Oops: 'Blocked' parts of PDF file still accessible

Written by Adrian Holovaty on October 28, 2002

Here's a classic example of why online journalists would do well to learn the intricacies of the technology they use.

Last week, washingtonpost.com posted a PDF file of a letter apparently written by the suspected DC-area sniper. Because the letter contained a few sensitive details, such as credit card account information, parts of the PDF file were blacked out electronically.

But The Post, or whoever made the PDF file, neglected to realize the blacked-out areas are easily removed with the proper tools.

Planet PDF points out the full version of Adobe Acrobat allows users to move the blacked-out areas around. According to the article, The Post's PDF file is "simply an image file to which an added layer of black has been added." Thus, one could simply open the document in Acrobat and drag the black layers away to reveal the hidden information.

It's not necessarily The Post's direct fault; they might have received the document, pre-blackened, from a source. But even if that were the case, the newspaper should have taken the time to ensure the sensitive information was properly blocked. Digital technology or not, you've got to cover your bases.

If Post staff members were uncomfortable with PDF documents, they could have converted the letter to a GIF or JPEG image file. Doing so would have guaranteed security -- and eliminated the need for users to download a third-party browser extension (Adobe Acrobat Reader) to view the document.

(Thanks to E-Media Tidbits for this story.)

Comments

Posted by Casper Thomsen on November 3, 2002, at 3:18 p.m.:

I experienced the same thing a year ago. The Danish campaign Secure Chat ran commercials showing adult Danish men with quotes underneath in the style of "Shall we meet? - Camilla, 12 years old".

The adults had their eyes blacked out but in downloadable PDF-documents found on the web page this was easily removed which revealed the adults' real identity.

In this case, of course, the adults shown were just actors and not real paedophiles but nevertheless I don't think they would be happy to know that their full faces were available on the home page.

Comments have been turned off for this page.