Researchers Reveal Details Of Printer Tracking Dots, Develop Free Software To Defeat It
from the whistleblowers-of-the-world,-rejoice,-but-still-be-careful dept
As Techdirt has reported previously in the case of Reality Leigh Winner, most modern color laser printers place tiny yellow tracking dots on every page printed — what Wikipedia calls “printer steganography“. The Electronic Frontier Foundation (EFF) first started warning about this sneaky form of surveillance back in 2005. It published a list of printers and whether it was known that they used tracking dots. In 2017, the EFF stopped updating the list, and wrote:
It appears likely that all recent commercial color laser printers print some kind of forensic tracking codes, not necessarily using yellow dots. This is true whether or not those codes are visible to the eye and whether or not the printer models are listed here. This also includes the printers that are listed here as not producing yellow dots.
Despite the EFF’s early work in exposing the practice, there has been limited information available about the various tracking systems. Two German researchers at the Technical University in Dresden, Timo Richter and Stephan Escher, have now greatly extended our knowledge about the yellow dot code (via Netzpolitik.org). As the published paper on the work explains, the researchers looked at 1286 printed pages from 141 printers, produced by 18 different manufacturers. They discovered four different encoding systems, including one that was hitherto unknown. The yellow dots formed grids with 48, 64, 69 or 98 points; using the grid to encode binary data, the hidden information was repeated multiple times across the printed page. In all cases the researchers were able to extract the manufacturer’s name, the model’s serial number, and for some printers the date and time of printing too.
It’s obviously good to have all this new information about tracking dots, but arguably even more important is a software tool that the researchers have written, and made freely available. It can be used to obfuscate tracking information that a printer places in one of the four grid patterns, thus ensuring that the hard copy documents cannot easily be used to trace who printed them. Printer manufacturers will doubtless come up with new ways of tracking documents, and may already be using some we don’t know about, but this latest work at least makes it harder with existing models.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: forensics, printer dots, printers, sources, tracking
Comments on “Researchers Reveal Details Of Printer Tracking Dots, Develop Free Software To Defeat It”
Or
Assuming your document is something juicy that the government does not want revealed due to embarrassment, email your document, using the most current form of encrypted email, from a public computer (library, coffee shop, print center) to someone who does not have a printer and have them take that digital document to someone who has a used printer, bought at a flea market, or Goodwill, or other some such, print the document, then physically take it to a fourth party, who will then (wear gloves for all the physical aspects of this, of course) take it to a Mailboxes R Us location and send it on to a fifth party (no return address, I have been told that no return address is illegal but I have sent a whole lot of mail with no return address that was received by the sent to party), who will then swap the mailing envelope and return it to you via some sort of physical mail or messenger. Then you can submit your documents to whomever you want that doesn’t have a printer. That makes 5 co-conspirators, which is pretty dangerous, even if they are hard to track.
Or, you could just use a public library computer (wearing your Halloween costume, only on Halloween, which is the only date to do such things, except April 1st) and send it via encrypted email (no need for printers on your end) to someone like Wikileaks, or The Intercept, or the New York Times, or…well there are a lot of places who would love to receive it, and a lot of government types who would love to meet you. Up close and personal like.
Any better methods?
BTW, I have a serious complaint about printer manufacturers adding something I did not intend to my printed photographs. They are works of art, and I object to their trying to infringe upon my copyright by adding, surreptitiously their art to my art. Could we DMCA these dot?
Re: Or
Almost forgot, use a VPN for all computer related transactions. If you go the the library, make sure you take you logon information with you.
Re: Or
Lots of co-conspirators. Or should I say… Terrorist cell members. Sounds like classic “conspiracy to be shot in a heroic gun battle where only another terrorist would dare point out that you were unarmed and cooperating” /s
Re: Or
Protip: putting a fake apartment number is an easy way to make a fake address. Ex: find a 4-story building in the city it will be mailed from, write "Apt. 503" at its address. Postal databases have lists of valid street addresses, but usually not apartment numbers.
Re: Re: Or
It’s not a “pro tip” unless you’re actually a pro.
