Why popular solutions can’t stop PDF file sharing & what you should be using instead
Adobe Acrobat’s protections are next to useless, secure data rooms are not so secure, and ERM systems are complex and unsuitable for external sharing. So, what should you use to protect your documents instead?
Unauthorized PDF sharing is a real problem that spans industries. Whether you work in education, publishing, engineering, media, accounting, or the government, there’s a risk that your documents will be leaked without your permission. These leaks can not only ruin a business’s reputation but also result in legal repercussions. It’s vital, then, that organizations understand how to protect a PDF from being shared and whether their current solution is effective.
How do you protect a PDF from being shared in Adobe Acrobat?
This is a common question that also has a common answer – by adding a password to the document. Only, this is far from the whole story. The truth is that doing so won’t offer you much protection at all. In fact, it could make things worse.
The unfortunate reality is that Adobe Acrobat is not security software. It was designed decades ago to provide a convenient way to view and edit PDFs. The controls we see today were added as an afterthought and are implemented very poorly:
- Viewing is protected (encrypted) with an open password, which the user can just share, alongside the document, with whomever they want.
- Due to flaws in the Adobe Security Handler, the permissions password, which is supposed to prevent unauthorized editing and printing, can be removed in seconds with online tools or Adobe Acrobat itself (provided the open password is known).
- As a result, the sharer doesn’t even need to provide the password – they can just print to a fresh PDF with no restrictions.
- Any watermarks can then be removed with the exact same tools used to add them.
So, removing Adobe Acrobat protection isn’t at all difficult. The tools required are legal and easily accessible. A single Google search is enough to tell a sharer exactly what they need to know.
Removing PDF permissions with a free online tool
The worst part is that Adobe Acrobat isn’t just a completely ineffective tool to prevent PDF file sharing. It may make it more likely. Acrobat users who assume their PDF is secure are more likely to share it with those they wouldn’t trust with the information otherwise. This false sense of security can quickly get very dangerous.
Ways to prevent PDF sharing
Clearly, Adobe Acrobat is a no-go if you want to protect a PDF from being shared. What, then, are the other options?
Any security researcher will tell you that encryption is a vital tool in today’s security landscape. However, it alone isn’t enough to prevent the sharing of PDF files. Encrypting a document only makes it illegible to those who don’t have a way to decrypt it. Thus, encrypting a PDF using a password or private/public key only protects it when it’s in transit or at rest. As soon as somebody knows the decryption key, they can share it with somebody else. This applies whether you’re using Adobe Acrobat or a PKI system.
Secure Data rooms
Secure PDF link sharing
There are various websites out there that claim to offer secure file sharing links for PDF files. Usually, the “security” consists of a link that expires after a single download or after a certain period of time. Occasionally, they might offer IP address restriction or multi factor authentication. In other words, they offer no additional protection to documents. There’s nothing to stop a user from sharing their downloaded file with others, and there are often simple ways to get around the rudimentary download security.
Enterprise Rights Management systems like Microsoft RMS or Adobe LiveCycle are an effective way of securing documents…so long as you’re not sharing anything outside of your company. They use complex PKI-based systems and policies to enforce their controls, which are time-consuming and expensive to set up and maintain. Additionally, they don’t usually allow you to take documents off-site or share them with necessary outside parties (lawyers, shareholders, partners, etc.) unless they have the same system in place.
Web-based collaboration services have similar flaws to data rooms. They usually involve uploading your document to a cloud server or internal server and then sharing that document via link or with a specific account. The whole idea of collaboration services is that authorized users can edit, copy and paste, print, and otherwise modify content live to speed up the creation process. This is certainly useful, but how do you stop unauthorized users from gaining access to this functionality? The answer is that you don’t. As discussed in our secure external sharing in SharePoint blog, editing, printing, and copying controls fall apart in most situations. And that is not to mention the risk of an authorized user sharing their login details or document link with others.
PDF DRM like Locklizard is specifically designed to prevent both internal and external unauthorized sharing and is, therefore, a better fit for most organizations. While it still utilizes 265-bit AES encryption, it does so in combination with a licensing system, transparent key management, and secure viewer application to ensure that the user never has access to a key that they can share. Users are therefore not able to share the document or copy it via other means.
Here’s how it works:
- You encrypt a PDF on your local PC and add any DRM controls you desire. These can include anti-screenshotting and copying techniques, printing controls, watermarks, device/location locking, and more.
- The protected PDF is saved to your disk as a .PDC file and a record of the document is recorded on the Admin System.
- You create a user account for each person who you want to be able to view the document.
- Users receive an email with a license file and a link to download the Safeguard secure viewer.
- After installing the viewer, the user clicks the license file to activate it on their PC. Once activated, the license file cannot be registered elsewhere (unless otherwise specified).
- You choose which documents users can access via the Admin System.
- You send the DRM-protected PDF to users just like any other file (via email, file sharing, messaging, etc.)
