Comment by jagermo
8 years ago
I don't get it. These kind of dots are not news, they have been around for ages, the EFF cracked the code in 2005 (https://en.wikipedia.org/wiki/Printer_steganography)
Why did no one at the intercept check for them? Its trivial and they have to know about this kind of stuff?
I don't want to sound like a tinfoil hat wearer, but there's a lot of trivial data that a leaker could/should guard against. Multi-layer PDFs and their metadata. Microsoft Office metadata. Photograph EXIF data. Tracking cookies. File access logging. Print job logging. Printer microdot steganography. Traffic and license plate cameras. Cell tower connections logs. Email headers. Windows event logs.
Many of these can be circumvented through the use of tech like VPNs, Tor, or GPG, and through careful behavior such as scrubbing metadata and the use of burner phones/laptops, cash, and public internet connections. And we're not even getting to the level of wireless carrier, home ISP, or NSA web activity tracking, NSA Tor exploitation, or zero-day exploits. Furthermore, this assumes that the documents themselves are not themselves subject to punctuation, word replacement, typesetting, or other content steganography. Should The Intercept be responsible for ensuring that its sources adhere to safe leaking behaviors? They probably should, at some level.
But what if - as I'm reading here - The Intercept got an email from reality.winner@nsa.gov, subject "NSA Report on Russia Spearphishing.pdf", body "Hey, I was browsing some stuff out of curiosity in our SCIF and thought this study might be useful to you. I printed it off and smuggled it out in my purse, then scanned it and attached it to this email. Please publish it so the American people can know what's really going on. Hope this helps! -- Reality". There's not really any point to worrying about printer steganography, protecting your IP address, or GPG at that point.
Your assessment is totally correct. Steganography can be put everywhere. Perhaps the Free Software Foundation can take advantage of these cases for pushing for more use of open source, non-fingerprinted software.
OR for enforcing fingerprinting! (It can help with fighting against corrupt governments)
Yes, this has been for ages, but I never saw an explanation on how to read the dots. I thought they were to be more subtle or more concealed, but they are very evident!!
As pointed out, probably there is more steganography being put into devices / software by the NSA/etc (tinfoil hat nonwithstanding); that will probably insert things like meaningful whitespace with information about the source.
The article is also very relevant because we do need tools free from such fingerprinting. It makes me want to use only and only open source for all my documents. Even for file storage!