Learn
All Basics Text and content URL tracking Metadata Network Accounts and operation Behavioral correlation Past information and search Past information and removal Journalists Whistleblowers Activists Individuals By situation Publishing workflow Final checks
284 articles Category: All
What is anonymity? What Is DNS? What Is an IP Address? What Is a Protocol? Anonymity for Whistleblowers How Whistleblowers Should Think About Anonymity What to Check Before Whistleblowing Anonymity Check Before Whistleblowing Author Information in Documents, PDFs, and Office Files Posting Times to Avoid in Whistleblowing Pre-Publication Checklist for Whistleblowers What Whistleblowers Should Check Before Using Information Submission Tools The Threat Model to Think About First in Whistleblowing Hiding your IP is not enough for anonymity Five correlation patterns that break anonymity What is URL tracking? Unknown URL Parameters How URLs Can Break Anonymity UTM Parameters Removing image metadata How to Think About Identification Risk How Images Can Break Anonymity Risk of Identity Inference From Backgrounds, Reflections, and Text in Images When Your Photo Is Used on a Company Site or Someone Else's Site Risks From Image Search, Face Images, and Icons How to Check Past Information With Image Search Pre-Publication Checklist for Individuals How to Inspect Documents Before Publishing IP address basics Reply risks and post-publication handling after reporting How journalists should think about anonymity Anonymity for journalists Contact methods and account separation for journalists Communication traces left by contact with sources Pre-publication checks for photos, video, and audio materials Checking metadata in reporting notes, recordings, and photos Pre-Publication Checklist for Journalists What Journalists Should Check Before Publishing Risks From Publication Timing and Location Information Publication Workflow for Protecting Sources and Yourself Risk of Source Inference From Published Stories Anonymity for Protecting Sources Threat Model for Protecting Sources Why personal stories, timelines, and expertise can reveal identity Metadata left in submissions and file sharing Checking SVG metadata SVGO and manual XML checks What Is Tails? What Is Whonix? Differences Between Whonix, Tails, and Qubes OS TCP/IP Basics The Difference Between TCP and UDP What Is Technical Information Correlation? What Is a Trust Model? What Is TLS? Basics for Making Routine Places Harder to Infer Risks From Location Information and Routine Places Why login state breaks anonymity How to Review URLs Manually What Is Metadata? Basics of EXIF and GPS Information What is a mixnet? How to Think About Mixnets and NymVPN Cautions About Mobile Networks and Anonymity Correlation Risk When Posting Across Multiple Sites Network Basics to Know Before Thinking About Anonymity What Is a Network Layer Model? Correlation Between Communication Time and Behavior Patterns Correlation Between Posting Time and Daily Rhythm Time Zone and Language Setting Risks Timing Correlation Between Events and Logs Packet and Routing Basics What Is NymVPN? What Is NymVPN?: Differences From VPNs and Tor Risks From Location Information, Movement History, and Routine Places What Is Place Correlation? Place and Time Clues How to Blur Place Names, Workplaces, Schools, and Routine Places Risk of Identity Inference From Past Social Media Posts Cases Where Past Posts Connect to Current Anonymous Activity Checking Old Blogs and Old Profiles How to Deal With Past Personal Information You Do Not Want Known Risks From Old Handles and Search Results How Old Images Affect Current Anonymity Anonymity for Ordinary Individuals Past Information Ordinary Individuals Should Check First Leakage of Personal Information Personal Information Left in Filenames How to Check Personal Information Left in Search Results Steps to Reduce Past Information Search Behavior Risks Cases Where Search Terms or Personal Information Remain in URLs Information Left in Translation URLs and Search URLs Checking Personal Information Left in Search Results How to Think About Reducing Information From Search Results What Is the Wayback Machine? Risks From the Wayback Machine and Archives Risks From Information You Cannot Delete After Publishing What to Pause and Check Before Anonymous Activity PDF Metadata Risks Invisible Risks Left in PDFs Preparation for People Starting to Post Anonymously Removing PDF metadata Metadata in Office files Video and audio metadata Identification risk from writing style Identification From Occupation and Affiliation Author Information in Office Files Metadata Risks in Office and PDF Files When Offline Protection Is Strong for Online Activity What Is OPSEC? Risks From Organization-Specific Language The OSI Reference Model and the TCP/IP Model How