←back to thread

List of Printers Which Do or Do Not Display Tracking Dots

(www.eff.org)
586 points prawn | 9 comments | 06 Jun 17 22:12 UTC | HN request time: 0.001s | source | bottom
Show context
bobsam ◴[06 Jun 17 23:17 UTC] No.14502324[source]
The real question you should be asking yourself is how hard it is to fake these. If I get hold of someones copies, can I use them as template?
replies(1): >>14502382 #
1. kemiller2002 ◴[06 Jun 17 23:25 UTC] No.14502382[source]
I think this is an excellent example of why security through obscurity is a bad idea. Now that we know they are there, it's only a matter of time before they are all broken and duplicated. How hard is it? I don't know, but I can't imagine that its impossible. Given time and technology, someone will figure how to forge these without difficulty.

They were clearly betting on the fact that no one would notice they are there. What scares me is we're just finding this out. How long have criminal organizations and rogue nations known about this and what have they used it for?

replies(2): >>14502455 #>>14508143 #
2. schoen ◴[06 Jun 17 23:33 UTC] No.14502455[source]
I'm confused about why people consistently think that this was a total secret, no matter how many waves of press coverage it gets.

https://en.wikipedia.org/wiki/Printer_steganography

There were press articles about it by 2004 (and I think some earlier), we had written the tool that Rob Graham used to decode these scans by 2005, and I gave a number of TV interviews about it during 2005. A small number of manufacturers (maybe worried about European data protection laws) also alluded to the existence of the technology in their user manuals. Some of the people from industry who contacted me also said that this was common knowledge to people in the printing industry since at least the turn of the millennium.

replies(2): >>14502878 #>>14503507 #
3. rhizome ◴[07 Jun 17 00:51 UTC] No.14502878[source]
people consistently think that this was a total secret

As far as I've seen, this isn't true.

replies(1): >>14502927 #
4. schoen ◴[07 Jun 17 01:01 UTC] No.14502927{3}[source]
Maybe I should say "regularly"?
replies(2): >>14503094 #>>14503215 #
5. taeric ◴[07 Jun 17 01:44 UTC] No.14503094{4}[source]
I'm curious if there is a "half life" to this knowledge. Or, rather, what that would be.
6. rhizome ◴[07 Jun 17 02:16 UTC] No.14503215{4}[source]
It sounds like you're being surprised that anybody doesn't know about it, even if they're in a risky position themselves, which seems disingenuous.

Before today, what was the most likely path to this knowledge? As in one month ago...and how many 26 year olds have occasion to learn themselves the details of printers? Nobody uses printers.

Yes, working in that position it would be more likely, but she still could merely be a corner case when it comes to laser printer dot awareness, even within the IC.

7. Mathnerd314 ◴[07 Jun 17 03:25 UTC] No.14503507[source]
None of those are enough. Unless the spying feature is directly marketed to consumers, e.g. a TV ad that says "Buy a color printer THAT SPIES ON YOU today!", >92% of the population will never learn about it. (That estimate being from the # who don't read license agreements: https://measuringu.com/eula/)

Generally, anything that less than half of the population knows abut is a secret (e.g., menstruation is still called a "secret" in some circles...), so you shouldn't be confused, just disappointed at how gullible / uninformed the average person is.

replies(1): >>14503599 #
8. bubblethink ◴[07 Jun 17 03:47 UTC] No.14503599{3}[source]
>Unless the spying feature is directly marketed to consumers, e.g. a TV ad that says "Buy a color printer THAT SPIES ON YOU today!", >92% of the population will never learn about it.

Heh. The tagline for this car HUD (http://www.jbl.com/connected-car/CP100+LEGEND.html) says, "Now your car can be on the grid too". That's getting pretty close to your tagline.

9. cestith ◴[07 Jun 17 17:22 UTC] No.14508143[source]
Print sensitive documents at FedEx Office or Staples and pay in cash. It's the only way to be sure.

There were magazine articles, newspaper articles, and news site discussions about this years ago. They covered it being added to stop color laser printers and dye sublimation printers from being used for currency counterfeiting. That the tech community has this short of a communal memory astounds and saddens me.

Even beyond the public knowledge of this tactic, that Reality Winner was working at an intelligence agency and was silly enough to think said intelligence agency couldn't track what had been printed in its own offices is laughable. Either she had no business working in that environment as she clearly doesn't understand their mission and methods or she's a scapegoat.

* 2014 - PC World - http://www.pcworld.com/article/229647/counterfeit_money_on_c...

* 2004 - PC World - http://www.pcworld.com/article/118664/article.html

* 2005 - Washington Post, stating it had been in use at least ten years, and that at least one version of the yellow dot code had been broken. - http://www.washingtonpost.com/wp-dyn/content/article/2005/10...

* 2004 - Slashdot - https://hardware.slashdot.org/story/04/02/06/1513255/hp-disc...

* 2004 - Geek.com - https://www.geek.com/news/color-laser-printers-allow-feds-to...

I could probably easily find more.