Before uploading a file, check not only its contents, but also the surrounding information about the file.
Images, PDFs, Office documents, videos, audio, and archive files may retain creators, capture dates and times, location information, edit history, comments, and filenames.
After upload, the recipient can save, share, and analyze it.
That is why checking before upload is important.
Check the filename
The filename is the first thing to check.
Filenames often contain real names, dates, places, case names, school names, and company names.
Filename example
Risk
Contains a real name
Creator or person is identified
Contains a date
Activity time or capture period is known
Contains a place
Usual places or the scene are known
Contains a company name
Affiliation or case is known
Serial number
The existence of multiple files is inferred
The filename may be visible to the recipient as-is.
Check metadata
Metadata is information attached to a file.
Even if it does not appear visually, it may remain inside the file.
File type
Information to check
Image
GPS, shooting date and time, camera model
PDF
Creator, creation software, annotations
Office document
Change history, comments, organization name
Video
Shooting date and time, location, audio, device information
Audio
Recording environment, background sound, creation information
Detailed methods for checking metadata are covered in another article.
Here, the important point is not to judge by appearance alone.
Check the contents too
Even if you remove metadata, it is dangerous if information remains in the file contents.
Photo backgrounds, PDF text, video audio, Office document comments, and folder names in archive files. This kind of information remains in a form that can be seen.
File
What to look for in the contents
Photo
Faces, backgrounds, reflections, signs, name tags
Video
Voices, notification sounds, movement routes, surrounding conversations
PDF
Body text, annotations, redaction handling, embedded images
Office document
Comments, change history, hidden sheets
Archive file
Internal folder names, unnecessary files, work-in-progress data
Check both the metadata and the contents of the file.
Do not rely too much on redaction or blur
Before uploading a file, also check redaction and blur processing.
Even if information looks hidden, text inside a PDF may remain, layers from before image editing may remain, or original information may appear in thumbnails or previews.
Processing
Caution
PDF redaction
If text is only covered from above, it may still be copyable
Image blur
Weak blur may allow text or faces to be restored or inferred
Cropping
The original image may remain in another layer or history
Screenshot editing
Notifications, times, and account names often remain at the edges
Thumbnail
Information may remain in a small image generated separately from the main file
For the public copy, open it in another app or another environment and check that the information you want to hide is neither visible nor extractable. If you upload a check file to an external conversion service or online viewer, the file and logs may remain on that service side. If possible, check in a local environment or a trusted environment.
Check the destination and account
Also check the upload destination.
Real-name cloud accounts, workplace accounts, personal social media, visibility settings, and shared-link permissions are involved.
Check item
Reason
Upload account
Check whether a real name or workplace information appears
Sharing scope
Check whether unintended people can see it
Owner display
Check whether the other person can see your name or email
Viewing history
Check whether it records who opened it
Edit permission
Check whether the recipient can change it
Even if the file itself has been checked, identity may appear from the upload destination.
Check how it appears on the service
How the uploaded file appears to the recipient also matters.
Cloud services may display the owner name, updater, profile image, shared folder name, viewers, and comment section.
Displayed information
Risk
Owner name
A real name or workplace account is visible
Profile image
A face or personal account appears
Updater
It is clear who edited it
Folder name
Case name, organization name, or activity name is visible
Comment section
People involved or internal conversations remain
If possible, check the screen visible to the recipient from another environment or another account.
Even if it looks safe on your screen, a name may appear on the recipient's screen.
Create a public copy
Separate the original file from the public file.
The original file may need evidentiary value or work history. The public file, on the other hand, should not retain unnecessary information.
File
Handling
Original file
Store in a safe place if needed
Check copy
Examine metadata and contents
Public copy
Remove unnecessary information before uploading
It is safer to avoid uploading the original file directly.
Inspect every part of archive files
Archive files such as ZIP files are a format where oversights are common.
Information can come from filenames, folder names, unnecessary work files, hidden files, old versions, thumbnails, and settings files inside the archive.
Information inside an archive file
Risk
Folder name
Real name, case name, or organization name remains
Work-in-progress file
Information or comments from before deletion remain
Hidden file
OS or editing environment information may be included
Old version
Personal information from before correction remains
Unnecessary image
Background or location information is included
Do not check only after compressing it; organize the folder structure before compression.
Put only the necessary files into a new folder and recreate it as the public version.
Check after upload too
Checking is also necessary after upload.
Check whether the visibility is as intended, whether thumbnails reveal information, and whether previews show annotations or owner names.
Check item
Reason
Visibility
Check whether anyone can see it
Preview
Check whether text or annotations are too visible
Thumbnail
Check whether faces, backgrounds, or documents are shown small
Shared link
Check the impact if it is forwarded
Deletion method
Check whether you can stop it if a problem appears
Uploading does not end the moment you place the file somewhere.
Check how it appears to the recipient.
Do not upload files you are unsure about
You cannot check the metadata, you do not know how the sharing destination displays it, you do not know how to delete it, or there is legal risk.
In such cases, it is better not to rush the upload.
For anonymity, what matters more than whether you can delete something after publication is whether you can stop before publication. Once a file is shared, the recipient can save, forward, and analyze it.
There are situations where the most realistic countermeasure is not to send it while you still cannot judge.
Summary
Before uploading a file, check the filename, metadata, upload destination, and sharing settings.
Images, PDFs, Office documents, videos, and audio can each retain information that is hard to see.
If you upload from a real-name cloud or workplace account, identity may appear from the account rather than the file.
Separate the original file from the public copy, and check again before publication.
Related tools
Metadata inspection
ExifTool
An external resource related to this article. Open it only when it fits your situation and threat model.
Why it is listed: It can help with the article topic, but it is outside Anonymity Sense and should be checked before use.