Should Printer Companies Tell You Your Printer Leaves Secret Identifying Info?

from the disclosure-seems-appropriate dept

Every few years or so, the press picks up on the story that laser printers leave some dots that are invisible to the naked eye on every print. These dots are included for the purpose of anti-counterfeiting efforts. Each printer leaves a unique mark that can be read with special blue LED light, and interpreted with a decoding system that only the printers and the secret service are supposed to have. The story is getting some press again as the EFF is pointing out that laser printers have become cheap enough that many people have them and it’s possible that the identification dots could be used for other purposes, meaning that people who print stuff out on the assumption that the documents would be anonymous, may be wrong. Officials in the article scoff at the idea that the codes would be used for anything other than anti-counterfeiting efforts. And, indeed, it does seem unlikely that the codes could be used for very much (not only would you need to interpret them, you’d also need the means of tracking down who owns a specific printer). But there is a good point in all of this: why shouldn’t the printer providers be forced to at least disclose that their printers mark every document with a unique identifier?

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Should Printer Companies Tell You Your Printer Leaves Secret Identifying Info?”

Subscribe: RSS Leave a comment
Barracuda says:

Re: possible

I remain skeptical. Some of these new printers have 300 megabytes of bloatware as part of their driver package. A 300MB printer driver? Come on! What the hell does it need to do besides print? I remember a day when a full GUI-enabled OS was less than 40MB. If programmers these days are that inept, and unable to create good, optimized code, get rid of them! But I think the driver is doing a lot more than it should be doing.

ehrichweiss says:

Re: Re: possible

Damn, you must not be very old. AmigaOS could boot up off a 880k(that is not a typo) floppy and be fully functional. Damn I miss that.

Good point but a printer driver for a laser printer is not quite the same as for your old dot matrix. There is a lot to consider when printing to them, especially in color. For example, my Lexmark has duplexing, finishing, collating and a gazillion other fun features as well as dithering, smoothing, media-type selection, etc.; the driver is around 50meg.

ike says:

not only would you need to interpret them, you’d also need the means of tracking down who owns a specific printer

A few articles ago, you brought up the inability of Google to anonymise its log data. Replacing the IP address with a unique token is insufficient.

The same applies here. Being unable to find the printer to which a document was printed doesn’t make it anonymous when one is able to able to uniquely identify the source of documents.

Where Google’s and the printer identifier cases differ is in what they can readily de-anonymise. Since Google has everyone’s search queries, it can more readily de-anonymise arbitrary people.

In the printer identifier case, the documents you are able to compare are those you have previously collected and those of the person you suspect of having printed the document.

This leads to different attacks, but it doesn’t prevent attacks from being possible as you say.

Ben says:

Force them to disclose?

Wouldn’t it be better to voluntarily disclose? It’s might be a bit of a business risk, but being honest and forthright with your customers — and explaining the reasons for the practice — should be

Is there some sort of law for laser printer manufacturers only? There are some high end inkjets that can pull off a counterfeit to an unsuspecting person quite well.

And, yes, I trust the government that this “tracking” technology is secure from public investigator access and not used for nefarious warrantless papertapping. (Hope your sarcasm meter is turned on.)

Dan L. says:

not only would you need to interpret them...

I thought it was a requirement for all newer color printers and copiers, I could be wrong.

I have in the past seen/read sites explaining exactly how to interpret the patterns and the hash patterns they make… I am sure they could be found again with a bit of searching

now the part about tracking to a person… All I can offer is only buy used printers with cash and destroy any printers you bought as new 🙂

Big Brother is watching… I am thinking of sending a copy of the book 1984 to all the Congress people in Washington.

R. Paul Waddington says:

Full disclosure is required!

Trojan software transmitting data from users systems directly to the product developer’s servers is now found in a number of market leading CAD programs.
If there is a worry about ‘micro dots’ on printed sheets why is it that few seem to be worried about the fact that CAD software developers are not prepared to ‘fully disclose’ details of data they can and are removing from our systems? details a specific example.

Anonymous Coward says:

Re: Full disclosure is required!

