The author of this blog must have uploaded an image without the big red block to mask the private key, realized their error, and replaced it with an image of it blocked. However they didn't remove the unblocked image first. Ghost (the blog engine here) just appends a number to the image when you replace it without changing the filename, so it's easy to find. See the two URLs below:
The only reason I blurred and obfuscated where I could was just for "best practice" not for real security. I knew if I didn't people would comment that I should've ;)
> I knew if I didn't people would comment that I should've ;)
That and following good practise even when not actually necessary due to other mitigations, you obviously hint to less experienced readers what good practise is.
With people discussing reverse-engineering the pixelated images to access the keys, the merits of masks, security, etc it seemed like a lesson worth sharing for everyone's benefit here that an email wouldn't have accomplished.
Even just the half of the key in that secreenshot is likely to be sufficient to recover the whole thing as well - RSA private key formats have a ton of redundant data.
All keys used were burner keys anyway.
The only reason I blurred and obfuscated where I could was just for "best practice" not for real security. I knew if I didn't people would comment that I should've ;)