Can PDF Redaction Be Undone? A Security Analysis
Updated August 2025 • 11 min read
When the Mueller Report was released by the Department of Justice in April 2019, the journalists and analysts at once started to focus on the large black bars covering the sensitive information. A few hours later, however, various news outlets found something even more egregious than redaction the text under those bars could be highlighted, copied, and paste into a text editor. The name of witnesses, details of the case, and work product of the attorney that should have been permanently deleted were just there in the file under a virtual curtain. The process was not advanced hacking. It was Control-C, Control-V.
The office of Special Counsel was not the only one that failed. In 2018, the UK Parliament released internal Facebook documents regarding the then ongoing lawsuit against Six4Three, but the black rectangles were deleted by The Guardian and other websites a few minutes later with simple PDF editing software. In 2019, the legal team of the man who took part in the scheme, Paul Manafort, committed the same mistake, filing redacted motions in which the text could be extracted. These incidences reveal a fatal misconception: PDFs are not photos. They are object-oriented containers, which contain separately visual appearance, searchable text streams, annotation layers as well as document history. By being covered up visually, it is not deleted in the container.
The Four Layers of Failure
All failures of redaction happen since users only deal with a single layer of the PDF architecture and disregard the rest. The knowledge of these layers helps to see why the difference between being redacted and looking redacted is technically deep.
Layer One: The Visual
This is what appears on the screen. The Comment tool of Adobe (or square shape of Preview, or other functions of free editors), used to draw the annotation of a black rectangle around text, makes a movable object lying on the text like a sticker. Any person having typical PDF programs can remove that box or just choose the content under it. And this was the failure of Facebook parliamentary documents can be summed up in a word; it was literally a graphics object, which could be clicked and dragged away.
Layer Two: The Text Stream
This is the Text Stream which is copied-pasted or read by screen readers. The special Redaction tool in Adobe acrobat Pro (the one bearing the icon of a red marker, not a black rectangle) really deletes the text in this stream when you press the button labeled Redactions and then follow through. Yet, more importantly, the text you mark with that tool is just marked, as something to be redacted, but is not removed until you apply. I have also read legal discovery forms where associates would check hundreds of pages, uploaded the file and mailed it out without any alteration being made to it and that they were practically sending out a instructions manual, which said to draw black boxes here instead of deleting the contents beneath. It is the Mueller Report situation: correct means, incorrect end.
Layer Three: Metadata
It is the metadata that works behind the scenes. The document properties may contain the name of the author such as Jane Doe -Client Confidences, track changes may retain deleted paragraphs or even remarks on the redactions may indicate that something has to be removed such as [Specific Company Name]. Although the text might be burned off the main content, they still exist unless they are stripped away. Applications such as ExifTool tend to disclose the date of creation, the version of software used, and the time of editing that can defeat the intention of secrecy.
Layer Four: The Forensic History
This is where it becomes very treacherous. Team- Based- According to the author, the use of PDFs facilitates incremental updates, whereby the file typically adds new objects as opposed to re-writing the whole document. The Layer Two objects that got deleted? They may remain in the file, just as unused in the cross-reference table. Special forensic software that interprets the raw object structure can possibly re-assemble former versions. Saving without saving as opposed to Save as or Optimized saves is the difference between real deletion and disconnecting.
The Rasterization Myth
PDF redaction advice search and you will certainly find some one suggesting to you to use print to PDF as a security blanket- to flatten everything into a visual format that eliminates the data structure behind it. This is partly true but generally cargo-cult security. Even modern PDF printers such as the Microsoft Print to PDF do generally rasterize or at least flatten the appearance making the document a new PDF of what would otherwise have been dispatched to a physical printer.
However, this is a lossy process that renders the entire document searchable, making it impossible to do so with the redacted parts, and some PDF printers will even attempt to render the text as text where they can determine that it is possible. Still more to the point, when you are printing a document with Layer One failed that is, black rectangles simply sitting on top of it, you are baking in those rectangles. It is a dead street, which only corrects errors, but erases valid utility as well.
