[okular] [Bug 450786] New: Privacy problem: deleted annotations are not deleted

Thu Feb 24 07:41:34 GMT 2022

https://bugs.kde.org/show_bug.cgi?id=450786

            Bug ID: 450786
           Summary: Privacy problem: deleted annotations are not deleted
           Product: okular
           Version: 21.12.1
          Platform: PCLinuxOS
                OS: Linux
            Status: REPORTED
          Severity: grave
          Priority: NOR
         Component: PDF backend
          Assignee: okular-devel at kde.org
          Reporter: uti5 at protonmail.com
  Target Milestone: ---

SUMMARY
***
Deleting an annotation only makes it invisible and does not delete it from the
PDF.  This is unexpected behaviour and violates the privacy of the user, who
will unwittingly share his deleted annotations.
***

STEPS TO REPRODUCE
1. Add an annotation containing the text `foobar` and save.
2. Delete it and save.
3. Find it in a text editor by searching for `f.o.o.b.a.r` or `FreeText`.

OBSERVED RESULT

The deleted annotation is found.

EXPECTED RESULT

The deleted annotation ought not to be found.

ADDITIONAL INFORMATION

I understand that this behaviour is to avoid rewriting the whole file, but the
result is highly undesirable and unexpected.  I see three ways of addressing
the problem; in prioritized order:

1. Always redact deleted annotations.  Even if they cannot efficiently be
deleted, they can be overwritten with insignificant bytes.
2. Inform the user that the number and length of his deleted annotations are
leaked.
3. Offer a procedure to purge annotations completely (rewriting the whole file
if necessary).

-- 
You are receiving this mail because:
You are the assignee for the bug.