Jonathan Mayer: 2015 Security Workshop


Monday, April 27, 2015
Location: Fisher Conference Center, Arrillaga Alumni Center

"Redacting Vector PDFs: Harder Than It Looks"


We've all seen redacted documents. They're missing sensitive passages—usually replaced with unsightly black boxes. This low-tech approach has lasted for decades, and it has proven reasonably robust against a range of attacks.

In recent years, document redaction has gone digital. Sanitized vector PDFs are increasingly common, even from law enforcement and intelligence agencies. Several vendors now sell software dedicated to redacting PDFs.

This research explores various attacks on redacted vector PDFs. We find that a number of mistakes are very common. We also show that properties of the PDF standard pose fundamental challenges for redaction.


Jonathan Mayer is a Ph.D. candidate in computer science and a lawyer at Stanford University, where he received his J.D. in 2013. He was named one of the Forbes 30 Under 30 in 2014, for his work on technology security and privacy. Jonathan’s research and commentary frequently appear in national publications, and he has contributed to federal and state law enforcement actions. Jonathan is a Cybersecurity Fellow at the Center for International Security and Cooperation, a Junior Affiliate Scholar at the Center for Internet and Society, and a Stanford Interdisciplinary Graduate Fellow. He earned his A.B. at Princeton University in 2009, concentrating in the Woodrow Wilson School of Public and International Affairs.