PDF Redaction vs Black Boxes: Why a Drawn Rectangle Deletes Nothing
A black rectangle drawn over text hides it from your eyes and from nobody else's tools. Learn how PDFs actually store text, how to redact so the data is truly gone, and how to verify it with select-all and extraction tests.
Prerequisites
- A PDF containing information that must not leave your hands
- Omnvert PDF Redact tool
- A PDF viewer and, optionally, the pdftotext command-line tool for verification
Step-by-step
- 1
Understand what a PDF actually stores
A PDF page is a stack of drawing instructions: text objects, images, and vector shapes painted in order. When you draw a black rectangle over a name using an annotation or shape tool, you are adding one more object on top of the stack. The text object underneath is untouched — still selectable, still searchable, still there for any program that reads the file's content streams. Visually the page looks censored; structurally, nothing has been removed. This is the core mistake behind almost every redaction failure: confusing what the page looks like with what the file contains.
- 2
See the leak for yourself
Take any PDF "redacted" with drawn rectangles and try three ten-second attacks. One: press Ctrl+A (Cmd+A on a Mac) in the viewer, copy, and paste into a plain text editor — the hidden text appears in the paste. Two: press Ctrl+F and search for a word you know is under a box; the viewer will happily jump to it and highlight it through the rectangle. Three, if you use a command line: run pdftotext file.pdf - and read the output, which contains every text object on the page, covered or not. If any of these reveals the sensitive content, the document was never redacted — it was decorated.
- 3
Inventory everything that needs to go
Sensitive data hides in more places than the visible page. Before redacting, list what the file may carry: document metadata (author, title, company, creation tool), comments and annotations, attached files, form field values, and revision remnants left by some editors. Scanned pages add a twist — if the PDF was run through OCR, an invisible text layer sits on top of the page image, and that layer contains the sensitive words as text even though the page "is a picture". Even the filename can leak (client names, case numbers), so plan to rename the output too.
- 4
Redact with the PDF Redact tool
Open the PDF Redact tool and upload your file. Go page by page and draw a redaction box over each region that must disappear — be generous with the box edges, since a sliver of a character can still identify a word. When every region is marked, apply the redaction and download the result. The difference from a drawn rectangle is what happens underneath: true redaction removes the underlying text and image data in the marked regions and flattens the page, so there is nothing left under the black area to select, search, or extract.
- 5
Verify with the select-all and extraction tests
Never trust a redaction you have not attacked yourself. Open the downloaded file and repeat the three tests from step 2: select all and paste into a text editor, then search the paste for every redacted term; Ctrl+F for the same terms inside the viewer; and pdftotext if you have it. All three must come up empty. Then zoom to 400% on a few redacted regions and confirm no character edges peek past the black area. Only a file that passes every test is safe to send.
- 6
Check metadata and document properties
Open the redacted file's document properties in your PDF viewer (usually File > Properties) and read every field: title, author, subject, keywords, creator application. A contract redacted to hide a party's identity is worthless if the author field still names their lawyer. Also look for leftover annotations and attachments in the viewer's side panels. If the properties carry sensitive values, clean them before sending — and remember the filename you chose in step 3.
- 7
Keep the original under lock, share only the redacted copy
True redaction is destructive by design: the removed text cannot be recovered from the output file, which is exactly the point. So work on a copy, keep the unredacted original in a location with appropriate access controls, and give the redacted file a clearly different name (contract-redacted.pdf) so nobody attaches the wrong one in a hurry. Most real-world leaks are process failures, not tool failures — the right file exists, and the wrong file gets sent.
Lessons from public redaction failures
Courts, government agencies, and corporations have repeatedly published documents in which "redacted" names, figures, and allegations could be read simply by selecting the black areas and copying the text out — journalists and researchers routinely find such leaks within minutes of a filing going public. The recurring pattern is always the same: someone used a highlighting or drawing feature that changes how the page looks, in a workflow that demanded a tool that changes what the file contains. The people involved were not careless about the secret; they were misled by a convincing visual result.
A verification checklist you can run in two minutes
- Select all, copy, paste into a text editor — search the paste for every redacted term
- Ctrl+F inside the PDF viewer for the same terms
- pdftotext extraction, if you have a command line available
- Document properties: title, author, subject, keywords, creator
- Annotation and attachment panels for leftovers; filename sanity check
Once you apply true redaction and save, the removed content is gone from that file permanently. Always redact a copy, never your only original. And never "lighten" the process by using a highlighter set to black, a shape tool, or an image stamp — if the text is still selectable afterwards, you have hidden nothing.