| ▲ | password4321 a day ago |
| The "print and scan physical papers back to a PDF of images" technique for final release is looking better and better from an information protection perspective. |
|
| ▲ | cookiengineer a day ago | parent | next [-] |
| > The "print and scan physical papers back to a PDF of images" technique for final release is looking better and better from an information protection perspective. Note that all (edit: color-/ink-) printers have "invisible to the human eye" yellow dotcodes, which contain their serial number, and in some cases even the public IP address when they've already connected to the internet (looking at you, HP and Canon). So I'd be careful to use a printer of any kind if you're not in control of the printer's firmware. There's lots of tools that started to decode the information hidden in dotcodes, in case you're interested [1] [2] [3] [1] https://github.com/Natounet/YellowDotDecode [2] https://github.com/mcandre/dotsecrets [3] (when I first found out about it in 2007) https://fahrplan.events.ccc.de/camp/2007/Fahrplan/events/197... |
| |
| ▲ | culi a day ago | parent | next [-] | | That's why I'm (still) waiting on this https://www.crowdsupply.com/open-tools/open-printer It's mindboggling how much open-source 3d printing stuff is out there (and I'm grateful for it) but this is completely lacking in the 2d printing world | | |
| ▲ | octoberfranklin 20 hours ago | parent [-] | | Sorry, you have been blocked
You are unable to access crowdsupply.com
Why have I been blocked?
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. What can I do to resolve this?
You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page. Cloudflare Ray ID: 9bbed59d7bcd9dfc • Performance & security by Cloudflare |
| |
| ▲ | emptybits a day ago | parent | prev | next [-] | | Thanks for the links but can you share evidence for the "public IP address" claim? Each time I've read this concept (intriguing! possible!), I search for evidence and I can't find any. The MIC and yellow dots have been studied and decoded by many and all I've ever seen, including at your links, are essentially date + time + serial#. Don't get me wrong ... stamping our documents with a fingerprint back to our printers and adding date and time is nasty enough. I don't see a need to overstate the scope of what is shared though. | | | |
| ▲ | everdrive a day ago | parent | prev | next [-] | | >Note that all printers have "invisible to the human eye" yellow dotcodes, which contain their serial number, and in some cases even the public IP address when they've already connected to the internet (looking at you, HP and Canon). I've got a black and white brother printer which uses toner. Is there something similar for this printer? | | |
| ▲ | gramie a day ago | parent | next [-] | | I believe that this only exists for colour printers. The official reasoning was to trace people counterfeiting money. | |
| ▲ | nwallin a day ago | parent | prev | next [-] | | It's only there for color printers. A tiny yellow dot on white paper is basically invisible to the human eye. Yellow ink absorbs blue light and no other light, and human vision is crap at resolving blue details. A tiny black dot on white paper sticks out like a sore thumb. | |
| ▲ | cookiengineer a day ago | parent | prev | next [-] | | > black and white brother printer excellent choice, that's what I am using. Also it's Linux / CUPS compatible and without a broken proprietary rasterizer. | | |
| ▲ | contingencies a day ago | parent [-] | | Same thing here. A few years ago I bought three brands of printer-scanner combos for our R&D office, returned the others. Brother was the least broken despite still not being perfect. Issues include broken scanning drivers and fake toner warnings at ~1/3 level. |
| |
| ▲ | IshKebab a day ago | parent | prev [-] | | Yes, the data can be embedded by modulating the laser. But I've only seen research showing that it's possible. As far as I know nobody has demonstrated whether actual laser printers use that technique or not. |
| |
| ▲ | mmh0000 a day ago | parent | prev | next [-] | | If you have a UV flashlight, these dots are visible with decent vision. And of course we have to include the Wikipedia entry: https://en.wikipedia.org/wiki/Printer_tracking_dots | | |
| ▲ | culi a day ago | parent [-] | | And also EFF's attempt to track all printers that do or do not display tracking dots which they eventually prepended with > (Added 2015) Some of the documents that we previously received through FOIA suggested that all major manufacturers of color laser printers entered a secret agreement with governments to ensure that the output of those printers is forensically traceable. > This list is no longer being updated. https://www.eff.org/pages/list-printers-which-do-or-do-not-d... |