Re: Re: Re: Or
HOw about a “lifehack”? 😉
Re: Re: Re:2 Or
Does not involve duct taping things together, so it’s not a lifehack.
Re: Re: Or
I always put an apartment number on any documents I’m forced to give a mailing address for.
They still get delivered to me, but it lets me see who is selling my information to who.
The most egregious was a Vermont hospital selling my info (in less than a week!) to a VT-based clothing company for pre-pubescent girls.
Re: Re: Re: Or
For gmail addresses, you can make custom valid variants of your address unique to the service you sign up for, so if you start seeing spam, you know who sold you out.
For example:
say you have your gmail accout BHarv@gmail.com
Sign up for the hospital with BHarv+VTHosp@gmail.com
Register for a one-time thing with BHarv+OneTime1234@gmail.com
Messages sent to those two plus-addresses will still be received by the main email, but if you start getting spam from VT girl clothes company, then you’d likely see them being sent to BTHarv+VTHosp@gmail.com.
Re: Re: Re:2 Or
edit: I didn’t expect the example email address I made up for that comment to become a clickable link. I don’t know where, if anywhere, that link leads.
Re: Re: Re:3 Or
As mouseover of the link will reveal, it’s a mailto: URL (instead of, e.g., a http: URL); it will open in the configured default mail client, to compose an E-mail to that E-mail address.
(Which does mean that, if that’s a valid E-mail address, you just exposed it to the bots which crawl the Web looking for addresses to spam.)
Re: Or
Also, check the document for any spelling errors, and inconsistent phrasing, and preferably several other peoples copies to look for text based copy marking.
Re: Or
IME, the best way to get the goat of someone like you is to point out that you probably increasing the chance that they will put surveillance on you by doing all that. Especially since anyone speaking out like this almost certainly isn’t really doing anything they would care about – not that this would stop them from collecting your info in their indiscriminate trawling of Internet data, but their algorithmic approach to detecting things of interest means that they only notice anomalies – like someone trying to spoof them.
You might want to believe they are looking for what you are doing, but trust me, they aren’t. Individual political agitators aren’t on their radar, not because they are upholding some great ideals about democracy (no sane person actually believes popular government is, or has ever been, a real or even possible thing – governments and corporations are, by nature, headless bureaucracies in which the official leaders have no actual standing and no individual or specific group of individuals decide anything), but because you simply don’t count (see immediately previous rant on the illusion of individual agency).
Really, your best defense is to be as blatant as possible, all the time, getting them to watch you for a while before they write you off as a crank (the ‘California Cocaine Smugglers Truck’ ploy, a form of Kansas City Shuffle where you get the police to search your empty vehicle so often that they stop bothering). Do You Believe That?™
Next you'll learn about the EXIF of digital cameras!
“Reality” was a careless idiot, and worse because didn’t actually have anything. — There was NO “whistle-blowing”, just an idiot who thought she’d damage Trump politically.
Re: Next you'll learn about the EXIF of digital cameras!
EXIF metadata can be scrubbed. It’s a bit harder to scrub the same data from a printed document.
And what does Trump and Hillary have to do with this article?
Re: Re: Next you'll learn about the EXIF of digital cameras!
But…but…but…what about OBAMA?!
Re: Re: Next you'll learn about the EXIF of digital cameras!
Nothing. But, he has to play team sports and pretend he knows more than anybody else, even though there’s obvious and immediate differences!
He really is the kind of fool who will gladly support mass surveillance and stripping of rights, so long as it’s the right team doing it.
Re: Re: Next you'll learn about the EXIF of digital cameras!
Until governments pressure camera makers to encode the serial number in some other, hidden, way, like they did with printers. Maybe it’s already happened-did anyone check?
Re: Re: Re: Next you'll learn about the EXIF of digital cameras!
And watch as JPEG compression mangles the information. Or someone sees something that needs touching up and inadvertently erases a bit of the information.
Re: Next you'll learn about the EXIF of digital cameras!
Trump’s still not going to let you suck him off, blue.
Re: Re: Next you'll learn about the EXIF of digital cameras!
