42 comments

[ 3.3 ms ] story [ 87.7 ms ] thread
Is this even allowed outside of the US?
It was a multinational initiative, at least in its later stages. (You're welcome to ask a local data protection authority if they approve...)
Is it known whether inkjet printers have a similar issue? My brief search didn't find anything.
They don't appear to. There are forensic methods (for example, based on irregular wear of the gears!) but no known deliberate forensic marks.
It seems there could be a demand for open-source printer firmware... but I'm not aware of any projects. There are some efforts to get around cartridge DRM though, but they tend to be relatively small. I suppose one problem could be the massive number of different models out there, although from what I've seen a lot of models are based on the same mechanics and processor platforms.

On the other hand, completely open-source 3D printers seem to be a lot more prominent and successful.

Oddly enough, the original inspiration for GNU was a proprietary printer control program that upset RMS enough that he decided to start a revolution.

You'd think somebody would be working on that. Printers are so evil, in general, that I try very, very, very, hard to avoid them entirely. I've been known to take a picture of my signature and edit it in GIMP and paste it into a document in order to avoid using a printer to print/sign something.

I do work for a record label where artists sometimes do stuff like that, take a photo of their signature and use Paint to add it to the contracts. The guys at the office get mad. They want them to print it, sign it, scan it and send it back. Oh, well...
Any intentional mark is a legally valid signature. It doesn't matter what tool is used to make the mark, be it a computer, a muddy twig, or anything else. The established legality of electronic signatures is the reason why we have HelloSign.
Tried to exhaustion to convince them. I've given up. They're like tied up to that specific process and nothing will change their mind, not even reason it seems.
I was flabbergasted when someone expected me to send them a fax a few weeks ago. I unintentionally responded really rudely; I was just so surprised, expletives were the result.
Everybody avoids them. That may be the reason why nobody bothered to fight proprietary printer drivers.

Just shortly after RMS created GNU, business all around the world started doing initiatives to abolish printers. Yes, they failed, but you can't expect vanguardist people to want to work on them.

Perhaps an open-source printer could be simpler if you use less complex printing techniques. For example, some form of impact printer.
I guess it's time for an opensource DIY kit for printers which, of course, an opensource firmware...
Well, at least one can modify a rep-rap style 3d printer into a poor man's plotter... But it won't really do for printing a 600 page manifesto to send to newspapers in preparation for a grand terrorist attack...
simpler solution would be to add lots of noise by printing your own wellow dots in every printed page best solution is openhardware and software, but printers are subsidezed by the ink cartridges, so it would cost a lot more than commercial ones.
yes, ink is definitely the problem.
I wonder what the purpose of this tracking is. If you want to avoid it* then the simple solution is don't use a laser printer or just use a printer in a public location like a library. It seems like if you want to avoid it, then it is pretty simple.

Even if you do know the serial number it is going to be pretty hard to find out the owner of the printer, they could have paid cash on Craigslist for example.

*I mean in terms of carrying out nefarious activities. I'm not saying this tracking is ethical.

> or just use a printer in a public location like a library.

My library identity is encoded in the printing job ( I've seen the queue that the librarians manage to release the job ) so a determined authority wouldn't have much difficulty rounding-up the suspects.

Hmm. The librarians I know are among the most determined defenders of personal privacy you can imagine. They've even worked out ways of letting people know if they've been hit with a "PATRIOT" act demand. Still, you're right that a relentless agency could grab the data.
You can count on people not knowing about this kind of tracking or just forgetting to take precautions against it.
Imagine Bob is someone like the Unabomber[1] or the Mardis Gras bomber.

LEO can inspect documents received by targets to see if they actually came from the same printer or some other printer. This provides a small amount of information.

When they raid Bob's house they seize the printers and compare output. That provides a small amount of information.

While it's easy enough to subvert it is another thing that people need to remember.

[1] like the unabomber, but uses technology.

Joke's on the Feds: my next printer is a 1980s daisy-wheel printer which is completely incapable of printing tracking dots!

(Also expensive, slow, incredibly noisy, power-inefficient)

Though I remember that the Stasi could tell which typewriter something was printed from (assuming that detail of Das Leben der Anderen was true), and a daisy-wheel printer works much like a typewriter.

If you're the only one using daisy wheel printer then it won't be hard to figure out where the daisy-wheel-printed document came from.

Also, it's hard to print convincing counterfeit currency using a daisy wheel printer, which is the main thing the government wants to stop with these tracking dots.

And probably each daisy well has small differences that make your prints identifiable. One they get you and your daisy well, you have no deniability.
As I mentioned (typewriters, Stasi)

In the old days they'd magnify the printout and compare the characters to the prints that the manufacturers had given them.

> If you're the only one using daisy wheel printer then it won't be hard to figure out where the daisy-wheel-printed document came from.

Yes, that's also an issue I'd considered.

> Also, it's hard to print convincing counterfeit currency using a daisy wheel printer, which is the main thing the government wants to stop with these tracking dots.

Yes, but that's not why anyone is worried about it. The problem with tracking dots is they mean you can connect documents by the same person.

Um, and then totally nobody will be able guess that the daisy-wheel printout originates from you? :]

Or did you actually already mean it as a joke? :)

It was a little tongue-in-cheek. See, I'd seen the absence of tracking dots mentioned as an advantage of impact printers. But there are some fairly obvious problems with that.
I wonder if this is the real reason why some printers won't allow you to print in black and white when you run out of color ink.
I'm pretty sure the reason for that is just to make sure you spend money for more cartridges. It's hard to do counterfeiting in black-and-white.
That and that they want you to buy more ink.
These identification dots have been around at least 15 years. Working in a LEO in 1999, I was aware both laser and inkjet printers were traceable then (not just color). For serious enough cases (drugs mostly at that time, the terrorism stuff was strictly post 2001) prints could be sent for technical analysis (probably via 3 letter agency) and details came back (within 24 hours if it was serious enough).

No-one seems to have picked up on the more concerning fact that nowadays with internet connected everything, your printer driver can quite easily report in the printer details via your connection (that friendly, 'do you want me to check for updates?' or 'live ink/toner status' tool can do more than what they say and if it's a net connected printer itself, it can do it directly). So now, an IP/location/ISP bill payer can be identified with the printer (even over time if you sell it on). Much better tracking than before when it relied on you filling in and sending off that 'warranty registration' card.

Better hope you've got details of who you sold the printer to if it happens that Craigslist John Doe has some other use in mind other than printing vacation photos.

Could this be done with jpeg and gif compression?

For example, could Adobe's apps export jpegs laced with patterns within the compressed pixels that could be traced back to the owner of the app?

And, has anyone checked for this behavior?