Common PDF Privacy Mistakes (And How to Avoid Them)

Every PDF contains metadata—information about the document itself rather than its content. This metadata often includes the author's name, the software used to create it, the creation and modification dates, and sometimes the organisation name or computer username.

When you create a PDF from Microsoft Word, the author field typically pulls from your Office profile. When you scan a document, the scanner software may embed its name and settings. When you export from design software, the application name and version appear in the metadata.

This information persists unless explicitly removed. Sharing a document with metadata intact can reveal who created it, when, and with what tools—information that may not be appropriate for the context. A supposedly anonymous submission may contain the author's full name. A document dated for one purpose may reveal it was actually created much earlier.

How to avoid it: Before sharing sensitive PDFs, examine and remove metadata using a dedicated tool. Many PDF applications include a "Document Properties" view where you can see and edit this information. For thorough sanitisation, use tools specifically designed to strip all metadata rather than editing individual fields.

Redaction—permanently removing sensitive content from a document—is one of the most commonly botched PDF operations. The mistake is fundamental: covering text with a black rectangle is not redaction.

When you draw a black box over text in a PDF editor, you are adding a visual layer on top of the existing content. The original text remains in the file and can be recovered by selecting and copying it, removing the covering layer, or examining the raw PDF data.

This mistake has caused serious information leaks. Classified documents released with visible black bars have revealed underlying text when copied. Legal filings have exposed confidential information that was supposedly redacted. Medical records have leaked patient data hidden behind graphical overlays.

How to avoid it: Use dedicated redaction tools that actually delete the underlying content rather than covering it. Proper redaction removes the text data from the file entirely. After redacting, verify the redaction by attempting to select and copy text from the redacted area—if you can select anything, the redaction failed.

PDFs can contain text and elements that are invisible in normal viewing but still present in the file. This includes text with the same colour as the background, content on hidden layers, and text positioned outside the visible page area.

When you convert a Word document with tracked changes to PDF, the change history may be embedded invisibly. When you flatten a design with multiple layers, some layers may be hidden rather than merged. When you copy and paste content, formatting artifacts may include invisible text.

Search functions can find this hidden text. Accessibility tools may read it aloud. Text extraction tools will capture it. The content may appear when the PDF is converted to another format.

How to avoid it: Before sharing, use the "Select All" function to see if any unexpected text is highlighted. Check for hidden layers in the layer panel if your PDF viewer supports it. For maximum certainty, use a PDF sanitisation tool that removes all non-visible content and flattens the document to a single layer.

The convenience of online PDF tools comes with a trade-off: your files are transmitted to and processed on servers you do not control. For non-sensitive documents, this may be acceptable. For confidential, personal, or legally privileged content, it introduces unnecessary risk.

When you upload a PDF to an online service, you are trusting that service with your data. You are trusting their security practices, their data retention policies, their staff access controls, and their third-party service providers. Even services with good intentions may be subject to security breaches, legal demands, or policy changes.

Common scenarios where this becomes problematic include: converting medical records to a different format, merging financial documents for tax purposes, editing legal contracts, or processing any document containing personal identification numbers, passwords, or confidential business information.

How to avoid it: For sensitive documents, use tools that process files locally on your own device. Modern browsers can handle many PDF operations—merging, splitting, reordering pages—without any server involvement. You can verify this yourself using your browser's developer tools to confirm no uploads occur.

Password-protecting a PDF provides a sense of security that may not match reality. The protection level depends entirely on what type of password was set and what encryption was used.

A "permissions password" (preventing printing, copying, or editing) provides essentially no security. This type of protection is enforced by PDF reader software and can be removed by any tool that chooses to ignore it. The document content itself is not encrypted.

A "document open password" with strong encryption (AES-256) provides meaningful protection, but only if the password itself is strong. A short or guessable password can be cracked through automated attacks. Older encryption standards (40-bit or 128-bit RC4) are weak enough to be broken with modest computing resources.

How to avoid it: If you need real protection, use a document open password (not just permissions) with AES-256 encryption and a strong, unique password. Understand that permission restrictions alone do not secure content—they are requests to software, not technical barriers.

PDFs embed fonts to ensure consistent display across systems. These embedded fonts can sometimes reveal information about their source. Custom corporate fonts may identify your organisation. Licensed fonts may include metadata about the purchaser. System fonts may reveal your operating system and language settings.

While this is a less common concern than metadata or improper redaction, it can matter in situations where anonymity is important. A document created to appear as if it came from one source may reveal its true origin through font information.

How to avoid it: For truly anonymous documents, use common system fonts that do not reveal organisational affiliation. Consider converting text to outlines (vector shapes) if the document does not need to be editable, though this increases file size and removes searchability.

The most straightforward mistake is also the most common: not reviewing what you are actually sharing before you share it. PDFs can look correct in one viewer while displaying unexpected content in another. A quick scroll through a document may miss content that appears on subsequent pages or in areas outside the initial view.

• Open the final PDF in a different viewer than the one used to create it
• Use the search function to look for sensitive terms you want to ensure are not present
• Check the document properties for metadata you did not intend to include
• Try selecting text in redacted areas to verify the redaction is real
• Review all pages, including any that may have been unintentionally included

How to avoid it: Build a brief review checklist for sensitive documents. A few minutes of verification can prevent significant disclosure incidents.

Before sharing a sensitive PDF, run through these checks:

• Examine and remove document metadata (author, dates, software information)
• Verify any redactions actually remove content rather than just covering it
• Check for hidden layers, invisible text, and content outside the page bounds
• Review embedded fonts for identifying information if anonymity matters
• Confirm the encryption type and password strength if using password protection
• Test the document in a different viewer to catch display variations
• Search for sensitive keywords to verify they are not present anywhere in the file

Not every document requires this level of scrutiny. For internal notes or public documents, a simple review may suffice. For confidential, legal, medical, or financially sensitive content, thorough verification is worthwhile.

PDF privacy mistakes are common because the risks are not immediately visible. Metadata hides in document properties. Improper redactions look correct until someone tries to copy the text. Hidden layers remain invisible during casual review.

Understanding where these risks exist allows you to address them systematically. Proper redaction tools, metadata stripping, local processing for sensitive documents, and verification before sharing form a practical defence against unintended disclosure.

For more on PDF structure and how content is stored, see How PDFs Work Internally. To understand why processing sensitive documents locally matters, see What "No Uploads" Actually Means.