Any device that requires someone to install and app and register to make it work should have a prominent label on the box.
There should be a labelling standard for this where the manufacturer must disclose if any registration is required to operate the device to its full potential, if any app or special software is needed other than a system driver, if any phone-home data is being sent, and what data is actually sent, when and why.
"Buyer beware" but most of the time you have no idea what the experience will be like. It's usually not disclosed on the box, reviews rarely mention it and I'd like to have a sure way of being informed before I make my purchase.
It's a similar thing with software, software and apps that require registration for no other reason than add you to their marketing list, but it's particularly egregious with physical items.
Permission to access location on Android is needed to scan for wireless networks (because such a scan allows to find your location from the networks in range).
It doesn't necessarily mean that the app accessed your GPS location.
Depending on your device, actual access might be shown, I recently installed an Epson printer and while the app needed location permission, it did not access might coordinates, it only scanned for wifi networks.
That makes me wonder: wouldn't there be a market for a printer that clearly doesn't leak any information? Say one with open firmware that parses PCL5 or Postscript or whatever the modern analog is.
"Keep your secrets safe with Printer X".
Or would the state come down hard on any such manufacturer?
I just recently set up one of those printers. They have a lot of dark patterns trying to steer you towards the app (and the "instant ink" junk), but it was still possible to skip over that and do all the setup on the printer itself, at which point it became a normal discoverable network printer.
I assume you're talking about WiFi setup? Ethernet to your switch or USB to a RPi should be a lot more reliable and works without an app. Then again, I haven't set up a printer in a decade.
Good luck finding a company that does things much differently. There is a printer cartel, and they want every penny they can squeeze out of those things.
I recently got a HP LaserJet Pro M15W Printer and I didn't need to install an app... But I don't use it's wifi capabilities and plug it in with a USB cable.
Reminds me of the scene in The Life of Others (2006) where the Stasi has samples from every registered typewriter in East Germany, so they have to smuggle a special typewriter.
I suspect smartphone cameras may add a similar type of tracking mark to photos taken with the phone. I assume the NSA would be able to determine which phone a photo came from based on something like this. I don't have anything more than rumors, but if anyone has a link about this, it would be interesting!
I believe these dots are only printed by color printers, ostensibly to help catch currency counterfeiters. So the simplest countermeasure is use monochrome printers for daily stuff and for anything sensitive. I guess sometimes you'll NEED color, but very often you can probably do without it.
I've always wondered if jpeg encoders added something like this to screenshots. Should be possible to add a compression-resilient pattern that encodes the screenshotter's host details.
Blizzard watermarks screenshots produced by World of Warcraft find and track users of emulated servers by embedding user account info and server IP all across the image.
I'm not sure about jpeg, but with an algorithm like 'deflate' the encoder is constantly making decisions about whether it's more efficient to represent a series of bytes as a literal or as a reference to a previous series. I think a steganographer could take advantage of that by encoding something like a tracking number in the form of the occasional less efficient decision.
But what's the incentive for printer manufacturers to do it at all? It isn't mandated by any law. Some three letter agency comes to them with offer they can't refuse? Or they give them bazillions of dollars in exchange?
The incentive is that they'd rather do it on their own, than be forced into doing it. Adding the fingerprinting dots on their own gives the manufacturers control over how the fingerprinting works, lets them do it in the most inexpensive way, and means they don't need to submit proof of the fingerprinting feature.
The NSA did not need these dots to track Reality Winner. Even a ordinarily secured corporate environment will record an audit log of anything written to outputs, on the service side (so the print server will effectively print a second copy to disk with all information about who printed it, mail server will record all outgoing messages even if deleted from user’s Sent folder, etc).
Yup, the FBI arrest affidavit didn't mention the dots. There could have been some parallel construction to avoid testifying about secret printer dots in court, but on the face of it it appears that the government found out who it was in more conventional ways:
>The U.S. Government Agency conducted an internal audit to determine who
accessed the intelligence reporting since its publication. The U.S. Government Agency
determined that six individuals printed this reporting. WINNER was one of these six individuals.