OSINT Breaks Anonymity What Is OSINT? What Are Port Numbers and Sockets? How to use Anonymity Sense The difference between HTTP and HTTPS Risks of reusing icons and profile images ID3 tag risks What is account correlation? Account separation basics What is account separation? Reply, backlash, and tracking risks after publishing Anonymity for activists How activists should think about anonymity Activist anonymity check Behavioral correlation activists should watch for Separating devices, browsers, and network environments Separating activist accounts and personal accounts Pre-publication checklist for activists Social media operation and account separation Surrounding information visible in photos and videos After posting Identification risk from replies after publication Why personal information becomes dangerous in the AI surveillance era Information that remains in AI-generated images Why the barrier to identification is lower in the AI surveillance era Text Anonymization in the AI Era Clues in Text That Can Suggest Identity How Text and Speech Can Break Anonymity Why Identity Can Be Inferred From Writing Style Topic Correlation What Is Tor? Tor Browser Basics What Is a VPN? Checks When Using a VPN Cautions When Using a VPN Why VPNs and Tor Alone Are Not Enough for Anonymity Differences Between VPN, Tor, and Proxy The Difference Between VPNs and Tor What Is a WebRTC Leak? What Can a Website See When You Access It? What to check if you are already posting anonymously Anonymity is not a "hiding technique," but judgment that reduces correlation Causes of anonymity failure The history of anonymity How to protect anonymity in a surveillance society Anonymity is determined by practice, not technology alone Anonymity is determined by services and practice The principles of anonymity Anonymity is not a tool for wrongdoing, but a technology that protects people Final Go/No-Go Check Before Publishing How to Choose Anonymous Communication Tools Cautions When Sharing Files Anonymously What Is Anonymous Practice? Final Checklist Before Anonymous Activity Operational rules for continuing anonymous activity Long-term operational habits Why One Mistake Can Break Long-Term Operation What is a browser fingerprint? Browser fingerprint defenses Browser fingerprinting basics How a browser displays a web page What Are Servers and Clients? Risks of Shortened URLs and Redirects Signs You Should Pause Before Publishing Risks From Social Media Posts and Search Results Risks from comments and tracked changes Common patterns that break anonymity Common failures What are communication logs? Basic Principles of Anonymous Practice How to Choose an OS or Environment for Anonymous Use Time Rules for Anonymous Posting Risks of Reusing the Same Image or Username Risks of Repeating the Same Posting Time Risks of Continuing to Use the Same Writing Style How to Separate Writing Style Between Real-Name and Anonymous Accounts Risks From Screenshots and Archives Risks From Screenshots, Screen Sharing, and Notifications Overview of services that support anonymity Overview of anonymous submission tools What Is OnionShare? Cautions When Passing Files With OnionShare What Is SecureDrop? What to Check Before Using SecureDrop What to check before choosing a username for an anonymous account Information that remains on archive sites and removal requests Anonymity checks when you have no plan to publish now What not to do after posting Precautions to avoid exposing family and friends What to check before transferring files anonymously Before posting Before sharing a link Before uploading a file Before writing Threat models for beginners Threat Models and Trust Models How to generalize proper nouns safely How to generalize region, workplace, and school information Risks of bringing real-name information into an anonymous environment Metadata that browsers can and cannot remove Identification risk from cameras, microphones, and notifications What is a CDN? What to check before publishing photos Children's photos and AI-era risks Cautions when choosing where to consult or submit How to clean a URL before sharing What to check before cleaning up old accounts Risks of cloud history and file sharing Cloud history and file creation environments Risks of cloud history, sharing history, and edit history Risks of cloud sharing links Risks of sending files through Google Drive, Dropbox, and social media DMs What is content correlation? Risk that a whistleblower can be inferred from the content Differences between cookies, sessionStorage, and localStorage Risks of cookies, localStorage, and IndexedDB Crossposting risk Data broker risk What is a deepfake? How PCs and smartphones communicate Device and browser separation Direct identifiers in personal information What is a DNS leak? Author and organization information