A Secure Workflow
In documents where security is a concern, and in legal discovery, FOIA responses, or journalism, it must always be: the workflow must cover all four levels:
- Use professional software. Adobe Acrobat Pro or Foxit Phantom PDF or Nitro Pro. Internet version of the editors and so-called free PDF software usually do not support any form of redaction, no matter what marketing or advertising would suggest.
- Colored in with the Redaction tool, never marked. This is what becomes your cursor in Acrobat which is that of a red mark. When applied it will burn with black vector fills in areas where it has been redacted.
- Apply and sanitize. Upon marking, you will have to press on apply redactions. Then run Sanitize Document (in the Protection menu of Acrobat) that eliminates metadata, invisible layers, embedded search indexes and JavaScript.
- Save As, don't Save. Save as or Reduce file size with Acrobat 10.0 compatibility with Save As or Reduce file size in more recent versions, not adding to the file structure which thwarts Layer Four forensic recovery.
- Verify manually. Open the file that appeared with a new PDF-reader. Attempt to select the redacted areas- impossible. Paste the whole document into Notepad, you should not receive the original text, but blanks or [REDACTED] tags.
- Metadata check. Process the file with ExifTool or with metadata inspector of Acrobat.
To achieve maximum security against nation-state actors or when the pattern of redaction is itself sensitive (the spacing indicates the amount of a dollar or length of a name), the last step is to rasterize, i.e. export as TIFF images and rec wrap as PDF. This eliminates the text layer and it is replaced with nothing but pixels. Most use cases have it as an overkill and it makes the accessibility mean nothing, but it is the only way that the content of the mathematical object structure is removed altogether.
The Asymmetry of Verification
The sad truth of PDF redaction is that it is trivially difficult to confirm that you have done it disastrously wrong such as attempting to copy text behind a black box, but it is actually hard to confirm you have done it right without knowing the technical details of PDF object structures. This asymmetry implies that the recipient, and not the sender, will usually uncover most of the failures. Organizations that cannot help but deal with sensitive material must have a verification mechanism in which a technically savvy individual who realizes that flattening and applying are not the same operations reviews the file and only after that, releases it.
Redaction is not an option of format. It is a data destruction exercise disguised as a visual edit, and it has to be treated with the severity that one would give to tearing hardcopy documents. The undo button is true up to the point when you realize that it was not an undo button, it was simply a curtain you never sewed together.
FAQs
Is it possible to recover text which has been redacted out of any PDF?
Unless the redaction was done incorrectly such as with a drawing tool rather than an appropriate redaction program or the so-called Apply marked redactions had not been applied first then a distribution. Well redacted PDFs contain the removed underlying content objects.
Can printing to PDF be considered a dependable way of redaction?
It will permanently burnish in any visual obliterations (black obelisks), but it is a rudimentary tool that kills searchability and accessibility. It cannot be the main procedure, but a secondary one.
Is the removal of text when I use the redacting tool in Adobe Acrobat automatic?
No. The Redaction tool makes annotations but they need to be applied (burned in) with the Apply command. To this point, the text can be extracted in its entirety.
Do forensic professionals manage to extract data out of properly redacted PDFs?
No, in general, but supposing that there were redactions that were Applied and that the file was not saved as an incremental one. Nonetheless, in case the file was merely saved and not saved as, then the previous versions of the material that is being considered not used but not overwritten may be retrieved through forensic parsing of the object stream.
Are Web-based PDF redaction systems secure?
No. In addition to most of them relying on the use of plain drawing overlays rather than content removal, transferring sensitive records to third party servers creates an unavoidable security and jurisdictional risk.
But how can I start a test fast as to whether my redactions were in fact effective?
Find the PDF and try to choose the redacted text by using your cursor. When it is possible to highlight text under the black box, then it is not redacted, it is merely covered. Thereupon copy-paste the whole page into a plain text writing program; and you are likely to have blanks or no more where the sensitive writing was.
Ready to Redact Your PDFs?
Try our free online tool to securely redact sensitive information from your PDF documents in seconds.
Try Free PDF Redaction Tool →