The risks of sharing a PDF online & how to share a PDF securely
Here we examine the risks of uploading a PDF to share online, why popular security solutions fail to prevent PDF sharing with unauthorized users, and how to share PDF files online securely.
Though tools such as Microsoft Word have grown in popularity over the years, the PDF format is still dominant online. According to the PDF Association, up to 90% of documents shared online are PDFs. These statistics are a clear triumph for Adobe – but not so much for the internet as a whole.
Why? Despite the popularity of the PDF format, nearly all PDFs are shared online with little or no security. Doing so poses a significant risk to many businesses especially when confidential or sensitive documents are being distributed.
Online PDF sharing – the risks and vulnerabilities
There are various reasons to share PDFs online, but the most common business use cases are to sell as a product or to share information with authorized parties.
The risks of sharing PDF products online
PDF is a popular format for selling course materials, instruction manuals, reports, ebooks, and sewing patterns, and more. The ability to save to PDF from almost any application and maintain consistent formatting has made it nearly ideal.
We say almost because these are all businesses very prone to piracy. Whether it’s with friends and family or on mass piracy sites, customers inevitably share their purchased documents with others. With no security, they can share with whoever they like. This can significantly impact revenue, and research suggests that those who pirate ebooks aren’t doing so due to a lack of income – rather, they just don’t want to pay.
A lot, then, stands to be gained from good PDF protection. But though many sellers do try to protect their PDF documents, they typically use “secure” online viewers or basic password protection. As we’ll cover later, this is not very effective.
Sharing enterprise documents online
For these reasons, enterprises are typically more cautious about how they share internal PDF files online, certainly not hosting them on public-facing sites. Employees most commonly upload files to cloud storage services, workplace chat apps, or secure data rooms. This may be paired with additional security, such as PGP encryption or PDF passwords.
Current online PDF security solutions and their limitations
There are several popular ways to share protected PDF files online:
Secure cloud storage
Cloud storage solutions such as Google Drive or Box usually rope in businesses by talking up their server security and encryption. They generally combine this with the ability to restrict file access to specific user accounts or those with a shared link. We’ll quickly show how it works below.
How to share a PDF on Google Drive
A simple way of sharing a PDF online is using Google Drive. As most people already have a Google account and files can additionally be shared via link, it’s a convenient way to share a PDF file online. Here’s how to share a PDF in Google Drive:
- Upload your PDF to Google Drive.
- Press the three dots “…” next to the file size and choose “Share > Share”.
- Press the settings cog in the top-right corner of the share menu.
- Untick both boxes.
- Enter the email address of the people you want to share with or change from “Restricted” to “Anyone with the link”. Copy the link to the document and send it to your recipients, or wait for them to receive the email.
On first look, Google Drive seems to be a secure way to share PDF files, with encryption in transit and at rest, account security and, as you have seen, editing and printing restrictions.
However, as we covered in our blog on Is Google Drive Secure? it has major failings with users being able to easily bypass the protection, save Google Docs as PDF files and download them for sharing offline. This is true even if the documents are password protected.
The problem with such an approach is that your documents are only as secure as your user accounts or sharable links. If a user leaks the link or it is brute forced, the sensitive document becomes available to anyone. Alternatively, if a user is hacked or intentionally shares their credentials, all of their sensitive documents are forfeit.
Other cloud storage services also have online viewers so users can share PDFs without downloading – we’ll cover the issues with those next.
Online PDF viewers and data rooms
Data rooms and secure online PDF viewers look to prevent download of PDF documents from web pages, restrict editing and prevent printing. The idea is to embed a PDF in a webpage and protect access with user account credentials. Users cannot download the PDF, and hackers cannot access it.
PDF password protection
Most non-technical users use simple PDF password protection, often via programs like Adobe Acrobat. Adobe Acrobat has two types of password:
- the open password – designed to stop unauthorized access
- the permissions password – supposed to prevent unauthorized printing, editing, and copy-pasting
Neither should be relied on as a security method when sharing PDFs online. We cover this in more detail in our blog on how to password protect a PDF and why it is not secure.
PDF open passwords can be phished, brute-forced, leaked, or intentionally shared like any password. For permissions passwords, attackers don’t even need to go that far – somebody can remove them in seconds with a click of a button using free online password removal tools. This combination of poor security creates an unfortunate reality: anybody who can open the document can unprotect and share it. PDF Passwords are useless at preventing piracy and the unauthorized sharing of sensitive information.
PGP encryption is useful in reducing the chance that an unauthorized user can open a document. PDFs are encrypted using public keys. Anyone who tries to open a PDF without a valid private key will be unable to do so and the keys are too long and complex to brute force. Though private keys can still be shared or leaked, this generally happens less often.
However, they face a similar dilemma as PDF open passwords: once the user has decrypted the document, they can do what they like, including sharing it with unauthorized users. Additionally, PGP encryption is inconvenient when sharing online at scale: the recipients must share their public key with you before you encrypt it, or they won’t be able to open the document.
Enterprise rights management solutions take security more seriously. Solutions such as Adobe Experience Manager and Azure Rights Management are designed to protect documents in the browser and desktop. So, how well do they work?
- Microsoft admits that its policy enforcement capabilities (preventing printing, editing, etc.) are not guaranteed by cryptography. Using freely available tools, users can print and modify documents. A determined user can edit documents and re-protect them with the author’s credentials.
- Adobe Experience Manager provides better PDF protection, but it does not stop screenshots, and according to Elcomsoft, it is technically possible to strip the DRM entirely. These facts make it a poor choice for enterprises, while these factors, plus its complexity, high cost and poor offline support, makes it unworkable for ebook publishers.
Thankfully, while these rights management solutions are not ideal, there is still hope.
