Oof, that's a great point. We briefly touched on this a few weeks ago, but from the angle of canary tokens / tracking pixels [1].

Security-wise, our main concern is protecting people who read suspicious documents, such as journalists and activists, but we do have sources/leakers in our threat model as well. Our docs are lacking in this regard, but we will update them with information targeted specifically to non-technical sources/leakers about the following threats:

- Metadata (simple/deep)

- Redactions (surprisingly easy to get wrong)

- Physical watermarking (e.g., printer tracking dots)

- Digital watermarking (what you're pointing out here)

- Fingerprinting (camera, audio, stylometry)

- Canary tokens (not metadata per se, but still a de-anonymization vector)

If you come in FOSDEM next week, we plan to talk about this subject there [2].

The goal here isn't to provide a false sense of security, nor frighten people. It's plain old harm reduction. We know (and encourage) sources to share documents that can help get a story out, but we also want to educate them about the circumstances in which they may contain their PII, so that they can make an informed choice.

[1]: https://social.freedom.press/@dangerzone/115859839710582670

[2]: https://fosdem.org/2026/schedule/event/JZ3F8W-dangerzone_ble...

(Dangerzone dev btw)