He might let you piss on him though!
Re: Re: Re: Re:
He only lets the best hookers do that, very good hookers, the best.
Re: Next you'll learn about the EXIF of digital cameras!
Obama!
Drink!
We need an OpenWRT for printers
Printer firmware is awful, not just because of tracking dots. It’s usually outdated, and likely totally insecure (as soon as someone cares to look – stay tuned!). The ideal solution is a firmware-replacement project like CHDK or OpenWRT. We could make sure these things all support TLS, SSH, IPv6, PostScript, PDF and printing status feedback, without vendor-specific drivers needed on the PC, and that they get security updates. “Enterprise” UI features, like swipe-card-based printing (it’s crazy overpriced now), would be easy to add.
Re: We need an OpenWRT for printers
That would be an IP minefield. Patents on the “inventions” you want to add, license on the psotscript, copyright on the existing firmware (it’s encrypted!), and the hardware on printers varies radically.
You don’t own your printer any more than you own your farm tractor.
Re: Re: We need an OpenWRT for printers
Maybe, but with that attitude we should just stop writing software. We could say the same about Linux, OpenWRT, and everything else. (None of the stuff I mentioned was an "invention" either; they were trivial combinations of existing technologies, not patentable under Alice.)
PostScript 3, the newest version, is 21 years old–so no patent concerns. We just need a free engine, like Ghostscript. (Trademark might apply… it may be why Brother calls theirs "BR Script".)
It wouldn’t use copyrighted parts, so only DMCA-type laws would matter. The reverse-engineering could be done outside the USA, and/or anonymously. (Do all vendors encrypt it? Encrypted firmware is rare in other consumer electronics like routers.)
That could be a huge problem. Although, things like paper-feeders can’t be hugely complicated, and once we figure out the forward/reverse commands the same algorithms should apply everywhere. Linux might already run on the SoC, with support for GPIO, USB host, …
The imaging parts would be the main challenge. I’d start with a common model of black-and-white laser, ideally something available new and used with replacement parts (toners, drums) still current; and with a color version in the same product line.
Re: Re: Re: We need an OpenWRT for printers
Actually the low level hardware should be easy to drive, as it is number of steps per revolution, or encoder counts per revolution etc. or even just on/off control, along with optical or other presence sensors. What can be more tricky is figuring out how to drive any interface chips on the board, up to and including any FPGAs, which may provide functionality to generate pixel arrays.
That is given the document, turning it into pixels is a well solved problem, as that is what is done to display it on screen. The motor and sensor level of controlling the machine is also a well solved problem, though time constraints on the software exists. The magic that needs figuring out is any and all hardware assists and ancillary processors on the board to help with those two tasks.
Re: Re: Re:2 We need an OpenWRT for printers
Wikipedia says cheap printers don’t even do it. (The printer driver sends pixels.)
How about turning those into an electric charge on the drum? Apparently the laser hits it via a rotating mirror, and the laser needs to be switched on and off at up to 65 MHz to make an image, then it needs to be repeated for the next line. It doesn’t sound easy (though any optics lab will be doing crazier stuff with lasers), and I’m not expecting a "standard" interface there.
Re: Re: Re:3 We need an OpenWRT for printers
So, the document still needs to be turned into pixels, and it does not really matter where that is done, and you do not want to be using the proprietary drivers.
And that is where what I call magic happens, probably an FPGA, fast memory and DMA into and out of its buffers. That is specialized hardware. These days it might be easier to build a new controller using FPGAs, and use the ARM libraries to implement your own processor on board. How to control micros and lasers is well known, and in principle standard control algorithms, doing it fast enough be a challenge.
Thinking on it, you probably do not want to use any programmable device supplied by the printer manufacturer, as they are ideal places to hide the document marking. Interestingly these days, with the cheap board houses, and free software, even getting a multilayer board designed and made is possible for an individual to carry out.