left in document files Separating email addresses, phone numbers, and recovery methods Risks of event participation and posting time EXIF and GPS checks before publishing photos What is ExifTool? How to check metadata with ExifTool Why face photos, voices, and routine places can be misused Checking information that links to family, work, and school Thinking about metadata removal with FFmpeg GPS and Time Risks in Videos Risks From Voice, Ambient Sound, and Background Sound Metadata in PDF, Office, video, and audio files What to check first after an anonymity failure What is GlobaLeaks? Group chat and contact risks Hidden text and XML comments What does it mean to hide a network route? How the internet connects Specific Clues in Post Content Pre-Publish Checklist Checklist for Reviewing Text Before Posting Risks in Printouts, Scanned Images, and Photos The difference between anonymity, privacy, and security Why Anonymity Cannot Be Guaranteed Why Anonymity Literacy Is Needed Now Why You Must Not Leave "Not sure" Unresolved Why Information Is Hard to Remove Once Published What are private IP addresses and NAT? What is profiling? Digital checks before protests and civic activity How Routine Places Are Inferred From Public Information Public Wi-Fi and Anonymity qpdf / MAT2 Guide What Is Qubes OS? Risks of Searching for Anonymous Activity From a Real-Name Account Why Separate Real-Name and Anonymous Environments Why Separate a Browser for Anonymous Use Operating Without Mixing Real-Name and Anonymous Personas Why You Must Not Mix Real-Name Login and Anonymous Activity Checking Metadata in Files You Receive Why Replies and DMs Can Break Anonymity What to Do When You Notice a Risk After Publishing How to Review Old Posts The Roles of Wi-Fi, Routers, and ISPs How to Recheck Metadata After Removal Anonymity Is Never Perfect, But You Can Reduce the Gaps Regular Review Regular Self-OSINT Checks
Metadata
How to Recheck Metadata After Removal Metadata can remain even when you think you have removed it.
In images, PDFs, Office documents, video, and audio files, the author name, capture time, GPS, edit history, application name, file name, and embedded information may be stored in multiple places.
It is dangerous to assume that a file is safe just because you pressed a "remove" button once.
For anonymity, what matters is not that you performed removal, but that you check, within the range you can verify after removal, whether anything remains.
This article organizes what you should recheck after removing metadata.
Why Rechecking Is Necessary Metadata removal tools and apps are useful.
However, they cannot remove metadata from every format, every tag, and every kind of embedded information in the same way.
Reason Explanation Storage locations differ by format JPEG, PDF, Office, and video files have different internal structures Only some information is removed GPS may be removed while the creation application name remains Resaving can add new information The editing software name or update time may be added Visible information is not removed Backgrounds, reflections, text, and voices must be checked separately Tool results are easy to overtrust You may publish while thinking removal was complete
Rechecking is not cleanup after the removal work.
It is part of the removal work itself.
Compare Before and After Removal When rechecking, compare the file before removal with the file after removal.
This makes it easier to judge what disappeared and what remained than looking only at the post-removal file.
Stage What to look at Reason Before removal Which metadata is present Understand the risky items Removal process Which tool was used and what was done Record the processing details After removal Whether the same items remain Confirm the removal result Check with another tool Check from another perspective Reduce misses by a single tool Visual review Check backgrounds and text Look for clues other than metadata
For high-risk files, clearly separate the original file from the publication copy.
The basic rule is not to upload the original file as-is.
Items to Check When Rechecking The items to check differ by format.
Format Items to check Image GPS, capture time, device model, editing software, thumbnail PDF Author, creation application, annotations, embedded files, update history Office Author, organization name, comments, revision history, hidden sheets Audio ID3 tags, recording time, creation application, environmental sound Video Capture time, GPS, creation application, audio, background, text inside frames
Check the file name as well as the metadata.
A file name such as 田中_履歴書_final.pdf leaves personal information even if the metadata has been removed.
Rechecking Means Different Things by Format Even under the word metadata, how information remains differs by file format.
