For investigative reporters, “upload to a free PDF converter” is one of the easiest unforced errors in the source-protection playbook. Documents arrive from sources with their own metadata: author names, organization, original file path, exact timestamps that can identify when and where the file was made. Uploading that file to a third-party server hands all of it to a stranger — and to whoever serves that stranger with a subpoena.
PDFToolBench is the toolkit you can use without leaving a trail. Every tool runs locally.
The reporter's workflow
1. Strip Metadata First
Before doing anything else, strip author names, creation dates, and producer strings. These often unmask which staffer or printer at an organization generated the file.
2. True Redact
Pixel-baked redactions that destroy underlying text. Critical for protecting source identifiers that would otherwise be recoverable from a casual black rectangle.
3. OCR Leaked Scans
Run OCR on a scanned leak document locally. The text never reaches a server you don't control.
4. Extract Text Layer
Pull the embedded text out of a digital PDF for searching, FOIA filing, or quoting — without uploading.
5. Password-Protect
Wrap a sensitive PDF in AES-256 before sharing it with a colleague over chat.
Threat-model notes
- This tool runs in your browser. Use it on a clean device (not your phone if you're worried about MDM), in a private window, ideally over a VPN if you don't want network observers to know which tool page you loaded.
- The page makes ad requests (Google AdSense). If even those are part of your threat model, block ads with uBlock Origin; the tools still work.
- For maximum guarantees, load the page once, disconnect Wi-Fi, then drop the file.