Slashdot Mirror
Hidden Codes in Printers Cracked
r84x writes "A research team led by the Electronic Frontier Foundation (EFF) recently broke the code behind tiny tracking dots that some color laser printers secretly hide in every document.
The U.S. Secret Service admitted that the tracking information is part of a deal struck with selected color laser printer manufacturers, ostensibly to identify counterfeiters. However, the nature of the private information encoded in each document was not previously known.
"We've found that the dots from at least one line of printers encode the date and time your document was printed, as well as the serial number of the printer," said EFF Staff Technologist Seth David Schoen."
For those interested in a quick summary, the docucolor example is the best place to look. (it has pictures!)
More information can be found on the EFF's printer-privacy webpage.
Also interesting is Andrew Bunnie's flat bed page scanner mod to use blue light instead of white. This made the yellow tracking dots easier to see, and the whole page could be seen at once to determine the pattern they made.
HIV Crosses Species Barrier... into Muppets
do you really think that "they" have a database they could reference to find out what printer serial number goes to what citizen?
Most laser printers are rather expensive items. If you paid with a credit card, then yes, they have it in a database. (All stores record the serial number of high-ticket items they sell. I've actually gotten recall notices this way, so I know the store shares it with the manufactorer.) Even if you paid in cash, if you filled in the warranty card, they have it. Got a mail-in rebate? On file. Ever had to have it serviced? You're on file.
Do you know anything baout barcodes? Barcodes do not have serial numbers encoded on them. Every printer of the same brand and model has the same barcode. Any other system would increase the cost of printing boxes tenfold.
The best they could do is identify which store the item was shipped to. And really, even that is a stretch. In all likelihood a company has no idea which stores got products with which serial numbers. They probably know which serial numbers went to which regional distribution centre, but thats it.
If you honestly think that companies have the time and money to track things to that ability, you are crazy. It would cost them *millions*, and benefit them zero. They would be fighting tooth and nail against any request by the government to do that.
The thing serial numbers are used for is to identify the date and batch of the item (so they can track it back to the plant and workers if there are an unusually high number of defects in a batch), and also to track warrantys. That is it. Unless you file a warranty claim a company has no way to correltate that back to you, and really, they have no reason to waste money on that either.
Even if all the database can tell them reliably is that HP ColorLaserJet Model 55 Serial Number 89928798734 was distributed to a certain Best Buy store, that goes a long way. When the Secret Service finds counterfeit bills, they know from the serial what store it was originally purchased in. Chances are it didn't move far, and chances are that Best Buy's records can lead to a very short list of potential buyers. Even if it was resold by one of them, the investigation becomes fairly trivial at that point.
But perhaps more importantly, even if you can't use it (embedded serial numbers in documents) as a primary method of tracking down the counterfeiter, you can certainly use it as court evidence once you do catch them by other means. It's pretty damning evidence if they can show that they seized a printer with serial number 89928798734 at your home address, and they can also show conterfiet currency or documents with the same serial number embedded that showed up elsewhere.
11*43+456^2
I want to know who the bastards are that are adding this technology to their printers so I can avoid them like the plague.
That's in the article:
http://www.eff.org/Privacy/printers/list.php
see a Text Widget
here a guy opened up his HP printer and looked at the chips involved. It appears that all the printers with hidden codes use the Canon print engine board. Changing the pattern might be as easy as reflashing an eeprom.
This is for color lasers. The EFF tests to generate sample pages were done with postscript that gets fed directly to the printers. You might be able to hack the firmware, the encoded data gets added by either the postscript rasterizer or the actual bitmapped layout engine.
My bet is on the rasterizer.
-molo
Using your sig line to advertise for friends is lame.
Thanks largely to the invention of this nifty thing called a microprocessor adding the serial number on a sticker on each box costs tenths of pennies, not millions, and saves thousands if not millions in dealing with the distribution & maintenance channels.
My Toshiba laptop box not only had the serial number on the box, but when it went in for service the Tohiba rep knew which retailer it was sold through...
feel free to mod this down (-1 mod angry).
If you think imaginary property and real property are the same, when does your house become public domain?
None of it, it is all contained in the printer hardware. Most color copy machines will also shut down if you try to print money and the only way to bring it back up is call the company who made it who will intern call the fbi. I worked on copiers and we had this happen when someone tried to copy I believe some south american bank notes. The only thing then can do with this information is go back to where the printer was initally sold if they need to track down someone who is counterfitting money. Beyond that, it is not worth the governments time to track you down for printing out a nasty picture of the president. Though, I wouldn't try sending the president a death threat on your new laser printer. I don't know if ink jets do this.
Past disccussions have indicated that this information is programmed into the printer control circuits themselves, no software is required or even aware of the "extra" dots.
If that is true, then no amount of dirver manipulation will help, with the possible exception of a driver that "adds" extra dots to make the message meaningless. In theory, you could add extra dots, but in practice it would be ineffective unless you could gurantee perfect alignment (or the extra dots would be easy to filter out). Since some dots would come from software, and others come from hardware control programs, it's not a simple task to gurantee alignment.
