PDF “Security”

Lately folks have been raising the alarm that passwords and content can be removed from PDFs. Unfortunately, this just isn’t news. When was the Internet a safe place to store or share documents?

Hacking Infographic

An infographic by the team at Indusface

What does a PDF have in common with NASA, the Pentagon, Nasdaq, and most credit card companies? They are all demonstrably hackable. And if a multi-billion dollar organization can be hacked, you bet your bottom dollar your PDF can be, too. You can also bet that a <$100 software solution isn't going to fix such an enormous problem. If you are very, very serious about your PDF security, look into very, very expensive DRM solutions... or don't share your PDF. The WordPress plugins available here are primarily for purposes of adding customer or user information and/or images to PDFs. Because of the nature of PDF (more on that below) added protections will only discourage honest people from stealing your intellectual property. If someone is determined to steal your PDF content, they will. (See below for one trick you can use to slow them down.)

We offer plugins that can help discourage thievery, but offer no guarantee. Our plugins are best used to add dynamic data to PDFs like names, email addresses, phone numbers, dates, and even images. Oftentimes these customizations are enough to make the intended recipient of your PDF think twice about sharing, and at the least give your PDF a nice personal touch.

The Nature of PDF

Portable Document Format (PDF) … is a file format developed by Adobe in 1992 to present documents, including text formatting and images, in a manner independent of application software, hardware, and operating systems.” Hidden in that sentence are both the blessings and the cruxes of this file format. For one, you have a file which can be read fairly consistently on many different platforms. But on the other hand, you have an open specification which is followed ad hoc and interpreted liberally by third-party PDF creation, PDF editing and PDF reading software. Anyone can make a PDF, anyone can view a PDF, but whether everyone is viewing the same PDF is the question. Embedded permissions, passwords, and even content may or may not be honored between one PDF creator/editor/reader and the next. Some PDF software is just lazy and doesn’t obey the PDF specification. Some PDF software is lazy and doesn’t read or write PDF to specification. This is what makes it possible for determined thieves to steal your PDF.

If someone can view a PDF it IS already decrypted with an open public algorithm. We would HOPE that granted permissions would be respected by the viewing application, but that isn’t always the case. When the file is re-saved, it is saved without encryption.

This is not a problem with our plugins. This is just the Wild West nature of PDF. Once released into the wild, your PDF just cannot be guaranteed to be protected from alteration… or corruption… or theft.

Your Sharing Options

  • Digital Rights Management (DRM) software can protect and track your PDF as it is shared, but it complex and extremely expensive. You will probably also need to budget for legal representation.
  • Use one of our plugins. Hide at least one of your watermarks on the page in very small font and 0% opacity. Tell your users that your PDFs are protected with hidden data, and let them try to look for it. Make them paranoid.
  • Don’t share your PDF.

I hate to burst anyone’s bubble, but ultimately, the best and perhaps only way to keep your PDF safe at the budget level is to not share it. That said, we need and want to share our PDFs, and so creativity must be used, and concessions made.