How to Properly Redact a PDF (So It Actually Works)
Most PDF redaction methods leave your sensitive data exposed. Learn the right way to permanently remove confidential information from PDFs.
When you need to share a document but hide sensitive information—social security numbers, client names, financial data—you reach for the redaction tool. You draw a black box, save the file, and send it off.
Here's the problem: that information is still in the file.
I've personally recovered "redacted" SSNs, medical records, and confidential business data from PDFs that were supposedly sanitized. It's disturbingly easy. And if I can do it, so can anyone with five minutes and Google.
This guide will show you how to actually redact a PDF—not just visually obscure it.
The Problem With Most PDF Redaction
PDF files are structured documents with multiple layers. When you use basic annotation tools to "redact," you're typically just adding a visual element (a black rectangle) on top of existing content. The original text remains in the file's content stream.
Here's what that means practically:
- Copy-paste still works: Select the area, paste into a text editor, see the "hidden" text
- Search finds it: Ctrl+F reveals what's under the box
- Screen readers announce it: Accessibility tools read the underlying text
- PDF parsers extract it: Any PDF library can pull the raw text
This isn't theoretical. Court documents, medical records, and government files have all been compromised because someone used the annotation tool instead of true redaction.
Real-World Failures
In 2019, a law firm submitted court documents with "redacted" privileged information. The opposing counsel simply copied the text under the black boxes, revealing strategy discussions worth millions in the case.
The TSA accidentally released airport security procedures when redaction failed. The document showed "SENSITIVE SECURITY INFORMATION" blacked out, but the text was fully extractable.
These aren't edge cases. They happen constantly because most tools don't actually redact.
What True Redaction Requires
Genuine redaction means removing content from the PDF's internal structure, not covering it up. Here's what needs to happen:
1. Content Stream Modification
The actual text characters must be deleted from the PDF's content stream. This is the raw data that defines what text appears on each page.
2. Metadata Purging
PDF files contain hidden metadata: author names, creation dates, editing history, comments, bookmarks. All of this needs to be stripped.
3. Flattening
Annotations, form fields, and interactive elements should be flattened into the page content, preventing extraction of hidden layers.
4. Re-encoding
After content removal, the file should be re-encoded so there are no traces of the original data in the byte structure.
How to Properly Redact: Step by Step
Option 1: Adobe Acrobat Pro (Paid)
Adobe's "Redact" tool (not the annotation tool) actually removes content. Here's how to use it correctly:
1. Open Tools > Redact
2. Mark the content to redact using "Mark for Redaction"
3. Click "Apply Redactions" (critical step—marking alone does nothing)
4. Go to Tools > Protect > Remove Hidden Information
5. Save as a new file
The key mistake: people mark content but forget to apply. Marked content is not yet removed—it's just flagged for removal.
Option 2: Online Tools That Actually Work
Most online "redaction" tools just add black boxes. [ActuallyRedactPDF](/) works differently—it flattens the entire document to images, completely destroying the underlying text layer. There's literally nothing left to extract.
The trade-off: you lose text selectability. But if your goal is security, that's a feature, not a bug.
Option 3: Print to Image, Then to PDF
The manual method:
1. Print the PDF to images (high resolution, 300 DPI minimum)
2. Open images in an image editor
3. Draw black boxes over sensitive content
4. Combine images back into a PDF
This is tedious but guarantees the text layer is destroyed. The PDF becomes essentially a scanned document.
How to Verify Your Redaction Worked
Don't trust that it worked—verify. Here's how:
The Copy Test
1. Open the redacted PDF
2. Try to select text under the redaction boxes
3. If you can highlight it, the redaction failed
The Search Test
1. Press Ctrl+F (or Cmd+F on Mac)
2. Search for a term you know was in the redacted area
3. Any hits mean the text is still present
The Parser Test
Use a PDF text extraction tool (pdftotext, or online converters) on your redacted file. If any hidden content appears, start over.
Use a Redaction Checker
We built a free un-redact checker that scans for common redaction failures. Upload your document and it'll tell you if sensitive data is still extractable.
Common Mistakes to Avoid
Using highlighter tools: Yellow highlighters make text harder to read but don't remove it.
Using the annotation rectangle: Annotation objects sit on top of content, they don't replace it.
Forgetting to apply: In Acrobat, marking for redaction is step one. You must also apply.
Not checking metadata: Document properties, comments, and revision history can contain sensitive data too.
Editing without flattening: Some tools let you "edit" PDFs but preserve the original layer underneath.
Special Cases
Scanned Documents
If your PDF is a scanned image (no selectable text), you only need to redact the image layer. Black boxes on images actually work since there's no underlying text to extract.
But watch out: some scanned PDFs have been OCR'd, adding a hidden text layer. Verify with the copy test.
Forms and Interactive PDFs
Form field data persists even when the visual field is removed. You need to flatten the document to truly remove form contents.
PDFs with Layers
Some PDFs (especially from design tools) have multiple layers. Redacting the visible layer might leave content on hidden layers. Flatten all layers before sharing.
The Bottom Line
"Redacting" a PDF is one of those things that seems simple until you realize how many ways it can fail. The core principle: if the text still exists in the file, it's not redacted.
When security matters—legal documents, medical records, financial information—use tools that actually remove content, not just hide it. Then verify your work with the tests above.
Your "redacted" document should contain no trace of the original sensitive content. Anything less is a liability waiting to happen.
Need to redact a PDF right now? [Try ActuallyRedactPDF](/) — true redaction that permanently removes content, not just hides it.