You know, we’ve known about them for more than a decade.

by w3woody

Suddenly everyone is talking about those nearly invisible yellow dots added by most color printers, in catching a NSA leaker:

Why printers add secret tracking dots

On 3 June, FBI agents arrived at the house of government contractor Reality Leigh Winner in Augusta, Georgia. They had spent the last two days investigating a top secret classified document that had allegedly been leaked to the press. In order to track down Winner, agents claim they had carefully studied copies of the document provided by online news site The Intercept and noticed creases suggesting that the pages had been printed and “hand-carried out of a secured space”.
In an affidavit, the FBI alleges that Winner admitted printing the National Security Agency (NSA) report and sending it to The Intercept. Shortly after a story about the leak was published, charges against Winner were made public.

At that point, experts began taking a closer look at the document, now publicly available on the web. They discovered something else of interest: yellow dots in a roughly rectangular pattern repeated throughout the page. They were barely visible to the naked eye, but formed a coded design. After some quick analysis, they seemed to reveal the exact date and time that the pages in question were printed: 06:20 on 9 May, 2017 – at least, this is likely to be the time on the printer’s internal clock at that moment. The dots also encode a serial number for the printer.

Okay, just how fucking stupid must you be to work with the NSA or as a contractor with security clearance–and not know this?

I mean, we’ve known about these nearly invisible dots for more than a decade. The EFF has a primer on decoding one printer’s brand of tracking dots, in a document published in 2005. The EFF also maintains a list of color printer brands where yellow dots have been spotted, though they believe all color printers use some form of steganography. We’ve heard rumors that such tracking information was being added to color printers since the 1990’s–tracking information added in order to help track printers used in creating counterfit money. Printer steganography:

During the 1990s Xerox and other companies sought to reassure governments that their printers would not be used for forgery. The identification is by means of a watermark, often using yellow-on-white, embedded in the printout of each page, and in conjunction with other information can be used to identify the printer which was used to print any document originally produced on a wide range of popular printers.

This works in conjunction with the EURion constellation (and other, similar digital watermarks) which prevent color scanners and copiers from scanning money, and from software editing banknote images.


If you are a spy and you want to print a document which is not traced back to you, you’ll need to take a few steps.

Buy a printer using cash at a remote location. Sure, the FBI will be able to trace the printer to the store where it was bought–but if you drive 8 hours away, the trail will stop cold.

You’ll also need to do a few things when setting up the printer. Such as hooking it up to a computer that is not on the Internet. Such as using a DVD burner to burn the documents to print on the source computer (which may have Internet access) and using the DVD to copy the files to the disconnected computer for printing. (Don’t use a USB flash drive if you’re being extra-paranoid; a DVD has the benefit of not being easily written onto.) And use a printer with a USB connection; don’t use a network-connected printer and don’t buy one with Wifi.

Use techniques for defeating stenography. For example, the ACM is hosting a paper on various techniques for adding watermarks–and techniques for defeating them. Most of them involve adding random yellow dots to your document which are roughly the same size and shape as the yellow dots added to identify your printer.

Of course there may be other watermarking techniques used by your printer to defeat this–but the goal here is to slow down investigators, not to stop them cold.

Use a black and white printer. Of course there are rumors that even black and white laser printers use some form of printer steganography to identify them, so this isn’t a bullet-proof technique. (However, since most watermarking techniques stem from preventing counterfeiting banknotes, it’s possible black and white printer manufacturers have less incentive to cooperate with the government since black and white printers cannot be used in counterfeiting banknotes.)


Of course my favorite technique for not getting caught: don’t fucking leak government documents in the first place. You cannot be guilty if you don’t do anything wrong.

But I do note the techniques above if you happen to live in a repressive regime (and shut the fuck up about Trump: if you think you’re living under the thumb of the Gestapo because we have a Republican President, you really are a fucking moron), you may have every incentive to carry documents out so we can see what’s really going on.

Advertisements