Yea, we found that out the hard way. Just try cutting off Internet access to a user that has Autodesk products installed.

After 1 week, his Inventor application stopped loading completely.

The reseller’s tech support?

Open up the Internet for the guy. (the reason he didn’t have it anymore is cause he was caught looking at nudie pics…duh…)

*knocks on heads*

Pauli says:

Re: Easy enough, buy used

>>Buy a used late model form Craig’s List, pay cash, leave no forwarding address.

This works if you are happy to buy a different printer every time you want to make an anonymous print. Other things you have printed with the same printer could lead people back to you because they would all have the same markings. Or at least they would be able to tell which anonymous prints all came from the same printer.

Pauli says:

Could the markings be faked?

There must be some printers that don’t leave marks. Alternately, it may be possible to crack the firmware and make a printer leave a different mark. This could be handy if you wanted to frame someone for something – you’d just have to copy the marks of your target’s printer.

I think they should disclose. Imagine if a whistle-blower was tracked down and killed because their company’s security department intercepted a letter that was supposed to be anonymous.

Oniichan says:

Old technology

My Father since the late 80’s has worked with Xerox on this type of technology. It is not new just newer released. Back in the 80’s when the first color copiers came out the biggest issue was money counterfeiting. All the color Xerox machines since the late 80’s implied a laser coded mark that could be read by a vending machine or anything that would accept bills. This is old hat.

Mark says:

Because it forces us to buy more ink

Imagine you have only black ink installed and you want to print a black and white only document.

Good luck if its an HP.

Your printer will announce that it will NOT print until the other inks are replaced.

I’ve watched my yellow reservoir get sucked dry printing only gray scale images. So, I have to buy another yellow plugin regularly just to print B&W.

It’s so dishonest I’m hoping some greedy lawyer hits ’em with a class action lawsuit.

Anonymous Coward says:


And, indeed, it does seem unlikely that the codes could be used for very much (not only would you need to interpret them, you’d also need the means of tracking down who owns a specific printer).

All you need is a sample from someone’s printer to be able to identify other output from it and blow their anonymity. It’s pretty easy actually.

shawn says:

Re: pdf

Dot matrix isn’t going to help you remain anonymous…

The same techniques that enable forensic scientists to identify individual tires or typewriters is perfectly capable of identifying the microscopic anomolies in print that result from the unique differences in every single print head produced.

I remember one case where the zip ties used in a rape/murder were traced to the exact machine they were produced on AND they were able to identify the exact lot they came from, which helped prove a man guilty because they had found a matching one of these old zip ties in his car. Sounds straightforward until you realize this factory (in Mexico) produced 100’s of millions of these things and had no preconcieved plan for doing this kind of identification in the field. This was done by analysing the wear patterns of the blades that cut the zip ties in production (among other things).

You can’t hide.

zcat (profile) says:

Easy to solve, just add a few more dots!

Someone needs to update the print drivers in Linux so that every colour laser print gets a few dozen extra sets of dots, slightly offset from the official ones, and correctly encoded with randomized information. The same pattern for any single print job, one or two changes between each print job so that it’s very difficult to identify the ‘real’ pattern even if you have several documents known to be from the same printer.

Seems pretty obvious to me.

Miche Rutledge says:

Laser Printer ID

It is used by the FBI and other law enforcement agencies already.

Remember the BTK Serial Killer capture in Wichita, KS in 2005? They found him only because he used a laser printer at his church to print the letter to the police.

The FBI and police used the laser printer ID method to determine who owned the printer, then determined who had access to and used the church printer.

So, I’d say the EFF has a very valid point. The printers should come with a warning label that privacy is compromised when using it.

FittEyes (profile) says:

I’d always heard that the printer was foolish since it printed black with a mix of all three colors. Excuses/reasons I’ve heard for this range from it makes the black seem better to it’s a nasty money-grab that they’re hoping the sheep don’t notice. I must admit, though, that I am a fan of polaroid printer for iPhone. Sometimes I absolutely need to print something and it’s fine if the colors are a little off because I ran out of cyan ink, but not this time! You will not be admitted!

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...