If you have gained access to a document that may be bugged and want to share it with a trusted third-party, it's best to remove tracking codes altogether. Dangerzone does that, in a process that's similar to a photocopy machine: https://dangerzone.rocks/about/
Reminder: even with a sanitized document that can't phone home, there are still ways you can be tracked. There are watermarking methods such as printer tracking dots, intentional misspellings and extra spaces, that have been used in the past to detect whistleblowers. Be extra cautious when handling documents that have been sent to you personally.
Anecdotally, the only major PDF reader that loads external content by default is Adobe Acrobat. Still, there are various implementations out there, so check what's the case with your PDF reader.
If you have gained access to a document that may be bugged and want to share it with a trusted third-party, it's best to remove tracking codes altogether. Dangerzone does that, in a process that's similar to a photocopy machine: https://dangerzone.rocks/about/
The implementation is closed-source, but the way this usually works is simple:
1. Craft a unique URL in a domain under your control, that serves an 1x1 transparent pixel image.
2. Associate this URL with the document you want to track, and monitor it for any HTTP GET requests.
3. Plant this URL as an external image in the document you want to track.
4. Whenever someone opens this document, their IP address, operating system and access time will be recorded.
Anecdotally, the only major PDF reader that loads external content by default is Adobe Acrobat. Still, there are various implementations out there, so check what's the case with your PDF reader.
Tracking pixels in documents are nothing new in tech circles, but whistleblowers and activists need to be aware of them. Here's what a company promises to their prospects:
The implementation is closed-source, but the way this usually works is simple:
1. Craft a unique URL in a domain under your control, that serves an 1x1 transparent pixel image.
2. Associate this URL with the document you want to track, and monitor it for any HTTP GET requests.
3. Plant this URL as an external image in the document you want to track.
4. Whenever someone opens this document, their IP address, operating system and access time will be recorded.
Tracking pixels in documents are nothing new in tech circles, but whistleblowers and activists need to be aware of them. Here's what a company promises to their prospects:
dangerzone