Almost all color laser printers help track their users by printing hard-to-see patterns of yellow dots all over every page. The Electronic Frontier Foundation has been trying to get to the bottom of these dot patterns. What are these dots saying, where do they come from, who can read them, and is there any hope of getting rid of them? For decades, color laser printers have invisibly tracked their users by including patterns of tiny yellow dots on every single output page. This tracking was known to people who worked in the imaging industry and was intermittently disclosed by some manufacturers in their documentation. But even today, most end-users remain unaware of it. For the past two years, the Electronic Frontier Foundation (EFF) has examined this tracking mechanism - a system of exemplary interest because of the non-transparent way in which governments appear to have persuaded technology firms to change their product design without any specific legal basis - and, with the help of many volunteers, we've learned how to read some of the hidden information. This research is ongoing, but we already know how to make the dots easily visible (with LED lights, microscopes, or ordinary color scanners), and we know how to read the data embedded by several major printer manufacturers. Typically, a printer will mark its output pages with the printer serial number and the date and time that the page was printed (if the printer has its own built-in clock). This information facilitates associating color print output with individuals, because it could be correlated with credit card records, server logs, surveillance camera footage, and the like. We've succeeded in attracting a large amount of media interest, including television, newspaper, and magazine coverage in the United States and around the world. (Note that we did not discover the existence of these dots; we are simply the first organization to start to make a reasonably detailed and public study of them.) This coverage is valuable, but it has not necessarily changed industry practices. To do that, we need to go further. We're continuing to try to break printer codes, to explore the world of document forensics and expose why many recordable media are far less anonymous than their users expect, and to try to compel the U.S. government to reveal its role in inducing printer companies to create this technology. In this talk, I'll present a hands-on demonstration of how to find and interpret the tracking codes in some typical color laser printer output, survey some of the historical and political issues, and invite audience members to join us in shedding more (blue?) light on the subject. We're also interested in countermeasures that would disable the tracking or make it ineffective, and I'll present the best known countermeasures together with their possible limitations. Perhaps CCC attendees can help us find better countermeasures.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.