SecurityApril 9, 2026

Black Box vs. Real Redaction: Why One Is Dangerous

A black box over PDF text does not delete it - the text stays in the file. Learn how real redaction works, how to verify it, and why fake redaction causes leaks.

6 min read

TL;DR: A black box over PDF text is an illusion - the text still exists in the file and anyone can access it in seconds. Only real redaction permanently deletes the data. If you shared a sensitive document with a black box over it, your information may already be exposed.

Black Box vs. Real Redaction: The Core Difference

A black box is just a drawing on top of the file

When you draw a black rectangle over a PDF - whether in an editing tool, an online service, or any other method - you are adding a drawing layer on top of the page. The text underneath is not deleted. It is not securely hidden. It exists exactly as it did before.

A PDF file is structured in layers: a content layer (the text, images, metadata) and a display layer (what you see on screen). A black rectangle adds an element to the display layer only. The text in the content layer remains completely intact.

Real redaction is deletion at the data level

Real redaction works entirely differently. It does not draw over text - it removes the text from inside the file. The data is eliminated and cannot be recovered. What remains is a true empty black box with nothing beneath it.

Black BoxReal Redaction
How it worksDraws on top of textDeletes text from the file
Text still exists?Yes, still in the fileNo, permanently removed
Can be exposed?Yes, easilyNo
Ctrl+A testReveals the textNothing to reveal
Security levelZeroComplete

How Hidden Text Is Revealed in Seconds

This is simpler than you might think. Anyone who receives a document with a fake black box can expose the hidden text in three steps - no special tools required.

Method 1 - Select and copy:

  1. Open the PDF in any PDF reader
  2. Press Ctrl+A (select all)
  3. Press Ctrl+C (copy)
  4. Open Notepad and press Ctrl+V (paste)
  5. The text that was supposed to be hidden appears in full

Method 2 - Manual text selection:

  1. Open the PDF
  2. Drag your cursor over the blacked-out area
  3. Discover that the text is selected and can be copied

Method 3 - Examining file properties:

  1. Open the file in a document tool
  2. Inspect the document layers
  3. Hide the black rectangle layer
  4. See the complete original text

No expertise needed. No special software. Anyone can do it in under a minute.

Real-World Leaks Caused by Fake Redaction

Over the years, government agencies and law firms around the world have published documents they believed were properly redacted, but the hidden text was trivially accessible. Common scenarios include:

  • Investigative documents - Filed with blacked-out names, locations, and sensitive details. Journalists extracted all the information within minutes using basic copy-paste.
  • Court filings - Attorneys submitted documents with fake redactions covering classified or privileged information. The opposing side immediately accessed all of it.
  • Healthcare reports - Medical records published with black boxes over personal data caused patient information to be exposed to anyone who downloaded the file.

The pattern that keeps repeating

In every case the pattern is the same: someone needs to publish a document, hides sensitive information with a black box because it looks right, and then someone discovers they can read everything.

The most common mistake: believing that if text is not visible, it does not exist. In a PDF file, what you see and what is stored in the file are two entirely separate things.

How to Verify Your Redaction Succeeded

Before sending any document with redactions, run these checks:

Test 1: The Ctrl+A test

  1. Open the redacted PDF
  2. Press Ctrl+A (select all)
  3. Watch the document - are the redacted areas highlighted?
  4. Press Ctrl+C then open Notepad and paste
  5. If the supposedly redacted text appears - the redaction failed

Test 2: Drag over the redacted area

  1. Click and hold directly over one of the redacted areas
  2. Drag slowly across the area
  3. If a blue text selection appears - the text still exists in the file

Test 3: Try multiple viewers

Open the file in a different browser and attempt to select text. If the text is accessible by any method, the redaction did not succeed.

What you should see after real redaction

  • The cursor changes to an arrow (not a text cursor) when hovering over a redacted area
  • Ctrl+A does not select anything in redacted areas
  • No text can be copied from those areas
  • The area displays as a solid, empty black box

How to Perform Real Redaction

Step 1: Use the right tool

To perform real redaction, you need a tool that actually removes data from inside the file - not one that draws on top of it. Go to the Kovetz redaction tool.