I forgot to link to Bunnie's printer disassembly [via]
The basic conclusion is that many of the watermarked printers share a Canon print engine -- he suspects it is this engine that is doing the watermarking. The US Government just had to convince the critical-equipment supplier to add the tracking - not all the printer companies. He also notes that the Tek Phaser printers don't have this because they were developed before the Canon engine. (Oh, how I longed for a phaser back in the day!)
HIV Crosses Species Barrier... into Muppets
To answer your question, (And from the TFA) http://www.eff.org/Privacy/printers/list.php
Yes, there are many on that list.
Yep, I never spell check.
More incorrect spellings can be found he
A big database, you say? Nah. I'm sure it's a myth.
Maybe 99% of the world doesn't give a shit about anything you do. You're obviously not important.
Hey, I finally got my first freak! Took you long enough!
If I buy a $50 DVD player at wallmart, the register prompts the clerk to scan the serial number barcode. Last year I had a few clerks look very confused. One said "I don't want to type that" and I pointed out that they could use their barcode scanner.
If they track it, everyone does. Everything I mail order has the barcode scanned and printed on the packing slip.
Get a clue.
When I bought my GBA SP, a measly $100 piece of equipment, they scanned the serial number along with the item barcode.
Retraction: I just remembered how, in days gone by, letters and notes were traced to a specific type writer due to the typewriter's "fingerprint" - each machine could be uniquely identified.
:)
So it could be argued that this is simply taking us back to the good old days of Miss Marple and Columbo
'No rational religion claims "supernatural" exists, that's an atheist slander.' - seen on slashdot.
Speaking as a trained Xerox Docu* operator who can recite his DEEZEROCEE serials in his sleep.....
The DocuColor printers in question are very high end printer/copiers that are installed and maintained by trained technicians known by Xerox as Customer Service Engineers or CSEs. When it breaks or needs parts, you call your CSE. Think "on-site support" but on steroids. You pay a ton for this.
The system clock is set by the installer CSE and possibly updated as needed on subsequent service calls, and there are MANY of those as DocuColors require frequent maintenance and upkeep. It is not uncommon to have service once a week for some models. Or worse. They can be touchy beasts. The machines, I mean. The CSEs can be your pal or your worst nightmare. I like the ones my bosses hate. Go fig.
So what is the clock for? Among other things, time stamps are used by the printshop for tracking when every single print was made including which operator made it. So no more late night "free copies" for your pals. Xerox also uses the logs for all sorts of legit reasons. Nothing evil there.
So what about resetting the clock? First you'd have to get the machine open. This is not like a computer with handy access panels and common PCBs, er, that's PWBs in Xerox-speak. You'd have to know the machine inside-out, have the tools and the skill to take it apart (God help you), and hope that the battery is resettable rather that buried inside a chip. Xerox is very, very aware of people trying to cheat the machine meters to make free copies so stuff like counters and clocks are already armored and protected from prying hands.
Assuming you managed to do all those things and got the machine back together, then it has to be recalibrated because taking it apart will have wrecked the system setup. So you have to call your CSE, who resets the clock straight away, probably by pushing the keys with the bones he removed from your hands for messing with his machine. If you're still alive at this point, you are right back where you started!
Side notes: the vast majority of DocuColors are leased out by Xerox rather than sold, so the machine is normally Xerox property from assembly to reman to reman to reman to junkyard. Why? Some of them can cost half a million and up for new, less for used, but either way these are not something people "buy" when they can simply lease. GE Credit is happy to finance the leases and end users find it much cheaper and they don't end up stuck with obsolete machines.
Many of the older machines can and do end up on the sale market and it is possible to buy one and own it, but it will still require service (lots for an old machine), toner, supplies, parts, and preventive maintenance. Xerox controls almost all the DocuColor parts, supplies, ink, and most of the trained CSEs so you pretty much have no choice but to sign on for a Xerox service contract even when you own the thing free and clear.
Yes, there ARE trained key operators who can get in and do SOME maintenance chores but only Xerox can get parts and has the technical knowledge to use them.
Sig for hire.
For A and B, the contrast/resolution may not be enough to detect the smallest droplets of yellow ink.
With a 600DPI scanner, those work just fine.
Personally, I used the following steps, and ended up with glaringly obvious black dots (~10-30 pixels) on a white background:
1) Print a supplies status page (or anything with a lot of empty space)
2) Scan at 1200DPI (but 600 works, just takes more care in doing the next few steps)
3) Drop the red and green channels to nothing (you can probably stop here, but as a perfectionist...)
4) Shift the hue 50% toward red (or green, doesn't matter)
5) Convert to greyscale (or saturation to zero)
6) Brighten the image by 80% and boost the contrast 20%
7) Repeat step 6 until satisfied (took me about 5 passes to get basically a black-and-white image)
And there you have it. If you can't see the dots now, you don't have them.
Interestingly enough, the printer I used doesn't appear to conform to the same layout described on the EFF's page.
What "fact" ? It wasn't a matter of "standing up " to him, he agreed with him in the first place.
It was the British Intellgience primarily that indicated Iraq had those WoMD.
Actually, I bet it does have an internal clock. New fancy laser printers have new fancy computers inside. Many even have a built in webserver for changing setting and doing maintenance. Just go to the designated IP and you can do all sorts of things. Many printers can even keep a detailed printing log. These printers used for coutnerfeiting aren't your HP Deskjets from Wal-Mart.