https://bugs.kde.org/show_bug.cgi?id=450786
Bug ID: 450786
Summary: Privacy problem: deleted annotations are not deleted
Product: okular
Version: 21.12.1
Platform: PCLinuxOS
OS: Linux
Status: REPORTED
Severity: grave
Priority: NOR
Component: PDF backend
Assignee: okular-devel@kde.org
Reporter: u...@protonmail.com
Target Milestone: ---
SUMMARY
***
Deleting an annotation only makes it invisible and does not delete it from the
PDF. This is unexpected behaviour and violates the privacy of the user, who
will unwittingly share his deleted annotations.
***
STEPS TO REPRODUCE
1. Add an annotation containing the text `foobar` and save.
2. Delete it and save.
3. Find it in a text editor by searching for `f.o.o.b.a.r` or `FreeText`.
OBSERVED RESULT
The deleted annotation is found.
EXPECTED RESULT
The deleted annotation ought not to be found.
ADDITIONAL INFORMATION
I understand that this behaviour is to avoid rewriting the whole file, but the
result is highly undesirable and unexpected. I see three ways of addressing
the problem; in prioritized order:
1. Always redact deleted annotations. Even if they cannot efficiently be
deleted, they can be overwritten with insignificant bytes.
2. Inform the user that the number and length of his deleted annotations are
leaked.
3. Offer a procedure to purge annotations completely (rewriting the whole file
if necessary).
--
You are receiving this mail because:
You are the assignee for the bug.
