Sharing sensitive personal information online—whether a national ID, driver’s license, or passport—always makes me uneasy. Given that data breaches are a matter of “when, not if,” it is important to minimize our digital footprint.

While the best defense is simply not sharing the data at all, modern life often makes that impossible. Whether you’re renting a holiday cottage, opening a bank account, or complying with a website’s verification process, you eventually have to provide sensitive documents.

I have started “dirtying” my documents to make them less valuable to hackers and easier to track if a leak occurs.

Lower Quality

Before uploading, I strip the EXIF data (metadata containing location and device information), resize the image, and convert it to grayscale.

If my data is stolen, it is easier to prove the source if the scan is low-resolution and looks “off.” Hopefully, this also makes the document less useful for identity theft.

No one needs a 4000×3000 pixel, high-fidelity photo of my ID; high resolution only aids bad actors. I downsize the image using Squoosh and convert it to a JPEG with around 70% quality. This intentional quality loss is a benefit: the document remains legible for verification but loses the pristine appearance that might help forgery.

Visual Watermark

Next, I add a subtle, semi-transparent watermark. This helps identify who leaked my data in the event of a breach. I include the name of the service with which I am sharing it.

ImageMagick can handle this easily, placing the text in the center with low opacity—enough to be legible, but subtle enough that it is not distracting.

magick input.jpg -pointsize 72 -gravity center -fill "rgba(255,255,255,0.3)" -annotate 0 "EXAMPLE.COM" to_share.jpg

I often play with the RGBA settings to fine-tune the opacity depending on the document’s background.

Steganography

This week, I added an extra layer of invisible tracking to my workflow using steganography, which embeds a hidden text note directly into the image data.

Ensure you perform this step after watermarking and resizing, as those processes will destroy any hidden metadata.

steghide embed -cf to_share.jpg -ef <(echo "Shared with example.com in 2025")

Alternatively, you can use the hyphen method shown below. However, note that passing a password directly within the command is less secure, as it may be recorded in your shell history.

echo "Shared with example.com in 2025" | steghide embed -cf to_share.jpg -p "" -ef -

Now, the file itself contains a hidden “receipt” of when and where it was uploaded. The embedded data can be extracted via:

steghide extract -sf to_share.jpg -xf extract.txt

Reality Check

It is important to acknowledge that these methods are not foolproof:

• Steganography is fragile; if the receiving website automatically resizes the upload, the hidden note will be lost.
• Watermarks can, of course, be manually edited out.

However, these steps provide me with peace of mind. By adding layers of friction, I make my data incrementally harder to use for automated identity theft.