Should Printer Companies Tell You Your Printer Leaves Secret Identifying Info?
from the disclosure-seems-appropriate dept
Every few years or so, the press picks up on the story that laser printers leave some dots that are invisible to the naked eye on every print. These dots are included for the purpose of anti-counterfeiting efforts. Each printer leaves a unique mark that can be read with special blue LED light, and interpreted with a decoding system that only the printers and the secret service are supposed to have. The story is getting some press again as the EFF is pointing out that laser printers have become cheap enough that many people have them and it’s possible that the identification dots could be used for other purposes, meaning that people who print stuff out on the assumption that the documents would be anonymous, may be wrong. Officials in the article scoff at the idea that the codes would be used for anything other than anti-counterfeiting efforts. And, indeed, it does seem unlikely that the codes could be used for very much (not only would you need to interpret them, you’d also need the means of tracking down who owns a specific printer). But there is a good point in all of this: why shouldn’t the printer providers be forced to at least disclose that their printers mark every document with a unique identifier?
Filed Under: counterfeiting, disclosure, identification, laser printers, printers
Comments on “Should Printer Companies Tell You Your Printer Leaves Secret Identifying Info?”
possible
most printer companies require you to register your sn with them for any sort of support. If a unique identifier is tied to a particular sn, then it is theoretically possible to track.
Re: possible
I remain skeptical. Some of these new printers have 300 megabytes of bloatware as part of their driver package. A 300MB printer driver? Come on! What the hell does it need to do besides print? I remember a day when a full GUI-enabled OS was less than 40MB. If programmers these days are that inept, and unable to create good, optimized code, get rid of them! But I think the driver is doing a lot more than it should be doing.
Re: Re: possible
Why should a programmer care about writing optimized code as long as it get the job done bugfree and with reasonable speed?
Premature optimization is the root of all evil.
Beside that, I do think 300 MB of bloatware is outrageous. I cannot imagine that you require that much code for something like a printer.
Re: Re: possible
Damn, you must not be very old. AmigaOS could boot up off a 880k(that is not a typo) floppy and be fully functional. Damn I miss that.
Good point but a printer driver for a laser printer is not quite the same as for your old dot matrix. There is a lot to consider when printing to them, especially in color. For example, my Lexmark has duplexing, finishing, collating and a gazillion other fun features as well as dithering, smoothing, media-type selection, etc.; the driver is around 50meg.
two words
Full Disclosure.
A few articles ago, you brought up the inability of Google to anonymise its log data. Replacing the IP address with a unique token is insufficient.
The same applies here. Being unable to find the printer to which a document was printed doesn’t make it anonymous when one is able to able to uniquely identify the source of documents.
Where Google’s and the printer identifier cases differ is in what they can readily de-anonymise. Since Google has everyone’s search queries, it can more readily de-anonymise arbitrary people.
In the printer identifier case, the documents you are able to compare are those you have previously collected and those of the person you suspect of having printed the document.
This leads to different attacks, but it doesn’t prevent attacks from being possible as you say.
Force them to disclose?
Wouldn’t it be better to voluntarily disclose? It’s might be a bit of a business risk, but being honest and forthright with your customers — and explaining the reasons for the practice — should be
Is there some sort of law for laser printer manufacturers only? There are some high end inkjets that can pull off a counterfeit to an unsuspecting person quite well.
And, yes, I trust the government that this “tracking” technology is secure from public investigator access and not used for nefarious warrantless papertapping. (Hope your sarcasm meter is turned on.)
not only would you need to interpret them...
I thought it was a requirement for all newer color printers and copiers, I could be wrong.
I have in the past seen/read sites explaining exactly how to interpret the patterns and the hash patterns they make… I am sure they could be found again with a bit of searching
now the part about tracking to a person… All I can offer is only buy used printers with cash and destroy any printers you bought as new 🙂
Big Brother is watching… I am thinking of sending a copy of the book 1984 to all the Congress people in Washington.
Think About This
I you use the included software to go on line to update it, they got info on you. Printer Make, Model, SN, and your IP.
If you register it on line that have the info you send them too.
Full disclosure is required!
Trojan software transmitting data from users systems directly to the product developer’s servers is now found in a number of market leading CAD programs.
If there is a worry about ‘micro dots’ on printed sheets why is it that few seem to be worried about the fact that CAD software developers are not prepared to ‘fully disclose’ details of data they can and are removing from our systems?
http://miletter.blogspot.com details a specific example.
Re: Full disclosure is required!
Yea, we found that out the hard way. Just try cutting off Internet access to a user that has Autodesk products installed.
After 1 week, his Inventor application stopped loading completely.
The reseller’s tech support?
Open up the Internet for the guy. (the reason he didn’t have it anymore is cause he was caught looking at nudie pics…duh…)
*knocks on heads*
Easy enough, buy used
Buy a used late model form Craig’s List, pay cash, leave no forwarding address.
Re: Easy enough, buy used
>>Buy a used late model form Craig’s List, pay cash, leave no forwarding address.
This works if you are happy to buy a different printer every time you want to make an anonymous print. Other things you have printed with the same printer could lead people back to you because they would all have the same markings. Or at least they would be able to tell which anonymous prints all came from the same printer.
Re: Re: Easy enough, buy used
Or, you could just use a monochrome laser to print all your ransom notes… Or at least remove the yellow toner.
