Last updated

This module begins with a short discussion about information hidden in files, and the potential risks tied to file metadata. It follows with a short exercise to have students find the file metadata embedded in a photo, followed by discussion of risk minimization.


Threat modeling
(Good to know) Malware

Estimated time

30-35 minutes


  • Upon successful completion of this module, students will be able to find file metadata, as well as printer micro-dots and physical markers hidden in the content of a document.
  • Students will be able to identify techniques for removing file metadata.
  • Students will be able to analyze the risks associated with publishing sensitive original documents.

Why this matters

Getting work done without compromising the newsroom, or information shared by higher-risk sources, means looking closely at what is in a file, and thinking through how to minimize risk before sharing documents beyond the newsroom, if at all.


(Before class)

Sample slides

File safety (Google Slides)


  • Have students find John McAfee's secret location, using only this photo.

    Note: You may need to send the link around via a trusted channel. Because link shorteners are sometimes abused to deliver malicious links, we do not encourage using a link shortener unless you can also qualify this issue for your students.

Questions for discussion

  • How might the Vice News example we saw have been avoided?
  • Suppose you want to report a story that includes original documents a source shared. They've been verified, and you and your editor feel confident in them. How might you report on those documents to minimize risk to your source?

Donate to support press freedom

Your support is more important than ever.