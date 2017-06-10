Researcher Wants To Protect Whistleblowers Against Hidden Printer Dots (bleepingcomputer.com) 67
An anonymous reader writes: "Gabor Szathmari, a security researcher for CryptoAUSTRALIA, is working on a method of improving the security of leaked documents by removing hidden dots left behind by laser printers, which are usually used to watermark documents and track down leakers," reports Bleeping Computer. "Szathmari's work was inspired by the case of a 25-year-old woman, Reality Leigh Winner, who was recently charged with leaking top-secret NSA documents to a news outlet." According to several researchers, Winner might have been caught after The Intercept had shared some of the leaked documents with the NSA. These documents had the invisible markings left behind by laser printers, which included the printer's serial number and the date and time when the document was printed. This allowed the NSA to track down Winner and arrest her even before she was able to publish the leaked documents. Now, Szatmari has submitted a pull request to the PDF Redact Tools, a project for securely redacting and stripping metadata from documents before publishing. Szathmari's pull request adds a code routine to the PDF Redact Tools project that would allow app operators to convert documents to black and white before publishing. "The black and white conversion will convert colors like the faded yellow dots to white," Szathmari said in an interview. Ironically, the project is managed by First Look Media, the parent company behind The Intercept news outlet.
Because the document is really nothing more than all the bogus stories that have been printed and reported since the election. There is no actual evidence of the claims they make, other than a possible IP address. Everything else is supposition based on "We know the Ruskies were in on it, somehow.".
even black and white laser printers can watermark the document. The pixels are small enough that you won't notice them and at normal 300dpi scanning they won't transfer, just like the yellow dots, but if you get hold of the originals, there's data on there that can be used to track back to the printer in question. Inkjets do it too, both black and color models.
Long before laser printers, investigators were tying people to typewriters based on unique per-unit imperfections and wear patterns. You can do something similar based on drum and toner distribution variances even on a monochrome non-watermarked printer.
Granted, the judas dots also report the date and time, which helps nail a culprit on a shared resource, but the safest thing to do would be to OCR the printed documents rather than photocopy them.
OCR removes authenticity (Score:1)
It is much harder to prove authenticity in this case. Like rewriting the text by hand — it just is not as convincing.
That said, when it comes to accusing Trump, authenticity obviously yields to outrageousness in importance...
A dot matrix printer is the solution to the problem then.
In some countries it's however illegal to try to identify sources that have leaked to the press.
I suppose he's thinking of the case where one scans to PDF, and distributes the electronic version.
Called a black and white PHOTOCOPY (Score:2)
Turns colored dots into black ones. Problem solved.
How does making the markings easier to identify help in anonymizing the document?
Presumably light colors are mapped to white rather than black.
Unless you can find an analog copier. The digital ones will put the watermark of the copier on it. And the analog copier often has defects due to analog technology that could allow it to be traced back.
Just use a copier in a public place. I have even paid for copies made in a bookstore once of a document I had.
No, it doesn't allow it to be "traced back" because there is no registry of analog copiers. Color laser printers are special because you need no other detective work for finding the printer: the yellow dots are designed to make that identification trivial.
For other printing technologies (inkjet, black and white printers, etc.), you can only prove that a document came from a particular printer once you have
False confidence (Score:2)
I'd operate under the assumption that the NSA has hacked their hardware and software to put document tracking information into things like font rendering and image dithering artifacts.
OCR into a plain text file and strip out any formatting. It's the only way to be even remotely sure.
It's probably enough to a) strip all the non white/black pixels with a threshold filter and b) convert down to a very low resolution, like 72dpi, suitable for screen viewing, especially if you c) run it through another threshold filter at the end. This will make it look like crap, but preserve formatting which helps verify the validity of a document.
That sounds like sending a fax to me.
Back in the day typewriters were traced back because of manufacturing defects so the e may be typed 1/24th of an inch higher and 1/12th inch to the left.
A dot matrix printer could have pins that are in tolerance but have defects that could allow it to traced. The same with line impact printers.
Send it through an older fax machine. Bet Goodwill has one.
I still have an Epson FX-100.
Call it "2024" instead of "1984". (Score:2)
"This is useful to detect whistle blowers in the US."
Again, we are sacrificing billions around the world to dictatorships who will just use the exact same products to clamp down on their own people.
If 1984 were to be rewritten, it should have been from the point of view of many billions living in grinding dictatorship, being spied on by their governments simply using commercial products sold to them by some hundreds of millions living in relative freedom, embedding spying tech in those products to catch mun
Print on yellow paper.
Actually no... (Score:2)
by removing hidden dots left behind by laser printers, which are usually used to watermark documents and track down leakers,
This is incorrect. The purpose of the dots and why they are limited to color printouts is because they are intended to be used to identify currency counterfeiters.
During the 1990s Xerox and other companies sought to reassure governments that their printers would not be used for forgery.
biting off the nose to spite one's face (Score:2)
Just be aware that there's no reason to turn off the feature just because the printing is in black and white. Many color printers still uses all colors to print black and white prints, even though it's wasting toner. I have discovered that myself - printing a large pile of papers black and white and the level for all colors went down.
Irony much? (Score:2)
There is an easy enough solution (Score:2)
Perhaps... (Score:2)
Even dots that don't move betrays you, they are likely the serial number of the printer in question.
If you want to make a mess, then pick up discarded papers that has passed the printer before and run your print on them. It's not uncommon that some prints have waste blank pages included.
I can certainly see, how the methods being researched could help the good guys. But to better publicize the project, a much more compelling poster-boy or girl is needed than Ms. Winner — a supporter of Iran [twitter.com], who sincerely believes, American President is the vilest person in the US [twitter.com] (if not the world)...
Easy (Score:2)
Every agency office should install a special "whistleblowers only" printer in a prominent location near the office entrance.
Easy solution (Score:2)
Why? (Score:2)
Who besides old geezers use printers anymore?
Convert the data to a textfile.
Use TOR at a Starbucks coffeeshop with a beard, sunglasses and a Trump hat and send the fucker to the New York Times Leaker page.
Easier (Score:2)
Look, just throw the stupid document on a copier and they're gone.
This isn't rocket science. What sort of a moron would print a document IN THE NSA and then hand that original to a reporter?
She needs to go to prison for the maximum span.
I personally believe Snowden should be pardoned, and they should stop pursuing Assange, but not every leak is sacrosanct, nor is every leaker a saint.
She clearly did this as a political act, despite signing documents affirming she would keep information confidential.