A further audit of the six individuals' desk computers revealed that WINNER had e-mail contact
with the News Outlet. The audit did not reveal that any of the other individuals had e-mail
contact with the News Outlet.
>On June 3, 2017, your affiant spoke to WINNER at her home in Augusta, Georgia.
During that conversation, WINNER admitted intentionally identifying and printing the classified
intelligence reporting at issue [...] WINNER further admitted removing the classified
intelligence reporting from her office space, retaining it, and mailing it [...]
WINNER further acknowledged that she was aware of the contents of the intelligence reporting
and that she knew the contents of the reporting could be used to the injury of the United States
and to the advantage of a foreign nation.
The dots were used afterwards to see what happened to the document. By showing that the document she had printed was given to the press, they are able to take her in. Otherwise if multiple people had printed the same document in the past several weeks, you need to investigate each of them.
A more foolproof way to track this would be to slightly change the wording of important sections in each copy handed out. This would allow them to track down even copies of confidential documents that were simply transcribed or where the press used excerpts.
Those documents may probably have legal value, and could be legitimately handled by dozens or hundreds of people. And we are talking about millions of pages. That could only work with an intentional trap when you know someone leaks but not who.
You can go to anywhere right now and buy a b&w only laser printer and it won't have the dots. The secret tracking dots thing only works if you have yellow ink on white paper- it's hard to see. If your printer attempts to "secretly" add black dots to white paper everyone will notice.
Im not sure when it started, but I do know back in the early 90's copiers and printers were already currency aware. The copier in my elementary school wouldn't copy a dollar bill at anything close to full size, had to be at least either 75%/125%
If you don't know by now, printing has changed. It's no longer just about what happens in the office. Now, people want to print from where they want, when they want. And that means a lot more printing is happening on devices not managed by IT departments. This means printers are more susceptible to malware since their regular security updates aren't coming from IT — they're coming from manufacturers of the printer or operating systems or third party apps used on them. https://www.braindumps4it.com/braindumps-HP2-I06.html
That’s why the end-user should maintain separate firewalled subnet (DMZ) networks for their unique grouping of IoT, cable settops, PC/Mac, mobile devices and in-house servers.
Only problem i’ve had with this setup is during the configuration of IoT where mobile device must be on same subnet as IoT devices, that is all.
[+] [-] lettergram|4 years ago|reply
- Required me to install an app
- Required me to enable gps on my device (and allow app to access)
- Printer phoned home after / during setup (as did the app)
They really don’t need the dots any more when they know the gps coordinates and have the ability to send anything they want to and from the device.
I personally spoofed the gps, ran a vpn and blocked the device from phoning home (after setup). Had me saying “what the f**!?” a couple of times.
[+] [-] Renaud|4 years ago|reply
There should be a labelling standard for this where the manufacturer must disclose if any registration is required to operate the device to its full potential, if any app or special software is needed other than a system driver, if any phone-home data is being sent, and what data is actually sent, when and why.
"Buyer beware" but most of the time you have no idea what the experience will be like. It's usually not disclosed on the box, reviews rarely mention it and I'd like to have a sure way of being informed before I make my purchase.
It's a similar thing with software, software and apps that require registration for no other reason than add you to their marketing list, but it's particularly egregious with physical items.
[+] [-] seszett|4 years ago|reply
It doesn't necessarily mean that the app accessed your GPS location.
Depending on your device, actual access might be shown, I recently installed an Epson printer and while the app needed location permission, it did not access might coordinates, it only scanned for wifi networks.
[+] [-] Ieghaehia9|4 years ago|reply
"Keep your secrets safe with Printer X".
Or would the state come down hard on any such manufacturer?
