How to redact a PDF properly (and why most redactions fail)
Most "redactions" leave the underlying text intact and copyable. Here's what actually works, where Adobe's tool trips people up, and how to check a redaction really stuck.
Every few weeks, someone redacts a PDF wrong and it makes the news. Names buried under black bars that lift with a click. Account numbers any recipient can copy. Court filings where the "redacted" version turns out byte-for-byte identical to the original. The pattern is always the same: someone thought redaction meant covering the text up.
It doesn't. Redaction means removing the text. Covering it is just painting a black bar over a window — anyone can still look inside.
This guide covers what redaction actually has to do, why the common methods fail, where Adobe's tool catches people out, and how to verify a redaction actually worked.
What "redacted" should mean
A properly redacted PDF has four properties for every piece of redacted content:
- The text is not visible on the page.
- The text is not selectable, copy-pasteable, or searchable.
- The text is not retrievable from the file in any way — copy, paste, search, OCR, or reading the PDF's underlying object structure.
- The redacted zone is a permanent, flat marking — there's no "original" sitting underneath that someone could recover.
If any of those is false, the redaction didn't happen. You just dressed the text in black.
The three common approaches — and why two of them fail
Highlighter or marker tool
The colour changes, but the underlying text is untouched and still copy-pasteable. Open the file in any text-aware viewer, drag across the highlight, copy. Or OCR the rendered page and the "hidden" text comes straight back.
A "draw a black rectangle" shape
Same problem, same failure. The shape sits over the text; the text itself is unaffected. A surprising number of organisations have filed documents "redacted" exactly this way.
Adobe Acrobat Pro's Redact tool
Adobe's tool does the right thing mechanically — it genuinely removes the underlying content — but its workflow has tripped up even careful users. The classic mistake: you draw the redaction boxes, then hit Save before hitting Apply Redactions. Marking a redaction and actually removing the content are two separate steps, and if you save between them, the marks are saved but the text underneath may not be. The error is silent: no warning, and the file looks finished.
Other well-documented pitfalls: converting to "image only" can re-introduce a searchable text layer depending on the tool; a single search-and-redact pattern can miss format variants ((555) 555-1234 vs 555-555-1234); and cloud version history can retain an unredacted draft outside the file you send. Adobe works — if you're careful, every time, and if you verify. Most people aren't doing all three on a Friday afternoon.
What safe redaction workflows have in common
- The redaction happens on a device you control. Cloud processing means a copy of your document sits on a server you don't own — possibly logged, possibly retained.
- The tool removes the content, then confirms it's gone — rather than just telling you it's done.
- There's no separate "apply" step to forget. The action that marks a redaction and the action that removes the content are the same.
- You can check the result. The output is something you, or a recipient, can inspect and confirm.
Four checks to run before you trust the output
- Try to copy the redacted text. Drag-select across the black zones. If anything copies, it wasn't redacted.
- OCR the output. Many PDFs carry an image layer; if the original text is still underneath, OCR will surface it.
- Open it in a different viewer. Preview (macOS), Edge (Windows) and Adobe don't always agree about what's been removed.
- Compare file hashes before and after. If the hash didn't change after a "redaction," nothing was redacted.
Anyone publishing redacted documents at scale — legal, journalism, compliance, healthcare — should make these routine. For personal documents, the copy-paste test alone catches the vast majority of mistakes.
When "trust us" isn't enough: private, verifiable processing
There's one gap the checks above don't close. Finding what's sensitive in a document is the part that usually needs AI — and AI usually means sending your text to someone else's servers. That's where privacy quietly breaks, and no amount of copy-paste testing tells you whether your document was read, logged or kept along the way.
Confidential computing addresses that. The sensitive step runs inside a sealed hardware enclave — for example an AMD SEV-SNP enclave, a region of a processor whose contents are invisible to the host operating system, the cloud provider, and even the tool's operator. The hardware can produce a signed attestation proving which code ran and that it genuinely ran inside a real, sealed enclave. If that attestation verifies, the privacy of that step is a cryptographic fact, not a promise.
This is the approach Private Redaction takes, and it splits the job across two places:
- The redaction happens in your browser. Your file is opened, blacked out and rebuilt on your own device — it's never uploaded.
- The detection happens in a verified enclave. The only thing that leaves your browser is the extracted text, analysed inside an AMD SEV-SNP enclave. Each run is checked against the enclave's hardware attestation and a per-response signature, and the result is shown to you before you download anything.
One honest distinction: this proves your document was handled privately — it does not, on its own, prove the redaction caught everything. Completeness is still on you, which is exactly why the four checks above matter whatever tool you use.
When this level of proof matters — and when it doesn't
Verifiable private processing is worth it when:
- You owe a duty of confidentiality to a source, witness, patient, client or counterparty.
- The cost of the document being seen or leaked during processing is non-trivial.
- You're handling sensitive documents at scale, where "just trust the vendor" isn't a policy.
You don't need it when you're redacting your own documents for your own files and the worst case is redoing it later.
A practical workflow
- Personal use: any tool that genuinely removes the underlying text, applied carefully and double-checked with the copy-paste and OCR tests, is enough.
- Professional or regulated use: use a tool that removes the text in one step, keeps your file on your device, and lets you verify how the sensitive step was handled — then still run the checks before you send.
Private Redaction is a free tool built this way: redaction runs in your browser, the AI detection runs in a verified private enclave, and the output is a PDF with the sensitive content genuinely removed. Upload a file, choose what to redact, download the result.
Takeaways
- "Drew a black bar over the text" is not redaction — the text is still there.
- Adobe's tool works, but its two-step workflow has tripped up careful users: apply, then verify.
- Always check the output — copy-paste the redacted zones, OCR the file, compare hashes.
- For sensitive work, prefer a tool that keeps your file on your device and lets you verify the processing stayed private — but remember that's a privacy guarantee, not a promise the redaction is complete.