Re: Re: Re:4 We need an OpenWRT for printers
Maybe if your adversary is the NSA. This seems to be each printer manufacturer adding trackers (each is different), at government request. Worrying that the hardware itself will add trackers seems over-paranoid (and if we’re this paranoid, can you trust "cheap board houses"?). It’s almost certainly done in the firmware.
Once you’re creating your own boards, you might as well create a whole printer. There are open 3D printers, just not 2D.
Re: Re: Re:5 We need an OpenWRT for printers
When an FPGA is in use, it is programmable hardware, and that is where tracking can be implemented. As to the board houses, all you get them to do is make the circuit board. You get, solder on and program your own devices, so there is no need to trust the board house. Full surface mount assembly can be carried out in the home shop, just add a temperature controller to a toaster oven, and it helps if you get the board house to make the solder stencil for you.
The difficult to build parts of a laser printer are the optical system, and the paper transport mechanism, which are purely mechanical systems, and they come with a reasonable case as well. This can be much cheaper, and quicker than designing building and debugging several iterations of the hardware to get it right.
Re: Re: Re:6 We need an OpenWRT for printers
Yeah, but why would you upload a tracking-enabled bitstream into it? For the attack to work, the FPGA would have to say it accepted your open-source bitstream, while actually leaving some tracking code active. That would have to be done in hardware–or by some persistent bitstream, but most FPGAs don’t persist. Why would the manufacturer go to such lengths to stop you from avoiding tracking, when people aren’t even replacing firmware now?
I forgot about that. Even pick-and-place machines aren’t expensive now. You’re right, if the board shop doesn’t handle the chips, it will be hard for them to subvert the system.
Interestingly, it’s not that difficult to etch boards at home either. It just takes some acid and… a laser printer (should we worry about the whole "trusting trust" thing?).
Re: Re: Re:7 We need an OpenWRT for printers
Home made boards are limited to single sided, or double sided without the plate through holes. Especially for surface mount chips, and very high speed operations, more layers are required to deal with the connection density, and transmission line aspects of high speed signals. Serial data transfers, using multiple serial channels for more capacity have become the norm because they make it much easier to build a working system, as they do not require tight timing tolerances between signal paths.
Because you only option may be to upload the manufacturers bit stream, because you cannot identify the device in use, and because reverse engineering such bitstreams is even harder than reverse engineering machine code. A gate level description is not much use for recognizing larger scale functional blocks like processors. That is why I said build a new board.
Re: Re: Re:8 We need an OpenWRT for printers
Ok, makes sense, but I hope we can avoid the wifi-firmware situation of having to work with binary blobs (only one chip family, ath9k, had open firmware—it’s getting a bit old, but still obtainable and popular with RF researchers).
That said, you can extract the bitstream from multiple printers and make sure they’re all identical. If so, and if the FPGA specifications don’t list a serial numbering capability (and there are no i²c or other persistent devices attached), and all evidence of tracking disappears when we rasterize the image ourselves… then there’s probably no tracking, at that level.
Re: Re: Re:5 We need an OpenWRT for printers
To be fair, if you’re a political activist then your opponents will always be those supporting the current government. In which case, you must do all you can to remain anonymous, or at least personally remain off TLA radar scopes. As once you become a nuisance, bringing down the attention and might of those agencies against individuals is like shooting fish in a barrel.
People still use printers?
Tech revealed
Now that it’s “in the wild”, I can see this becoming a sticking point in court cases, just like Stingray use and Breathalyzer technical specs.
Defense attorneys are going to start seeking full Discovery on all cases involving printed documents on the tracking method, system, and encryption methods.
It’ll be interesting to see what makes and models cause Dismissal – those will be the ones with currently undiscovered tracking systems.
Somebody Should Print a List...
…of all the classes of devices you don’t really own, even tho’ you thought you’d bought one.
Re: Somebody Should Print a List...
Wouldn’t be quicker and easier to list all the devices that you do own?
Inkjet?
Are they doing this with inkjet printers too, or is it just lasers?
In any case; pickup a printer cheap at a garage sale.
Wait six months to use it, nobody will remember you then.
Print black and white and leave out the color cartridges if it has them.
Maybe I should have kept that Epson dot-matrix printer.