[+] [-] lsiq|4 years ago|reply
[+] [-] nwallin|4 years ago|reply
[+] [-] JoshTriplett|4 years ago|reply
[+] [-] NavinF|4 years ago|reply
[+] [-] bobmaxup|4 years ago|reply
[+] [-] ta988|4 years ago|reply
[+] [-] MaxBarraclough|4 years ago|reply
[+] [-] TroisM|4 years ago|reply
[+] [-] mindcrime|4 years ago|reply
https://news.ycombinator.com/item?id=14501894
https://news.ycombinator.com/item?id=21330718
https://news.ycombinator.com/item?id=17392977
https://news.ycombinator.com/item?id=14509249
https://news.ycombinator.com/item?id=14506508
https://news.ycombinator.com/item?id=14505444
[+] [-] dang|4 years ago|reply
Why printers add secret tracking dots (2020) - https://news.ycombinator.com/item?id=26526035 - March 2021 (3 comments)
DEDA – Tracking Dots Extraction, Decoding and Anonymisation Toolkit - https://news.ycombinator.com/item?id=17392977 - June 2018 (7 comments)
Why printers add secret tracking dots - https://news.ycombinator.com/item?id=14505444 - June 2017 (100 comments)
Printer Tracking Dots Back in the News - https://news.ycombinator.com/item?id=14504833 - June 2017 (1 comment)
List of Printers Which Do or Do Not Display Tracking Dots - https://news.ycombinator.com/item?id=14501894 - June 2017 (210 comments)
Secret Dots from Printer Outed NSA Leaker - https://news.ycombinator.com/item?id=14494818 - June 2017 (211 comments)
Printer dots raise privacy concerns - https://news.ycombinator.com/item?id=245963 - July 2008 (13 comments)
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] taylorfinley|4 years ago|reply
[+] [-] hanniabu|4 years ago|reply
[+] [-] m3at|4 years ago|reply
[+] [-] _moof|4 years ago|reply
[+] [-] arrakeen|4 years ago|reply
[+] [-] oldgradstudent|4 years ago|reply
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] tehwebguy|4 years ago|reply
[+] [-] yosito|4 years ago|reply
[+] [-] throwaway81523|4 years ago|reply
[+] [-] daenz|4 years ago|reply
[+] [-] magnat|4 years ago|reply
https://www.ownedcore.com/forums/world-of-warcraft/world-of-...
[+] [-] 13of40|4 years ago|reply
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] garaetjjte|4 years ago|reply
[+] [-] amalcon|4 years ago|reply
[+] [-] Forge36|4 years ago|reply
That's probably enough incentive for most to do it once known or suggested
[+] [-] sneak|4 years ago|reply
[+] [-] spoonjim|4 years ago|reply
[+] [-] hoppyhoppy2|4 years ago|reply
>The U.S. Government Agency conducted an internal audit to determine who accessed the intelligence reporting since its publication. The U.S. Government Agency determined that six individuals printed this reporting. WINNER was one of these six individuals. A further audit of the six individuals' desk computers revealed that WINNER had e-mail contact with the News Outlet. The audit did not reveal that any of the other individuals had e-mail contact with the News Outlet.
>On June 3, 2017, your affiant spoke to WINNER at her home in Augusta, Georgia. During that conversation, WINNER admitted intentionally identifying and printing the classified intelligence reporting at issue [...] WINNER further admitted removing the classified intelligence reporting from her office space, retaining it, and mailing it [...] WINNER further acknowledged that she was aware of the contents of the intelligence reporting and that she knew the contents of the reporting could be used to the injury of the United States and to the advantage of a foreign nation.
https://www.justice.gov/opa/press-release/file/971331/downlo...
[+] [-] er4hn|4 years ago|reply
[+] [-] tgvaughan|4 years ago|reply
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] Aachen|4 years ago|reply
[+] [-] downandout|4 years ago|reply
[+] [-] pjerem|4 years ago|reply
[+] [-] bullen|4 years ago|reply
[+] [-] teddyh|4 years ago|reply
[+] [-] cable2600|4 years ago|reply
[+] [-] nwallin|4 years ago|reply
[+] [-] RuggedPineapple|4 years ago|reply
[+] [-] qvobilqwnimshme|4 years ago|reply
[+] [-] turingcomplet|4 years ago|reply
[+] [-] egberts|4 years ago|reply
Only problem i’ve had with this setup is during the configuration of IoT where mobile device must be on same subnet as IoT devices, that is all.
[+] [-] macpete42|4 years ago|reply