Skip to content
Chimera readability score 71 out of 100, Expert reading level.

Thank you for visiting nature.com. You are using a browser version with limited support for CSS. To obtain
the best experience, we recommend you use a more up to date browser (or turn off compatibility mode in
Internet Explorer). In the meantime, to ensure continued support, we are displaying the site without styles
and JavaScript.
Nearly all of the nearly three million papers available on the arXiv preprint server contain details the authors never meant to share, a new study finds.
The study, uploaded to arXiv in April and presented at theInstitute of Electrical and Electronics Engineers Symposium on Security and Privacy in San Francisco, California, in May, analysed around 2.7 million articles posted to the repository up until December 2025, amounting to 93% of the preprints. It found that 88% of submissions that contained LaTeX source files included some form of hidden information, from arguments between co-authors and to-do lists acknowledging weaknesses in the text, to passwords, GPS coordinates that can reveal a researcher’s home address, and application programming interface (API) keys — strings of characters that function like passwords for programmers1.
“What we report in the paper is really just the tip of the iceberg,” says Jan Pennekamp, a security and privacy researcher at RWTH Aachen University in Germany and first author of the study. Each preprint can have multiple versions, all of which remain online, and the team counted 12 million accompanying or ‘dangling’ files that would need individual inspection to fully assess the extent of data leakage, Pennekamp explains.
arXiv is a preprint repository that is particularly popular in the physical and computational sciences. Founded in 1991, it requires authors whose manuscripts are written in LaTeX — a markup language used to typeset scientific papers — to upload their LaTeX source files and make them available alongside the PDF. But because LaTeX works like code, it also supports comments: lines that authors can read but that do not appear in the final document.
“The vast majority of researchers only care about the PDF,” says Ricardo Henriques, a biophysicist at the António Xavier Institute of Chemical and Biological Technology in Oeiras, Portugal, who uploads his own papers to arXiv. “That also makes most researchers not aware of the potential impact of leaving comments inside those LaTeX files.”
What’s exposed
Pennekamp and his colleagues examined three elements of arXiv submissions: dangling files, which aren’t needed to produce the paper; embedded metadata in images and PDFs; and content such as comments in LaTeX source code. Among other things, the analysis surfaced private conversations between co-authors, including profane, unflattering or embarrassing comments about research competitors and to-do notes acknowledging weaknesses that were not mentioned in the published text rather than addressed.
Other researchers have also documented data leakage in the arXiv repository. In January, Giovanni Apruzzese, a computer scientist at Reykjavik University and the University of Liechtenstein in Vaduz, and web-security researcher Aurore Fass at the Inria Centre at Côte d’Azur University in Sophia Antipolis, France, reported their analysis of 600,000 preprints, finding that 27% of them include “residual data” that are not needed to produce the PDF2. A detailed analysis of 200 such preprints identified “undisclosed research details, or the presence of derogatory statements” in 20%, including comments such as “WTF does this mean?”
And last October, researchers in Budapest, Oslo and Abu Dhabi reported using large language models to scan roughly 100,000 arXiv submissions, identifying “sensitive disclosures” in about 10% of them3. These included social-security numbers, login credentials and private cloud-storage links.
Bradley Reaves, a computer scientist at North Carolina State University in Raleigh, and his team have documented a similar form of credential leakage in GitHub source-code repositories4. The arXiv problem is distinct, he says. On GitHub, developers know their repositories are public; when credentials leak, the mistake occurs in a space they know to be visible. But most researchers don’t think of source files on arXiv as public documents, and much of what leaks isn’t credentials but private working notes. Reaves says that “arXiv kind of breaks that mental model”.
Apruzzese agrees. With social media amplifying any discovery, a single embarrassing comment unearthed in a source file could go viral. “These kinds of things can ruin the lives of some people,” he says.
Beyond comments, Pennekamp and his colleagues discovered 265 API keys, 4 private keys and 171 passwords. They found 7,326 submissions with GPS-tagged images — and, in 235 cases, the coordinates spanned commutable distances. A random check of ten such cases confirmed that nine pinpointed both a research building and a residential address, suggesting authors were accidentally sharing their home locations. The researchers uncovered and manually validated 699 Google Docs links granting editing access to anyone who clicked, exposing peer reviews, rebuttals and meeting minutes. In 18 cases, the links led to survey data from study participants. “In some cases, it was pretty obvious that this was meant to be confidential,” Pennekamp says.
As part of responsible disclosure, the researchers contacted 2,660 affected authors, 112 of whom responded to a follow-up survey. Only 41% of that group said they were aware that arXiv publishes source files. “arXiv basically says this on the website,” Pennekamp says, adding that the site provides “high-level instructions” on how to clean up the source files, and that “this is the author’s responsibility”.
Enjoying our latest content?
Log in or create an account to continue
Access the most recent journalism from Nature's award-winning team
Explore the latest features & opinion covering groundbreaking research

