For the past four years I have been talking at various conferences about this method of ‘unredacting’ improperly-redacted PDF documents by simply copying them and pasting into a new document.
Facebook/ConnectU just got stung, and this technique is getting a lot of publicity as a result.
It will only be a matter of time before someone takes the time to start searching other publicly-posted “redacted” documents to see which ones are similarly improperly redacted. When I first started talking about this method, I ran some tests against documents I found on websites of companies that are household names … I was shocked to see how many of them used this method of redacting.
What it boils down to is you can either:
- 1. Cover the data you want to redact with a black square or set of squares (which leaves you open to the copy/paste technique)
- 2. Replace the data you want to redact with black squares or [REDACTED] placeholder text
Obviously companies should be using the 2nd method.
Ignorance is no excuse.
Posts
