I remember a protocol which required the text to be replaced with random-length output of a Markov chain text generator, and only then pixelizing.

Oh, you've spent hours on unpixelizing my secrets? Well congratulations, is the last telescope that, nor drink from shrinking nothing out and this and shutting.

Oooh oooh I know, I know! Replace the text with strings of all-caps five-letter groups that look just like oldschool CW encrypted messages, and that'll keep the MXGJD SWLTW UODIB guessing until AMEJX OYKWJ SKYOW LKLLW MYNNE XTWLK!

Or the common case of redacting a name, address, or other sensitive text in a screenshot of a web page, word doc or PDF. In those, getting the font is very straightforward.

You also don't need to match the whole redacted text at once - depending on the size of the pixels, you can probably do just a few characters at a time.

I see what you mean, but FWIW “fixed” doesn’t sufficiently constrain or describe it. For example, filling a rectangle with black or random pixels is a fixed algorithmic sequence, same might go for in-painting from the background. The redaction output simply should not be a function of the sensitive region’s pixels. The information should be replaced, not modified.