Step 2: Mark the areas to redact

Drag your cursor over the text you want to permanently remove. You can mark:

  • Names and personal details
  • ID numbers and account numbers
  • Addresses and phone numbers
  • Sensitive business information
  • Any other text that must not be shared

Step 3: Apply the redaction

Click the redact button. The tool performs deletion at the data level inside the PDF file.

Step 4: Verify and confirm

After downloading the file, run the Ctrl+A test. If redaction succeeded, the text will not be selectable.

Step 5: Keep the versions separate

Make sure you send the redacted version - not the original. Save both versions with clear, distinct file names.

Common Mistakes to Avoid

Mistake 1: "I colored it black - it is secure" Color is a drawing, not deletion. Always verify with Ctrl+A.

Mistake 2: "I exported from Word/Excel to PDF - redaction works differently" It does not. In all PDF types, a black box is only a drawing layer over existing data.

Mistake 3: "I printed and scanned it again - now it is safe" Printing and rescanning does convert the document to an image, which prevents direct text extraction, but it degrades document quality significantly and is not the professional solution.

Mistake 4: "I trust the recipient" Even if you trust the recipient, files can be forwarded, leaked, or accessed without authorization. Proper redaction removes the risk entirely.

Summary: What to Remember

  1. A black box is an illusion. The text exists in the file and is accessible to anyone.
  2. Real redaction is deletion. The data is permanently removed.
  3. Always test with Ctrl+A before sending any document.
  4. Use a professional tool that performs redaction at the data level.

When it comes to legal, medical, financial, or any document with personal information - there is no room for error. The redaction must be real.

Want to redact info in a PDF now?

With full Hebrew support

Start Now

Frequently Asked Questions

Does drawing a black rectangle over text in a PDF delete it?

No. A black rectangle is only a drawing layer placed on top of the document - the original text remains in the PDF file untouched. Anyone can reveal it by selecting all text with Ctrl+A, copying it, and pasting into a text editor. Only real redaction permanently removes the data from the file.

What is real PDF redaction?

Real redaction removes text from the PDF at the data level, not just visually. After proper redaction, the information no longer exists inside the file - it cannot be recovered by any means, even by opening the file in professional software or examining its raw structure.

How do I verify that my redaction worked?

Press Ctrl+A to select all text in the document. If you can copy and paste the text that was supposed to be redacted, the redaction failed. After real redaction, the blacked-out area is empty - no text can be selected from it and nothing appears when you paste.

What is the real danger of fake redaction?

Anyone who receives the document can expose the hidden text in seconds with no special tools. Government agencies, law firms, and public authorities have caused serious data breaches this way. When legal, medical, or financial documents are involved, the consequences can include lawsuits, regulatory fines, and severe reputational damage.

Are online redaction tools reliable?

It depends on the tool. You need to verify that the tool performs actual data deletion from the file, not just paints over the text. Kovetz (kovetz.co.il) performs real redaction that permanently removes data from the PDF file, not a visual overlay.

Is there a difference between scanned PDFs and regular PDFs for redaction?

Yes. A scanned PDF is an image, so a black box hides the image rather than text data. However, if OCR was performed on the scanned file, the recognized text layer may still be accessible even after drawing a black box. Real redaction handles both layers correctly.

More Guides

Should You Trust Online PDF Services?A practical privacy guide to online PDF services - what to check before uploading files, how to spot a solid service, and how Kovetz provides a private, safe option for everyday PDF tasks.What Your PDF Reveals to the Recipient - And How to Clean It Before SendingSending a contract, proposal, or resume as a PDF? It may be carrying information you didn't mean to share - someone else's name, old comments, previous versions. A practical guide to what's hidden in your PDF and how to send a clean copy.How to Convert PDF to PDF/A - Practical Guide for Lawyers, Accountants, StudentsConvert PDF to PDF/A archival format (ISO 19005). Complete guide to levels 1b, 2b, 2u, 3b, veraPDF validation, and compliance certificates.Edit a Hebrew Contract PDF - Complete GuideHow to edit a Hebrew contract PDF - add signatures, fill in details, fix text, and maintain correct RTL direction. Practical guide for lawyers, accountants, and freelancers.