Original research

We tested 6 ways people redact PDFs. 4 left the data recoverable.

We planted a fake SSN in a PDF, applied six common redaction methods programmatically, and attacked each result with the tools every computer already has: text extraction, search, annotation removal, and the file’s properties panel. Four of the six methods gave the SSN back. Only outright deletion and true redaction survived.

None of this requires forensic tooling. The most damaging recovery — against the black-rectangle methods most people use — is select-all, copy, paste.

Experiment run July 9, 2026 · reproducible · script & raw results in the clean.ink repository

The results

MethodTypically produced bySecret recovered viaVerdict
Opaque rectangle drawn over the textShape/draw tools in markup appsCopy-paste / searchRecoverable
Square annotation placed over the textComment/markup annotation toolsCopy-paste / search · Annotation removalRecoverable
Text recolored to match the background“Whiteout” edits; stray OCR text layersCopy-paste / searchRecoverable
Page cleaned, document metadata untouchedRedacting the page, forgetting the fileMetadata panelRecoverable
Delete the text and re-lay-out the documentWord-style edit-and-re-export round tripsSafe
True redaction: content rebuilt without the secretDedicated redact tools, incl. clean.inkSafe

Opaque rectangle drawn over the text. The rectangle is painted into the page; the text object underneath is untouched. Select-all recovers the SSN instantly.

Square annotation placed over the text. Worst of both: the text extracts through the annotation, and the annotation itself is a separate object anyone can delete.

Text recolored to match the background. Invisible ≠ absent. The extraction layer doesn't care what color the glyphs are.

Page cleaned, document metadata untouched. The page itself was clean — the SSN survived in the document's Subject field, one properties-panel click away.

Delete the text and re-lay-out the document. Genuinely removes the content — at the cost of shifted layout and swapped fonts, which is what makes documents look tampered with.

True redaction: content rebuilt without the secret. The redacted text is never written into the output; the box marks where it was. Nothing under the box, nothing to recover.

Methodology

We generated a one-page employee-record PDF containing the string SSN: 987-65-4320 — a 900-series number, which the Social Security Administration never issues, so it identifies no one. Each redaction method was applied programmatically with pdf-lib, producing the same file structures the corresponding tools produce. Each artifact then faced four recovery attempts:

  • Text extraction

    Mozilla's pdf.js reads the page text the way every viewer's select-all, copy, and Ctrl+F do.

  • Raw object scan

    Every decoded object in the file is searched for the secret string — the “open it in a hex editor” attack.

  • Annotation strip

    All annotations are deleted with pdf-lib and the text re-extracted — the “just remove the box” attack.

  • Metadata read

    Title, Subject, Author, and Keywords are read the way any properties panel shows them.

One finding surprised even us: the raw object scan found the secret nowhere — not even in the recoverable files. PDF text is stored as font glyph references, not readable strings, so a hex-editor check comes back clean and makes a fake redaction feel safe. The extraction layer built into every PDF viewer decodes those glyphs anyway. That gap between “looks gone in the bytes” and “one Ctrl+C away” is exactly how these failures survive review.

We tested mechanisms, not brand-name apps: each method reproduces the file structure a family of tools emits (a drawn shape, an annotation, recolored text, and so on). The experiment script and its raw JSON output live in the clean.ink repository (scripts/research/redaction-teardown.mjs), and the whole run takes seconds with two open-source libraries — pdf-lib and Mozilla’s pdf.js.

What this means for your documents

Only two methods survived, and they differ in cost. Deleting the text and re-exporting works but reflows the layout and swaps fonts — the visual fingerprint of a tampered document. True redaction removes the content while preserving everything else, which is what dedicated redact tools (Adobe Acrobat Pro, macOS Preview 11+, and clean.ink) do when used correctly.

clean.ink applies the true-redaction mechanism in your browser — the document is never uploaded — and auto-detects the identifiers worth removing (SSNs, account numbers, salary amounts, addresses). Whatever tool you use, verify the output with the 30-second test: select-all + copy, search for the redacted text, and glance at the file’s properties.

Redact a PDF free

No upload · true redaction · $6.59 once

Questions

Which PDF redaction methods can be reversed?
In our test, four of six common methods left the planted SSN recoverable: an opaque rectangle drawn over the text, a square annotation placed over the text, and text recolored to match the background all fell to simple copy-paste or search; cleaning the page but leaving document metadata untouched leaked through the file's properties panel. Only deleting the text outright and true redaction (rebuilding the content without the secret) survived every recovery attempt.
How was the test run?
We built a PDF containing a known fake SSN (987-65-4320 — a 900-series number that is never issued), applied each method programmatically with pdf-lib, then attacked every artifact four ways: text extraction with Mozilla's pdf.js (what copy-paste and search see), a raw scan of decoded PDF objects, deleting all annotations and re-extracting, and reading the document's metadata. The script and raw results ship in the clean.ink repository, so the experiment is reproducible.
Why does a black box look safe but fail?
Two reasons reinforce each other. Visually, the box hides the text, so the document looks redacted. And structurally, PDF text is stored as font glyph references — a naive byte-scan of the file won't show the secret either, which feels like confirmation. But every PDF viewer's text-extraction layer decodes those glyphs back to text, so select-all, copy, and search recover the words instantly.
What is the safe way to redact a PDF?
Use a method that removes the content from the file rather than covering it: a dedicated Redact tool (Adobe Acrobat Pro, macOS Preview 11+, or clean.ink, which does it in your browser without uploading the file), then verify the output — select-all and copy, search for the redacted text, and check the file's metadata. If nothing surfaces the removed content, the redaction is real.