Metadata left in submissions and file sharing

Metadata

Metadata left in submissions and file sharing

In submissions and file sharing, the issue is not only the body content, but also metadata left in files.

When sending internal documents, photos, PDFs, Office documents, videos, or audio anonymously, author names, company names, edit history, capture dates and times, location information, software used, and filenames can become clues to the source.

This is especially important for source protection and whistleblowing. Even if the file contains accurate information, people may infer who provided it from the surrounding information in the file.

This article organizes metadata that tends to remain in submissions and file sharing, and the points to check before sending.

Metadata shows the source

Metadata is information attached to a file.

It may include the creator, capture date and time, location information, edit history, comments, creation software, device name, company name, and similar information.

Even if a name is not written in the body text, anonymity is greatly weakened if the author name or organization name remains in metadata.

File	Information that may remain
Image	GPS, capture date and time, camera model
PDF	Author, creation software, annotations, embedded files
Office	Author, company name, change history, comments
Video	Capture date and time, location, device information, editing software
Audio	Tags, recording date and time, app information, background sound

Metadata is not visible from appearance. For that reason, it is important not to judge safety by appearance.

Handling on the receiving side also matters in submissions

When you send a file, the other side can save, forward, and analyze that file.

Even with a trusted news organization or support group, if the sending method is inappropriate, information from the sender side may remain. If you use ordinary email, a real-name cloud account, a workplace device, or your usual browser, correlation can happen through paths other than the file.

Path	Clues that remain
Email	Sender, sending time, email headers
Cloud sharing	Owner name, sharing history, viewing history
Workplace device	Device management logs, file access history
Personal social media DM	Account, replies, screenshots
Submission form	IP, browser information, upload time

Even if you remove file metadata, anonymity breaks if the sending path is tied to your real-name context.

Be careful with author information

Author information is especially important in document files.

Office documents and PDFs may retain the author name, company name, editors, comments, and change history. Materials created on an organization's PC may contain the organization name or user name.

In whistleblowing, not only the material content but also who could access the material becomes a clue. In addition to metadata, check the body content, department names, timeline, and specialized terms.

Information	Risk
Author name	Directly reveals a person
Company name	Reveals the affiliated organization
Editor	Shows the range of people involved
Comments	Internal conversations or judgments remain
Change history	Shows who changed which part

Author information may not be visible just by opening the file. Check it with properties or inspection tools.

Places remain in photos and videos

In photos and videos, not only GPS and capture date and time, but also the background matters.

Even if metadata is removed, locations and people can be inferred from buildings, signs, uniforms, desks, window reflections, roads, station announcements, surrounding conversations, and similar clues.

In submissions, on-site photos can become strong evidence. However, evidentiary value and anonymity can conflict. Think separately about how much hiding weakens the material as evidence, and how much disclosure puts the provider at risk.

In high-risk cases, do not process the file based only on your own judgment. Consider a trusted consultation contact.

Create a submission copy before sending

Do not send the original file directly. Create a copy for sending.

Keep the original file as evidence if needed. For the submission copy, check the filename, metadata, body content, background, comments, and unnecessary files.

Stage	What to check
1	Store the original file safely
2	Create a submission copy
3	Generalize the filename
4	Check metadata
5	Check content and background
6	Check the sending path
7	Think about what remains after sending

After conversion or editing, check metadata again. Editing software may add new author information.

Tools are supplementary, not complete solutions

Tools such as ExifTool are useful for metadata checks.

ExifTool is a representative tool that can check and edit metadata in images, videos, documents, and similar files locally. In whistleblowing or submissions, uploading a file to an external site for checking can itself become a new risk, so tools that can check locally are important. URL : https://exiftool.org/

However, you cannot say a file is completely safe just because a tool shows nothing. Internal information unsupported by the tool, proper nouns in the body text, image backgrounds, audio, and sharing paths must be checked separately.

For anonymity, treat tool results and human visual review as separate checks.

Order to check before submitting

In submissions, the order of checking also matters.

Do not start by immediately using a metadata removal tool. First decide what needs to be protected. The scope of checking changes depending on whether you need to protect the provider, protect a source, or avoid involving colleagues or family.

Order	What to check
1	Decide who needs to be protected
2	Check whether the file content contains proper nouns or timelines
3	Check filenames and folder names
4	Check metadata
5	Check the sending path and recipient-side display
6	Think about who will handle the file after sending

For anonymity, if you do only technical removal work first, you miss risks in the body text or sending path. First decide what to protect, then check the file and path.

Do not judge high-risk materials alone

For whistleblowing, reports of illegal conduct, workplace materials, and files related to sources, there are not only anonymity risks but also legal and safety risks.

Careless processing may change evidentiary value. Conversely, if you send without processing, the provider or people involved may be inferred.

In these situations, do not make the decision based on this article alone. Consider a consultation contact suited to the situation, such as a trusted news organization, support group, or lawyer.

Even after sending, it is important not to rush when the other side asks for additional materials. Additional files are exactly where checks become looser, and author information or timelines that were not exposed in the first materials may get mixed in.

Summary

In submissions and file sharing, not only the file body but also metadata becomes a clue to the source.

Images, PDFs, Office documents, videos, and audio may retain the creator, company name, edit history, capture date and time, location information, tags, and software used.

In addition, the sending path, cloud owner name, email headers, submission form logs, and workplace device history become separate clues.

Before sending a file anonymously, do not send the original directly. Create a submission copy, then check the filename, metadata, contents, and sharing path. For high-risk submissions, do not make the decision based on this article alone. Also consider a trusted consultation contact.

Related tools

Metadata inspection

ExifTool

An external resource related to this article. Open it only when it fits your situation and threat model.