How to share a PDF online securely
Locklizard Safeguard is a DRM solution that enables secure online PDF sharing without the need for Adobe Acrobat passwords or complex policy management. It is cost-effective and easy to understand.
Just follow these simple steps to share PDF files online securely:
- Right-click on a PDF file on your computer and select “Make Secure PDF”, then choose the DRM controls you want to enforce in Safeguard Writer interface. Optionally, add a dynamic watermark that will display the user’s name and email address. This will deter them from taking pictures of the screen with a mobile phone or similar device.
- When you press “Publish”, your secured PDF is saved to your disk as an encrypted file, and a document record is created on the Admin System.
- You create a user account for each user you want to view your secured PDF by pressing “Add” in the “Customers” tab of your admin system. An email is automatically sent to the user with a link to the Viewer and their license. Alternatively, you can untick this option and manually send a personalized message with the license file link or attachment.
- You upload the PDF online to your website or a cloud service, social media, Facebook messenger, or send it via email, etc. Only users who have a valid license file activated on their device will be able to open the PDF, and only in the secure viewer application. They won’t be able to edit, save, or copy-paste the document. If you ticked the relevant controls, they’ll also be unable to print or screenshot.
Online PDF viewer
As we have mentioned, the browser is not a secure environment when compared to a desktop application. However, we recognize that there are some situations where installing an app is not possible. For this reason, Locklizard has an online PDF viewer, enabling you to share PDF documents online via the browser.
Our web viewer prevents editing, copying, saving, and printing, and you can expire and revoke documents instantly.
To make a document available in the online PDF viewer, press “Protect to WEB…” after you encrypt your PDF. If you already protected the PDF, you can use the Web Publisher app and add your PDC files to it for web publication.
You can then select the users who can use view protected PDF documents online using their browser and modify their login details/document access:
The user will receive an email with information on how to log into the Web Viewer and access any protected PDFs you have made available to them.
How to share a PDF online with analytics
One of the primary motivators for sharing a PDF online is the ability to track PDF use, sometimes by analyzing the shared link’s uses. Analytics play an important role in compliance for businesses and provide useful information to PDF retailers.
Contrary to popular belief, you do not need an online viewer to achieve this. In fact, online logging is often useless because if users can bypass protection and download PDF files you cannot track how they are really being used.
Locklizard Safeguard’s logging option allows you to:
- Track who opened a document, when, and where
- Track who printed a document, when, and where
You can turn tracking on in the “Printing & Viewing” tab in your Safeguard writer application.
Analytics can be found in your Safeguard admin console.
Naturally, protecting a PDF with Locklizard does not prevent you from separately tracking downloads or link use, either, but since only authorized users can open shared PDF documents, you probably won’t need any additional analytics.
The best way to share a PDF online
There are various ways to share PDFs online, but most are too insecure or complicated. Locklizard’s effective controls let you lock documents to authorized devices and ensure users cannot copy, save, edit, or print them or share them with unauthorized users.
Our PDF security cannot be easily bypassed or removed, allowing you to share your documents on any platform without worrying about leaks or piracy.
How do I make a PDF viewable online?
You can use Google Drive / GDocs or another cloud service, but you should be aware that their online PDF viewers are not secure.
Specialized services like Locklizard Safeguard offer better online PDF security. With Locklizard, you can right-click on a PDF, select “Make Secure PDF”, apply DRM controls in the Safeguard Writer, and then choose to protect it for web viewing. The Locklizard web viewer is more secure than other solutions, preventing editing, saving, and printing while ensuring users can only log in from specific locations.
How do I share Google Docs as PDF?
See Google Docs share as PDF for info on how to insert a protected PDF into a Google Doc and share it securely. You can also save a Google Doc as PDF if you want to convert existing Google Docs to PDF format to share them securely online or offline.
How do I share a PDF from my browser?
There are various ways, including uploading it to a cloud platform or data room, sending it in a message, or adding it to your website. However, if you do not want it to be pirated or mass-shared, we recommend protecting it with Locklizard Safeguard first.
How can I share large PDF files online for free?
If your PDF is too large to fit in an email or message, then the best way is to upload it to a cloud storage service first and then share it as a link or with specific accounts. Just keep in mind that this is not a secure way of sharing. If you only want authorized users to access your document, then you should protect it with Locklizard Safeguard before uploading it.
Why would you want to create a link to a PDF?
A PDF link allows you to easily share files that don’t fit in messages or emails. Additionally, direct links can offer additional security measures such as tracking and URL expiry. See how to share a protected PDF using a link or URL securely.
Can Locklizard Safeguard protect my excel/docx/other file?
Locklizard only protects files in the PDF format. If you want to protect an xls, ppt, doc, or png file, you will have to save it as a PDF first.
Does Gmail Confidential mode enable secure online sharing?
No. Though Google claims that confidential mode stops copying, printing, downloading, and forwarding, its controls are easy to bypass. For example, users can open PDF files on their Android device and then press the annotate button to download an unprotected copy. You can find more information on this in Why Gmail Confidential Mode is not secure.
What’s the safest way to upload a PDF online to share it?
Do I need to upload a PDF online to share it securely?
No. In fact, we recommend you don’t upload a PDF online to share it using Docs, a PDF sharing platform or site, or other data room systems unless you have protected it first. A more secure method of PDF sharing is encrypting the PDF offline before uploading it or sending it securely by email.
How can you share a PDF so it’s not public as an opt-in?
As long as the PDF is encrypted, it will not be publicly available unless you have also distributed the decryption key. This is why we do not recommend password protection or online systems that use password logins since passwords can be shared. A much safer way to share a PDF so it is not made public is to use Locklizard PDF DRM to ensure only authorized users can view protected PDF files.