| |
| ▲ | askvictor 19 hours ago | parent | prev [-] | | Could this be circumvented by randomly (or not-so-randomly) adding single-pixel yellow dots to the data sent to the printer? | | |
|
|
| ▲ | notepad0x90 21 hours ago | parent | prev | next [-] |
| a better approach is to convert them to jpeg/png. Then convert that to raw BMP, and then share or print that. A more modern approach for text documents would be to have an LLM read and rephrase, and restructure everything without preserving punctuation and spacing, using a simple encoding like utf-8, and then use the technique above or just take analog pictures of the monitor. The analog (film) part protects against deepfakes and serves as proof if you need it (for the source and final product alike). There various solutions out there after the leaks that keep happening where documents and confidential information is served/staged in a way that will reveal the person with who it is shared. Even if you copy paste the text into notepad and save it in ascii format, it will reveal you. Off-the-shelf printers are of course a big no-no. If all else fails, that analog picture technique works best for exfil, but the final thing you share will still track back to you. I bet spies are back to using microfilms these days. I only say all of that purely out of a fascination into the subject and for the sake of discussion (think like a thief if you want to catch one and all). Ultimately, you shouldn't share private information with unauthorized parties, period. Personal or otherwise. If you, like snowden, feel that all lawful means are exhausted and that is your only option to address some grievance, then don't assume any technique or planning will protect you, if it isn't worth the risk of imprisonment, then you shouldn't be doing it anyways. Assume you will be imprisoned or worse. |
|
| ▲ | emeril a day ago | parent | prev | next [-] |
| I suppose I'd just save the pdf to tiff/png then remake back into a pdf from there to avoid printing and scanning? if really paranoid, I suppose one could run a filter on the image files to make them a bit fuzzy/noisy |
| |
|
| ▲ | tester756 a day ago | parent | prev | next [-] |
| Why not just make screenshoot of every PDF page? |
| |
| ▲ | jeffbee a day ago | parent [-] | | It could still be identifiable, for example if the document has been prepared such that the intended recipient's identity is encoded into subtle modulation of the widths of spaces. | | |
| ▲ | yyyk a day ago | parent | next [-] | | That's outside this threat model? The idea here is trying to foil outside analysis, not limit the document authors (which are allowed to add/update and even write openly 'the intended recipient's identity'). | |
| ▲ | sincerely a day ago | parent | prev | next [-] | | Print and re-scan wouldn’t fix that though. | | |
| ▲ | jeffbee a day ago | parent [-] | | That was my point. If you want to erase its origin you need to semantically extract the contents and reduce them to their most basic representation. |
| |
| ▲ | tester756 a day ago | parent | prev | next [-] | | Sure, but all those not-essential information hidden in PDFs format are removed | |
| ▲ | idiotsecant 20 hours ago | parent | prev [-] | | In PDF file format? |
|
|
|
| ▲ | iAMkenough a day ago | parent | prev | next [-] |
| That'd be fun to make Section 508 compliant at mass scale. |
|
| ▲ | JumpinJack_Cash a day ago | parent | prev [-] |
| Is there a multifunction B&W printer which prints and then automatically positions the paper on the scanner and scans? |
| |
| ▲ | dredmorbius a day ago | parent [-] | | Far more straightforward to print a stack, then feed that stack through the copier/scanner. | | |
| ▲ | IshKebab a day ago | parent [-] | | You don't need to actually print and scan. Just convert to a raster format like PNG. | | |
| ▲ | dredmorbius 20 hours ago | parent | next [-] | | Given issues with fully-electronic conversion, passing through a paper phase tends to guard against foul-ups. It's tangible and demonstrable. People ... take short-cuts, which is why we're having this discussion. | |
| ▲ | iAMkenough a day ago | parent | prev [-] | | Then use OCR to convert it back from raster for Section 508 compliance. All the existing work to make handwritten pages and visuals compliant would have to be redone after converting to raster. |
|
|
|
