use assistive software.
I think we should all come to terms with it that "hack" doesn't mean anything anymore so we don't have to fight over words that were never clearly defined anyways. On most days this site here should be called "frontendnews".
Thank you, I came here just to verify that no "hack" was involved.
I find it funny to use a hack to argue about the misuse of words and definitions.
Regardless, redaction does not imply that data is missing. The words were censored or obscured. That's it. Simply looking at the documents proves that. Interacting with them showed how easy they were to uncensor, but the simplicity of the method doesn't change facts.
By all means, complain about definitions and words, but get it right.
I agree, but this would mean that almost anything can’t be called hacking, bc it usually relies on vulnerabilities and implementation defects. If something is poorly encrypted and you retrieve data, you didn’t hack because it wasn’t encrypted to begin with. That can’t be the standard.
There is a line, it is fuzzy, but if all you did was find something which was there for anyone to find, I would place that firmly on the not hacking side. If it was rot 13 I would put that marginally closer to hacking than this.
It also removes blame from the departments that redacted, it's not like they messed up big time, no, some resourceful brainiac hackers did things that were not allowed to undo the redaction process that was put in place to protect victims.
Here on the hacking news website we sure are persnickety about the difference.
Considering that only the title of the article says "hacks", I would say this is the editor decision.
It does seem to raise the risk that someone would be prosecuted for DMCA violation if we refer to it that way.
That is a very low bar. If methane's chemical representation was present in a DVD key, you could be done for DMCA violation every time you fart.
It's true, but aren't most hacks like this? If you understand the system flaw, the hack is obvious.
Ok, we've un-with-hacksed the title above.
Talk about missing the point. It’s almost like you’re trying to deflect the audience.
Calling everything a hack is the only way to make tech illiterate boomers and zoomers alike understand anything.