Original research
We tested 6 ways people redact PDFs. 4 left the data recoverable.
We planted a fake SSN in a PDF, applied six common redaction methods programmatically, and attacked each result with the tools every computer already has: text extraction, search, annotation removal, and the file’s properties panel. Four of the six methods gave the SSN back. Only outright deletion and true redaction survived.
None of this requires forensic tooling. The most damaging recovery — against the black-rectangle methods most people use — is select-all, copy, paste.
Experiment run July 9, 2026 · reproducible · script & raw results in the clean.ink repository
The results
| Method | Typically produced by | Secret recovered via | Verdict |
|---|---|---|---|
| Opaque rectangle drawn over the text | Shape/draw tools in markup apps | Copy-paste / search | Recoverable |
| Square annotation placed over the text | Comment/markup annotation tools | Copy-paste / search · Annotation removal | Recoverable |
| Text recolored to match the background | “Whiteout” edits; stray OCR text layers | Copy-paste / search | Recoverable |
| Page cleaned, document metadata untouched | Redacting the page, forgetting the file | Metadata panel | Recoverable |
| Delete the text and re-lay-out the document | Word-style edit-and-re-export round trips | — | Safe |
| True redaction: content rebuilt without the secret | Dedicated redact tools, incl. clean.ink | — | Safe |
Opaque rectangle drawn over the text. The rectangle is painted into the page; the text object underneath is untouched. Select-all recovers the SSN instantly.
Square annotation placed over the text. Worst of both: the text extracts through the annotation, and the annotation itself is a separate object anyone can delete.
Text recolored to match the background. Invisible ≠ absent. The extraction layer doesn't care what color the glyphs are.
Page cleaned, document metadata untouched. The page itself was clean — the SSN survived in the document's Subject field, one properties-panel click away.
Delete the text and re-lay-out the document. Genuinely removes the content — at the cost of shifted layout and swapped fonts, which is what makes documents look tampered with.
True redaction: content rebuilt without the secret. The redacted text is never written into the output; the box marks where it was. Nothing under the box, nothing to recover.
Methodology
We generated a one-page employee-record PDF containing the string SSN: 987-65-4320 — a 900-series number, which the Social Security Administration never issues, so it identifies no one. Each redaction method was applied programmatically with pdf-lib, producing the same file structures the corresponding tools produce. Each artifact then faced four recovery attempts:
Text extraction
Mozilla's pdf.js reads the page text the way every viewer's select-all, copy, and Ctrl+F do.
Raw object scan
Every decoded object in the file is searched for the secret string — the “open it in a hex editor” attack.
Annotation strip
All annotations are deleted with pdf-lib and the text re-extracted — the “just remove the box” attack.
Metadata read
Title, Subject, Author, and Keywords are read the way any properties panel shows them.
One finding surprised even us: the raw object scan found the secret nowhere — not even in the recoverable files. PDF text is stored as font glyph references, not readable strings, so a hex-editor check comes back clean and makes a fake redaction feel safe. The extraction layer built into every PDF viewer decodes those glyphs anyway. That gap between “looks gone in the bytes” and “one Ctrl+C away” is exactly how these failures survive review.
We tested mechanisms, not brand-name apps: each method reproduces the file structure a family of tools emits (a drawn shape, an annotation, recolored text, and so on). The experiment script and its raw JSON output live in the clean.ink repository (scripts/research/redaction-teardown.mjs), and the whole run takes seconds with two open-source libraries — pdf-lib and Mozilla’s pdf.js.
What this means for your documents
Only two methods survived, and they differ in cost. Deleting the text and re-exporting works but reflows the layout and swaps fonts — the visual fingerprint of a tampered document. True redaction removes the content while preserving everything else, which is what dedicated redact tools (Adobe Acrobat Pro, macOS Preview 11+, and clean.ink) do when used correctly.
clean.ink applies the true-redaction mechanism in your browser — the document is never uploaded — and auto-detects the identifiers worth removing (SSNs, account numbers, salary amounts, addresses). Whatever tool you use, verify the output with the 30-second test: select-all + copy, search for the redacted text, and glance at the file’s properties.
No upload · true redaction · $6.59 once
Questions
- Which PDF redaction methods can be reversed?
- In our test, four of six common methods left the planted SSN recoverable: an opaque rectangle drawn over the text, a square annotation placed over the text, and text recolored to match the background all fell to simple copy-paste or search; cleaning the page but leaving document metadata untouched leaked through the file's properties panel. Only deleting the text outright and true redaction (rebuilding the content without the secret) survived every recovery attempt.
- How was the test run?
- We built a PDF containing a known fake SSN (987-65-4320 — a 900-series number that is never issued), applied each method programmatically with pdf-lib, then attacked every artifact four ways: text extraction with Mozilla's pdf.js (what copy-paste and search see), a raw scan of decoded PDF objects, deleting all annotations and re-extracting, and reading the document's metadata. The script and raw results ship in the clean.ink repository, so the experiment is reproducible.
- Why does a black box look safe but fail?
- Two reasons reinforce each other. Visually, the box hides the text, so the document looks redacted. And structurally, PDF text is stored as font glyph references — a naive byte-scan of the file won't show the secret either, which feels like confirmation. But every PDF viewer's text-extraction layer decodes those glyphs back to text, so select-all, copy, and search recover the words instantly.
- What is the safe way to redact a PDF?
- Use a method that removes the content from the file rather than covering it: a dedicated Redact tool (Adobe Acrobat Pro, macOS Preview 11+, or clean.ink, which does it in your browser without uploading the file), then verify the output — select-all and copy, search for the redacted text, and check the file's metadata. If nothing surfaces the removed content, the redaction is real.