Story Beyond the Eye: Glyph Positions Break PDF Text Redaction. (arXiv:2206.02285v3 [cs.CR] UPDATED)

In this work we find that many current redactions of PDF text are insecure
due to non-redacted character positioning information. In particular,
subpixel-sized horizontal shifts in redacted and non-redacted characters can be
recovered and used to effectively deredact first and last names. Unfortunately
these findings affect redactions where the text underneath the black box is
removed from the PDF.

We demonstrate these findings by performing a comprehensive vulnerability
assessment of common PDF redaction types. We examine 11 popular PDF redaction …

beyond pdf redaction text