Locklizard’s decryption keys are securely and transparently relayed from the licensing system to only authorized users and stored in an encrypted keystore that only works on authorized devices. As users cannot share the keys, screenshot, edit, print (unless otherwise specified), or print to file, there are few ways for them to share the file. They would have to either take a picture of their screen (and risk being identified by Locklizard’s dynamic watermarks) or manually write out the document’s contents on another device (the screen mask feature grays out the viewer when it’s not the active window to prevent copying).
How to prevent the sharing of PDF files with Safeguard
Despite its far more advanced security, preventing PDF file sharing with Locklizard is no harder than with Adobe Acrobat. In fact, we’ll prove it by walking you through it step-by-step below:
- Right-click your PDF in Windows File Explorer and select “Make Secure PDF”.
Create a protected PDF
- Click on the ‘Printing and Viewing’ tab and uncheck ‘Allow printing’. If it is already unchecked, then you don’t need to do anything – users will not be able to print your confidential documents.
Prevent printing of a PDF
- In the ‘Environment Controls’ tab, make sure ‘Disallow screen capture’ is selected.
Stop screenshots of PDF content
- Appy any expiry controls in the “Expiry & Validity” tab by selecting a date or a number of days.
Add expiry to a PDF
- Press the ‘Publish’ button at the bottom of the dialog. Safeguard will create an encrypted PDF (.pdc file) that only users authorized in the Safeguard admin portal can access.
- All that’s left is to grant the relevant users access to your document in the Safeguard admin portal. They (and only them) will be able to access the document on PCs with their license file activated via the secure viewer application.
Adding a user and granting document access in Safeguard Admin
How to prevent the sharing of a PDF file that you sold
If you have already sold your PDF file to customers without Locklizard’s protection and have noticed that is being shared, there is sadly very little you can do. One option is to pursue legal action – identify and sue the users sharing your PDF or send a DMCA takedown request to the website that is hosting the file. Often, however, the user takes steps to remain anonymous and there will be at least one or two sites that refuse to comply with your request.
In the future, protecting your PDFs with Locklizard will prevent the sharing of PDF files you sell or make available through membership subscriptions. Though they can share your encrypted .pdc file, it will be useless without the decryption keys, which cannot be passed on. With Locklizard’s e-commerce API you can even automate the process of adding customers to your Admin System for faster distribution. If you do have suspicions that somebody is trying to bypass your PDF restrictions, you can revoke their (or everyone’s) access to the document at any point.
The best way to protect a PDF from sharing
The best way to prevent PDF file sharing is to protect them with Locklizard before you send them. This will make it incredibly time-consuming or personally risky for any recipient to pass their version of the document to others. Unlike competing solutions, Locklizard Safeguard lets you:
- Apply dynamic, irremovable watermarks that identify the user
- Effectively prevent unauthorized sharing and opening inside and outside of your organization
- Self-destruct confidential documents after they have been viewed or printed
- Remotely revoke access to sensitive PDF files no matter where they are stored
- Stop editing, printing, screen grabbing, and more
- Lock document use to certain devices and locations
- Keep a log of who has opened and printed a document and from where
How do you prevent your documents from being copied or shared on a laptop?
Stopping PDF files from being shared on a laptop can be difficult with other solutions as the device may be physically moved away from the office where you have oversight and control. With Locklizard, however, it does not matter where the device is physically located – the same protection applies. You also retain control over the document, with the ability to remotely revoke it, restrict opening to certain locations (so for example protected PDF files can only be viewed from the office and not from home), and more.
Can I email a PDF, but prevent the recipient from sharing or copying it?
Yes – but only with a PDF DRM solution like Safeguard Security. Though you can encrypt the file before emailing it, it won’t protect the document after it is opened on the other end. The user would still be able to copy and share the decrypted PDF file. Instead, you need a solution like Locklizard that will apply copy protection, prevent decryption to disk, and prevent key sharing.
If I sell a PDF, does Locklizard take a cut of the sales?
No. Locklizard allows you to pay a set monthly or yearly cost for your protection rather than charging you more the more successful you become.
Can you prevent PDF file sharing using Adobe Acrobat?
No. Once you have given a user a password to view a protected PDF they can remove the password (since they know it) or share the PDF and the password with others. Any restrictions (permissions) you add to prevent editing or printing are completely useless since they can be instantly removed.
How can you prevent direct URL access to PDF files?
You can use a plugin to your WordPress site such as Linklok URL, but a more effective way of preventing unauthorized users from accessing PDFs would be to protect them with Locklizard.
This is because if you prevent direct URL access to a PDF file, then once an authorized user has downloaded the PDF they can then share it with others. With Locklizard you can let anyone download a protected PDF (there is no need to prevent direct URL access) because only authorized users can open them. In addition, you can also control how the PDF is used – prevent sharing, copying, editing, screenshots and printing, restrict access after a certain date, and much more.