← Back to context

Comment by cookiengineer

1 day ago

> The "print and scan physical papers back to a PDF of images" technique for final release is looking better and better from an information protection perspective.

Note that all (edit: color-/ink-) printers have "invisible to the human eye" yellow dotcodes, which contain their serial number, and in some cases even the public IP address when they've already connected to the internet (looking at you, HP and Canon).

So I'd be careful to use a printer of any kind if you're not in control of the printer's firmware.

There's lots of tools that started to decode the information hidden in dotcodes, in case you're interested [1] [2] [3]

[1] https://github.com/Natounet/YellowDotDecode

[2] https://github.com/mcandre/dotsecrets

[3] (when I first found out about it in 2007) https://fahrplan.events.ccc.de/camp/2007/Fahrplan/events/197...

14 comments

cookiengineer

Reply
culi  1 day ago

That's why I'm (still) waiting on this https://www.crowdsupply.com/open-tools/open-printer

It's mindboggling how much open-source 3d printing stuff is out there (and I'm grateful for it) but this is completely lacking in the 2d printing world

  • octoberfranklin  1 day ago

    Sorry, you have been blocked You are unable to access crowdsupply.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

    What can I do to resolve this? You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

    Cloudflare Ray ID: 9bbed59d7bcd9dfc • Performance & security by Cloudflare

emptybits  1 day ago

Thanks for the links but can you share evidence for the "public IP address" claim? Each time I've read this concept (intriguing! possible!), I search for evidence and I can't find any.

The MIC and yellow dots have been studied and decoded by many and all I've ever seen, including at your links, are essentially date + time + serial#.

Don't get me wrong ... stamping our documents with a fingerprint back to our printers and adding date and time is nasty enough. I don't see a need to overstate the scope of what is shared though.

everdrive  1 day ago

>Note that all printers have "invisible to the human eye" yellow dotcodes, which contain their serial number, and in some cases even the public IP address when they've already connected to the internet (looking at you, HP and Canon).

I've got a black and white brother printer which uses toner. Is there something similar for this printer?

  • gramie  1 day ago

    I believe that this only exists for colour printers. The official reasoning was to trace people counterfeiting money.

  • nwallin  1 day ago

    It's only there for color printers.

    A tiny yellow dot on white paper is basically invisible to the human eye. Yellow ink absorbs blue light and no other light, and human vision is crap at resolving blue details.

    A tiny black dot on white paper sticks out like a sore thumb.

  • cookiengineer  1 day ago

    > black and white brother printer

    excellent choice, that's what I am using. Also it's Linux / CUPS compatible and without a broken proprietary rasterizer.

    • contingencies  1 day ago

      Same thing here. A few years ago I bought three brands of printer-scanner combos for our R&D office, returned the others. Brother was the least broken despite still not being perfect. Issues include broken scanning drivers and fake toner warnings at ~1/3 level.

  • IshKebab  1 day ago

    Yes, the data can be embedded by modulating the laser.

    But I've only seen research showing that it's possible. As far as I know nobody has demonstrated whether actual laser printers use that technique or not.

mmh0000  1 day ago

If you have a UV flashlight, these dots are visible with decent vision.

And of course we have to include the Wikipedia entry:

https://en.wikipedia.org/wiki/Printer_tracking_dots

  • culi  1 day ago

    And also EFF's attempt to track all printers that do or do not display tracking dots which they eventually prepended with

    > (Added 2015) Some of the documents that we previously received through FOIA suggested that all major manufacturers of color laser printers entered a secret agreement with governments to ensure that the output of those printers is forensically traceable.

    > This list is no longer being updated.

    https://www.eff.org/pages/list-printers-which-do-or-do-not-d...

askvictor  1 day ago

Could this be circumvented by randomly (or not-so-randomly) adding single-pixel yellow dots to the data sent to the printer?