2. Add black rectangle/redact, and save again as raster image, preferably in a lossless way
3. Export as PDF, if you need that. Make sure that you've checked and/or erased all metadata from step 1 that is easily found as text (hidden layers or text in metadata, for example). For common raster formats such as PNG or JPG, this should amount to briefly checking metadata and/or strings output.
Is there anything else that a "PDF redactor" should do?
And are we sure that this one does all the steps?
If you like to be paranoid: a universal removal tool for steganographically stored info is theoretically impossible.
Appreciate the feedback. The steps you listed are essentially what the site is doing. Upload a PDF, add the black boxes, it gets converted to PNG and back to a new PDF. The value of this tool is just to streamline that process to make it quicker and easier.
The point about metadata is a good one, I checked a test file that I used and you can't see metadata from the original PDF, you only see basic info about the new PDF file and that it was produced by pdf-lib.
There definitely could be other things that a redactor should do, but for most use cases I think steganographically stored info lives outside of the threat model.
edit: ran strings on the output file, nothing but PDF structure and compressed image data, no original text content - thanks for the suggestion.
Why go through these hoops instead of
1. Export as PNG (or whatever you prefer)
2. Add black rectangle/redact, and save again as raster image, preferably in a lossless way
3. Export as PDF, if you need that. Make sure that you've checked and/or erased all metadata from step 1 that is easily found as text (hidden layers or text in metadata, for example). For common raster formats such as PNG or JPG, this should amount to briefly checking metadata and/or strings output.
Is there anything else that a "PDF redactor" should do?
And are we sure that this one does all the steps?
If you like to be paranoid: a universal removal tool for steganographically stored info is theoretically impossible.
Appreciate the feedback. The steps you listed are essentially what the site is doing. Upload a PDF, add the black boxes, it gets converted to PNG and back to a new PDF. The value of this tool is just to streamline that process to make it quicker and easier.
The point about metadata is a good one, I checked a test file that I used and you can't see metadata from the original PDF, you only see basic info about the new PDF file and that it was produced by pdf-lib.
There definitely could be other things that a redactor should do, but for most use cases I think steganographically stored info lives outside of the threat model.
edit: ran strings on the output file, nothing but PDF structure and compressed image data, no original text content - thanks for the suggestion.