Go back

Security and Anonymity Guide for Releasing Deep Fakes

1. Metadata removal and file sanitization

Before uploading any content, remove all identifying metadata from your files.

For video files:

Using ExifTool (recommended - works on Windows, Mac, Linux):

  • Download from https://exiftool.org/
  • Open terminal/command prompt
  • Navigate to your video folder: cd /path/to/your/folder
  • Remove all metadata: exiftool -all= your_video.mp4
  • Verify removal: exiftool your_video.mp4

Using FFmpeg (alternative method):

ffmpeg -i input.mp4 -map_metadata -1 -c:v copy -c:a copy output.mp4

For audio files:

exiftool -all= your_audio.mp3

What metadata can expose you:

  • Device information (camera model, phone type)
  • Software used (editing apps, AI tools)
  • Creation timestamps
  • GPS coordinates (if recorded on mobile)
  • User account names embedded in files

For PDF files:

PDFs contain extensive metadata that can expose you:

  • Author name
  • Software used (Adobe, LibreOffice, etc.)
  • Creation and modification dates
  • Computer name
  • Document editing history
  • Even GPS coordinates if created from scanned photos

Using ExifTool:

exiftool -all= your_document.pdf

Using qpdf (preserves PDF structure better):

qpdf --linearize --remove-unreferenced-resources=yes input.pdf output.pdf
exiftool -all= output.pdf

Using mat2 (Metadata Anonymization Toolkit - Linux/Mac):

mat2 --inplace your_document.pdf

Or to create a clean copy:

mat2 your_document.pdf

For EPUB files:

EPUB files are actually ZIP archives containing XML files with metadata.

Using ExifTool:

exiftool -all= your_book.epub

Manual method (more thorough):

  • Rename file to .zip: mv book.epub book.zip
  • Extract: unzip book.zip -d book_folder
  • Edit book_folder/META-INF/container.xml and remove metadata
  • Edit book_folder/OEBPS/content.opf and remove <dc:creator>, <dc:date>, etc.
  • Repackage: cd book_folder && zip -r ../book_clean.epub *
  • Run ExifTool as final cleanup: exiftool -all= book_clean.epub

For DOCX/ODT files:

These are also ZIP archives with embedded metadata.

Using ExifTool:

exiftool -all= document.docx

Better method - Convert to clean PDF:

  • Open in LibreOffice (not Microsoft Word - leaves fewer traces)
  • File → Export as PDF
  • In export dialog, uncheck "Export comments" and other metadata options
  • Save as new PDF
  • Run ExifTool on the PDF: exiftool -all= output.pdf

For image files (if included in documents):

exiftool -all= image.jpg

Or strip and re-encode:

convert input.jpg -strip output.jpg

2. Create operational security layers

Use a VPN:

  • Recommended: Mullvad, PureVPN, and AirVPN
  • Avoid free VPNs (they log and sell data). There are also plenty of VPN options that are not safe to use. For more in-depth recommendations, check out this guide.
  • Connect to VPN before accessing any upload platforms
  • Consider using servers in privacy-friendly jurisdictions

Use Tor Browser for maximum anonymity (optional, for high-risk scenarios):

  • Download from https://www.torproject.org/
  • Access upload platforms through Tor
  • Note: Some platforms block Tor exit nodes
  • Slower upload speeds

Separate your identities:

  • Never use personal accounts for uploading interventions
  • Create burner email addresses (ProtonMail, Tutanota with no personal info)
  • Use different usernames unconnected to your real identity
  • Don't reuse passwords across accounts

3. Create anonymous accounts

For email (required for most platforms):

  • Use privacy-focused providers: ProtonMail, Tutanota, Guerrilla Mail
  • Access only through VPN or Tor
  • Provide no real personal information
  • Use a password manager to generate strong, unique passwords

For social media platforms:

  • Create accounts using burner email
  • Use VPN during account creation and all subsequent logins
  • Never log in from your home IP without VPN
  • Use random username generator tools
  • Avoid patterns that could link to your real identity
  • Don't follow your real accounts or known associates

Platform-specific considerations:

  • YouTube: Requires Google account; consider using brand account feature
  • TikTok: Requires phone number (use burner SIM or virtual number services)
  • Twitter/X: Requires email; phone verification increasingly common
  • Instagram: Requires email; aggressive about detecting fake accounts

4. File handling best practices

Create a clean copy workflow:

  • Never upload files directly from your main computer
  • Process files in this order:
    • Original file → Edit/process → Remove metadata → Upload
  • Use a separate folder for "clean" upload-ready files
  • Delete originals after successful upload if operational security is critical

Avoid fingerprinting through encoding:

  • Re-encode videos to remove software signatures: 
    ffmpeg -i input.mp4 -c:v libx264 -preset medium -crf 23 -c:a aac -b:a 128k output.mp4
  • This removes specific encoder information while maintaining quality

5. Upload process security

Before uploading:

  • VPN is connected and active
  • Using burner/anonymous account
  • All metadata removed from files
  • File has been re-encoded if necessary
  • No personal information in filename (rename to generic: "video_001.mp4")

During upload:

  • Don't include identifying information in captions/descriptions
  • Avoid location tags or geolocation features
  • Consider your posting time (don't establish patterns)
  • Use platform's privacy settings appropriately

After upload:

  • Clear browser cache and cookies
  • Close VPN session
  • Document upload with date/platform for your records (stored securely)