Could the markings be faked?
There must be some printers that don’t leave marks. Alternately, it may be possible to crack the firmware and make a printer leave a different mark. This could be handy if you wanted to frame someone for something – you’d just have to copy the marks of your target’s printer.
I think they should disclose. Imagine if a whistle-blower was tracked down and killed because their company’s security department intercepted a letter that was supposed to be anonymous.
Actually, the EFF published information on interpreting the code some time ago, shortly after the story broke. Here’s the link: http://w2.eff.org/Privacy/printers/docucolor/
Printer Leaves Secret Identifying Info
Wow, when I get a new printer I give my old one away to someone or an organization. I wonder who has access to them now.
Old technology
My Father since the late 80’s has worked with Xerox on this type of technology. It is not new just newer released. Back in the 80’s when the first color copiers came out the biggest issue was money counterfeiting. All the color Xerox machines since the late 80’s implied a laser coded mark that could be read by a vending machine or anything that would accept bills. This is old hat.
Because it forces us to buy more ink
Imagine you have only black ink installed and you want to print a black and white only document.
Good luck if its an HP.
Your printer will announce that it will NOT print until the other inks are replaced.
I’ve watched my yellow reservoir get sucked dry printing only gray scale images. So, I have to buy another yellow plugin regularly just to print B&W.
It’s so dishonest I’m hoping some greedy lawyer hits ’em with a class action lawsuit.
Re: Because it forces us to buy more ink
change it to bW in the print menu otherwise it prints in color have had the same thing happen to me
Re: Because it forces us to buy more ink
Try selecting the Grayscale in Black only option in your HP printer settings (it is there…) and maybe you will stop printing ‘warm’ grays which are comprised of CMYK color mixes; fixing your main problem (conspiracy-to-sell-ink-ism is going to be more difficult).
Re: Because it forces us to buy more ink
Refill the color cartridge with black ink
Easy
All you need is a sample from someone’s printer to be able to identify other output from it and blow their anonymity. It’s pretty easy actually.
pdf
Sigh, looks like I can only print to pdf files now……
My printer is only good for its scanning now, and I will have to live with screen versions of documents.
Or no !! I have an idea, time to drag out my dot matrix printer from the garage!!!
Solved……
Re: pdf
Dot matrix isn’t going to help you remain anonymous…
The same techniques that enable forensic scientists to identify individual tires or typewriters is perfectly capable of identifying the microscopic anomolies in print that result from the unique differences in every single print head produced.
I remember one case where the zip ties used in a rape/murder were traced to the exact machine they were produced on AND they were able to identify the exact lot they came from, which helped prove a man guilty because they had found a matching one of these old zip ties in his car. Sounds straightforward until you realize this factory (in Mexico) produced 100’s of millions of these things and had no preconcieved plan for doing this kind of identification in the field. This was done by analysing the wear patterns of the blades that cut the zip ties in production (among other things).
You can’t hide.
Easy to solve, just add a few more dots!
Someone needs to update the print drivers in Linux so that every colour laser print gets a few dozen extra sets of dots, slightly offset from the official ones, and correctly encoded with randomized information. The same pattern for any single print job, one or two changes between each print job so that it’s very difficult to identify the ‘real’ pattern even if you have several documents known to be from the same printer.
Seems pretty obvious to me.
This is hardly new
Don’t blame the laser printers, if you type a document on a manual typewriter they can identify the typewriter too, different reasons but same result!
Run your page through a few times?
I wonder if you could send your page through a couple of times while printing an empty page. There would probably be a slight misregistration? Otherwise, perhaps a silk screen, the finest spray painting/airbrushing or some light toothbrush splatter while viewing with blue light.
Go Old school.
Dot Matrix FTW
Re: Go Old school.
As long as you dump your ribbons.
The real issue
Is not that a system is implemented to detect if you did something stupid, like counterfeiting money, but the fact that it is (or has the appearance) of being done very clandestinely.
This is not Russia (with apologies to my Ukrainian friend)… tv does not watch you.
Laser Printer ID
It is used by the FBI and other law enforcement agencies already.
Remember the BTK Serial Killer capture in Wichita, KS in 2005? They found him only because he used a laser printer at his church to print the letter to the police.
The FBI and police used the laser printer ID method to determine who owned the printer, then determined who had access to and used the church printer.
So, I’d say the EFF has a very valid point. The printers should come with a warning label that privacy is compromised when using it.
I’ve heard a lot of repair/replacement issues with different printers but so far I haven’t encountered one with my hp 364… been using the black cartridge only.
possible
EXACTLY. Whatever happened to making it as tight and efficient as possible, other than they’ve loaded in a bunch of nefarious, unwanted crap into their build. As the author said “Get Rid of Them” if they can’t code that good.
used photocopiers
Do you know if Fast Copy will spans disks?
i.e. Copying multiple files or simply one gigantic file to a cd or dvd where the files or file will not “fit” on one disk.
I’d always heard that the printer was foolish since it printed black with a mix of all three colors. Excuses/reasons I’ve heard for this range from it makes the black seem better to it’s a nasty money-grab that they’re hoping the sheep don’t notice. I must admit, though, that I am a fan of polaroid printer for iPhone. Sometimes I absolutely need to print something and it’s fine if the colors are a little off because I ran out of cyan ink, but not this time! You will not be admitted!