In images, GPS and capture time are central.
In PDFs, the author, creation application, annotations, and embedded files become issues.
In Office documents, the author, company name, revision history, comments, and hidden sheets become issues.
In audio and video, voices and background sounds matter as well as tags.
Format What to emphasize when rechecking Reason JPEG image EXIF , GPS, thumbnailCapture location and capture time tend to remain PNG image Text chunks, creation application Screenshot and editing information may remain PDF Author, annotations, embedded content Information not visible in appearance remains Office document Comments, revision history, hidden elements Work process and organization names may remain Audio and video Tags, creation application, audio content Both metadata and content need to be reviewed
If you treat every format the same way with only one checking method, you increase the chance of missing something.
Recheck after learning what tends to remain in each format.
Why Check Locally As a rule, avoid uploading files where anonymity matters to external sites for checking.
When you upload to an external site, the file contents and access logs are passed to that site.
For highly confidential files, prioritize local tools.
ExifTool is a representative tool that can check metadata locally.
URL : https://exiftool.org/
However, even if you use a local tool, its usefulness is limited if the device itself is not safe.
When working on a workplace device, school device, shared PC, or cloud-synced folder, also consider logs on the device and storage location.
Rechecking Flow The practical flow can be organized as follows.
Order Task Reason 1 Store the original file and create a publication copy Do not mix the original and publication copy 2 Check metadata in the publication copy Understand what remains 3 Perform necessary removal or regeneration Reduce risky information 4 Recheck the same items after removal Confirm the processing result 5 Review appearance from another perspective Check backgrounds, reflections, text, and audio 6 Check the file name and storage location Prevent leakage from information outside the file contents
This flow may look tedious.
However, once a file is published, it may be copied, saved, and redistributed.
It is far easier to check before publishing than to notice after publication.
Risks That Remain After Rechecking Rechecking does not remove every risk.
Even if metadata is gone, clues remain in the content itself.
Review writing style, document content, image backgrounds, audio voices, video environmental sound, and quotations or timelines inside PDFs separately.
Logs also remain in the route used to send a file.
Cloud sharing, email, social media DMs, upload forms, and whistleblowing tools each involve different records.
Whether to Keep a Record of Rechecking In high-risk work, you may want to keep a personal record of what you checked.
However, that record itself can become a new risk.
Record Caution Screenshot of check results File names, paths, or user names may appear Work notes You may write too much about real names, places, or circumstances Cloud storage It can connect to sync history or an account Consultation by chat The consultation partner and sending time are recorded Paper notes The storage location and disposal method become issues
Even when records are necessary, avoid placing them in an environment or personal cloud used with a real-name account.
For anonymity, also consider traces of the checking work itself.
Summary When removing metadata, rechecking after removal is important.
Using a removal tool alone is not enough to judge that every piece of information has disappeared.
Images, PDFs, Office documents, audio, and video files store information in different places and forms.
You need to compare before and after removal, check from another perspective, and also inspect the file name and visible information.
For anonymity, "I think I removed it" is not treated as safe.
Create a publication copy, remove information, recheck it, and finally check the appearance and sending route.
Related tools Archive check
Wayback Machine An external resource related to this article. Open it only when it fits your situation and threat model.
Why it is listed: It can help with the article topic, but it is outside Anonymity Sense and should be checked before use.
URL : https://web.archive.org/
Metadata inspection
ExifTool An external resource related to this article. Open it only when it fits your situation and threat model.
Why it is listed: It can help with the article topic, but it is outside Anonymity Sense and should be checked before use.
URL : https://exiftool.org/
Metadata removal
MAT2 An external resource related to this article. Open it only when it fits your situation and threat model.
Why it is listed: It can help with the article topic, but it is outside Anonymity Sense and should be checked before use.
URL : https://0xacab.org/jvoisin/mat2
Related articles Metadata What Is Metadata? Metadata What is ExifTool? Metadata Removing image metadata Metadata How Images Can Break Anonymity Metadata Risk of Identity Inference From Backgrounds, Reflections, and Text in Images Metadata Metadata left in submissions and file sharing
Back to article list