Guide

Reduce document fingerprints: rebuild instead of only scanning

Documents can contain individual traces that do not look like classic malware: character spacing, invisible text layers, old PDF objects, object IDs, hidden layers, metadata, or image-based markers. Because those patterns are designed to look normal, local rebuild is often the stronger defensive step.

When is this relevant?

This check is relevant whenever a file arrives unexpectedly, comes from email, messenger, download portals, or AI workflows, or should be cleaned before forwarding.

It matters most for urgent-looking files, unknown senders, or files that would otherwise be opened in apps that interpret active content.

What risks can exist?

Common risks include misleading filenames, active content, external loading targets, hidden metadata, suspicious archive paths, invisible Unicode characters, and prompt instructions for AI systems.

The exact assessment depends on the file type. ScanBeforeOpen therefore shows signals and recommendations, not a complete safety promise.

How does ScanBeforeOpen help?

The file is checked locally in the browser. There is no upload and no execution of the original file.

The result starts with a plain recommendation. Technical details, safe preview, and cleaned exports appear only where they make sense for the file type.

Exactly what is checked

PDFs are checked for incremental updates, multiple trailers, document IDs, optional content/layers, invisible text layers, and suspicious text positioning commands.

Text is checked for zero-width characters, bidi controls, variation selectors, and Unicode tag characters that can act as invisible markers.

Images are checked for typical metadata and container hints. For watermarks that cannot be proven, the app avoids false certainty and offers canvas rebuild instead.

Rebuild exports create new local copies: text as normalized TXT, PDF pages as PNG ZIP, Office content as TXT/CSV ZIP, and images as new PNG.

Why detection alone is not enough

Layout and fingerprint markers can look like normal formatting. A scanner can flag signals, but it cannot prove that every subtle detail is harmless.

ScanBeforeOpen therefore separates detection, cleaning, and rebuilding. Rebuilding means the app locally creates a new copy from visible or clearly extractable content.

Available rebuild modes

Privacy Text Rebuild normalizes text, removes invisible Unicode markers, and standardizes control characters.

PDF Visual Flatten renders pages locally as images and stores them as a ZIP without forwarding original PDF objects.

Office Visible Data Rebuild creates TXT/CSV files from readable Office content and does not carry over macros, docProps, customXml, or external relationships.

Image Canvas Rebuild renders an image locally and exports a new PNG without typical container metadata.

What rebuild must not promise

Rebuild reduces many fingerprint classes, but it is not perfect anonymization. Very subtle watermarks, writing style, or visible individual details can remain.

The advantage is still meaningful: many technical markers are not repaired but simply not carried over into the new copy.

A safer everyday review flow

Start with the source: Was the file expected, does the context make sense, and can the sender be confirmed through a second channel? Technical findings matter more when the social context is weak.

Then review filename, extension, size, magic bytes, and visible warnings. Do not open the original in another app while you are still assessing it.

If you need to share the content, prefer a cleaned export or a report over the original file. That reduces metadata, active content, and unintended remote-loading behavior.

When to escalate

After critical findings or several high-risk findings, do not open the file directly. This is especially important for resumes, invoices, contracts, archives, and files framed as urgent.

In organizations, a red result should go to IT support or security owners. Individuals should use professional antivirus or an isolated environment when uncertainty remains.

A green result only means no obvious known risk patterns were found. It is not a guarantee and does not replace approval for confidential content.

Document without spreading risk

When reporting a suspicious file, capture source, filename, time, and findings. Avoid uploading the original file into chats or unknown online services.

Screenshots or a local security report are often enough to decide the next step without redistributing the original.

Practical checklist

  • For PDFs: use visual flattening when old objects, IDs, layers, or invisible text layers matter
  • For Office files: export visible data as TXT/CSV when macros, comments, or metadata should be removed
  • For images: use canvas rebuild before publishing or forwarding images
  • For AI uploads: use Privacy Text Rebuild instead of the original file
  • Review the new copy after export because rebuild can change layout and features

Clear limits

Rebuild is defensive risk reduction. It removes or avoids many technical markers, but cannot guarantee perfect anonymity, complete steganography detection, or legal approval.

FAQ

Can ScanBeforeOpen detect every fingerprint?

No. That is exactly why rebuild modes exist. They reduce risk classes by creating new copies instead of having to prove every detail.

Is rebuild complete anonymization?

No. Visible content, writing style, layout choices, or robust watermarks may still allow inferences.

Why does PDF visual flattening lose links and text selection?

Because pages are rendered as new images. That discards many PDF objects, but interactive features are not preserved.

Why scan locally instead of uploading?

Local scanning reduces privacy risk because the original file stays on your device and is not transferred to an unknown service.