Facts Only

* A study analyzed approximately 2.7 million arXiv articles up to December 2025, covering 93% of preprints.
* 88% of submissions with LaTeX source files included hidden information, such as co-author arguments, to-do lists, passwords, GPS coordinates, and API keys.
* The analysis involved examining dangling files, embedded metadata in images/PDFs, and comments in LaTeX source code.
* Researchers discovered private conversations between co-authors, including embarrassing comments about competitors and acknowledgments of weaknesses.
* Analysis uncovered 265 API keys, 4 private keys, and 171 passwords within submissions.
* The research found 7,326 submissions with GPS-tagged images, in 235 cases spanning commutable distances between residential addresses and research buildings.
* Sixteen Google Docs links were found granting editing access to peer reviews, rebuttals, and meeting minutes.
* Only 41% of affected authors reported awareness that arXiv publishes source files.

Executive Summary

A study analyzed approximately 2.7 million arXiv articles up to December 2025, covering 93% of preprints, to examine potential data leakage within the repository. The research found that 88% of submissions containing LaTeX source files included hidden information, such as communications between co-authors, to-do lists detailing weaknesses, passwords, GPS coordinates, and API keys. Researchers examined dangling files, embedded metadata in images and PDFs, and comments within LaTeX source code. Other analyses have documented data leakage in GitHub repositories and scans of arXiv submissions using large language models, identifying sensitive disclosures like social-security numbers and login credentials. The research highlighted that while authors may focus on the final PDF, source files often contain private discussions and incidental personal data, prompting a discussion on the responsibility for data hygiene within preprint systems.

Full Take

The revelation that a significant portion of academic sharing is not fully public exposes a systemic gap between the perceived public nature of preprint servers and the actual security implications of the underlying files. The pattern observed is a reliance on an assumed boundary—that information contained within source code comments and accompanying files is private, which is systematically violated by common authoring practices involving LaTeX. This discrepancy creates a shared vulnerability where accidental disclosure, driven by human habits (sharing notes, logging coordinates), becomes a major risk factor amplified across the community through social media. The implication for cognitive sovereignty is that researchers must adopt a hyper-vigilant stance regarding every piece of data they generate, recognizing that what seems incidental to the research process can become significant exposure. The failure to establish clear, enforceable standards for source file hygiene within repositories suggests that intellectual freedom in sharing coexists with an often-unacknowledged security liability for the contributors. What mechanisms are needed to shift the default assumption from 'publicness' to 'privacy' when dealing with digital artifacts like LaTeX files? What responsibility framework can effectively address the viral spread of incidental data leakage discovered here?

Sentinel — Human

Confidence

The text appears to be a compilation of reporting on specific academic security research findings, characterized by attributing complex data to named experts, which suggests human journalistic synthesis rather than pure machine generation.

Signals Detected
low severity: Slightly varied sentence structure; use of direct quotes from cited researchers; natural flow despite technical subject matter.
low severity: Maintains a clear argumentative path while weaving in multiple, disparate findings (arXiv, GitHub, LLMs) without overwhelming self-contradiction.
low severity: Information is attributed directly to named researchers and specific studies; the flow links distinct findings logically rather than just listing facts.
low severity: The density of specific, multi-layered disclosures (API keys, GPS coordinates, 699 Google Docs links) suggests grounding in complex research reporting, though the scale is impressive.
Human Indicators
Inclusion of direct researcher quotes and detailed methodologies (e.g., analyzing 2.7 million articles, counting specific leaked items) suggests journalistic sourcing beyond simple LLM aggregation.
The framing addresses the 'mental model' shift (Reaves quote) and the ethical responsibility ('author’s responsibility'), indicating a nuanced editorial layer.
Whoops! Most arXiv papers contain information never meant to be shared — Arc Codex