728 x 90

Oh! Most arXiv papers contain information that should never be shared

Oh! Most arXiv papers contain information that should never be shared

Some researchers who use the LaTeX markup language for typesetting unknowingly make private information public.Credit: Tom Houghton/Nature Nearly all of the nearly three million articles available on the arXiv preprint server contain details that the authors never wanted to share, according to a new study. The study, uploaded to arXiv in April and presented at

A close-up view of a colorful LaTeX code on a black background with a reflection of a computer keyboard.

Some researchers who use the LaTeX markup language for typesetting unknowingly make private information public.Credit: Tom Houghton/Nature

Nearly all of the nearly three million articles available on the arXiv preprint server contain details that the authors never wanted to share, according to a new study.

The study, uploaded to arXiv in April and presented at the Institute of Electrical and Electronics Engineers Security and Privacy Symposium in San Francisco, California, in May, analyzed about 2.7 million articles published in the repository through December 2025, representing 93% of the preprints. It found that 88% of submissions containing LaTeX source files included some form of hidden information, from discussions between co-authors and to-do lists that acknowledged weaknesses in the text, to passwords, GPS coordinates that can reveal a researcher’s home address, and application programming interface (API) keys, strings of characters that function as passwords for programmers.1.

“What we report in the paper is really just the tip of the iceberg,” says Jan Pennekamp, ​​a security and privacy researcher at RWTH Aachen University in Germany and first author of the study. Each preprint can have multiple versions, all of which remain online, and the team counted 12 million attached or “dropped” files that would need individual inspection to fully assess the extent of the data leak, Pennekamp explains.

arXiv is a preprint repository particularly popular in the physical and computational sciences. Founded in 1991, it requires authors whose manuscripts are written in LaTeX (a markup language used to compose scientific articles) to upload their LaTeX source files and make them available along with the PDF. But because LaTeX works as code, it also supports comments: lines that authors can read but that don’t appear in the final document.

“The vast majority of researchers only care about the PDF,” says Ricardo Henriques, a biophysicist at the António Xavier Institute of Chemical and Biological Technology in Oeiras, Portugal, who uploads his own papers to arXiv. “That also makes most researchers unaware of the potential impact of leaving comments within those LaTeX files.”

what is exposed

Pennekamp and his colleagues examined three elements of arXiv submissions: pending files, which are not necessary to produce the paper; metadata embedded in images and PDF files; and content as comments in the LaTeX source code. Among other things, the analysis uncovered private conversations between co-authors, including profane, unflattering or embarrassing comments about the research’s competitors and to-do notes that acknowledged weaknesses that were left unmentioned in the published text rather than addressed.

Other researchers have also documented data leaks in the arXiv repository. In January, Giovanni Apruzzese, a computer scientist at the University of Reykjavik and the University of Liechtenstein in Vaduz, and web security researcher Aurore Fass of the Inria Center at Côte d’Azur University in Sophia Antipolis, France, reported on their analysis of 600,000 preprints and found that 27% of them include “residual data” that is not necessary to produce the PDF.2. A detailed analysis of 200 such preprints identified “undisclosed research details or the presence of derogatory statements” in 20%, including comments such as “What does this mean?”

And last October, researchers in Budapest, Oslo, and Abu Dhabi reported that they used large language models to scan about 100,000 arXiv submissions, identifying “confidential disclosures” in about 10% of them.3. These included social security numbers, login credentials, and private cloud storage links.

Bradley Reaves, a computer scientist at North Carolina State University in Raleigh, and his team have documented a similar form of credential leak in GitHub source code repositories.4. The problem with arXiv is different, he says. On GitHub, developers know that their repositories are public; when the credentials are leaked, the error occurs in a space that they know is visible. But most researchers do not consider arXiv source files to be public documents, and much of what leaks are not credentials but private work notes. Reaves says that “arXiv breaks that mental model.”

Apruzzese agrees. Since social media amplifies any discovery, a single embarrassing comment discovered in a source file could go viral. “These kinds of things can ruin some people’s lives,” he says.

Beyond the comments, Pennekamp and his colleagues discovered 265 API keys, 4 private keys, and 171 passwords. They found 7,326 submissions with GPS-tagged images, and in 235 cases, the coordinates spanned commutable distances. A random check of ten of these cases confirmed that nine identified both a research building and a residential address, suggesting that the perpetrators were accidentally sharing the location of their homes. The researchers discovered and manually validated 699 Google Docs links that granted editing access to anyone who clicked, exposing peer reviews, rebuttals, and meeting minutes. In 18 cases, the links led to survey data from study participants. “In some cases, it was quite obvious that this had to be confidential,” Pennekamp says.

As part of responsible disclosure, researchers contacted 2,660 affected authors, 112 of whom responded to a follow-up survey. Only 41% of that group said they knew that arXiv publishes source files. “arXiv basically says this on the website,” says Pennekamp, ​​adding that the site provides “high-level instructions” on how to clean up the source files, and that “this is the author’s responsibility.”

Keep following us for the latest insights.

Posts Carousel

Latest Posts

Top Authors

Most Commented

Featured Videos