
List of Printers Which Do or Do Not Display Tracking Dots - prawn
https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots
======
schoen
I wrote this article/originally created this list, and I would like to
emphasize that there is a second generation of this technology that probably
uses dithering parameters or something of that sort, and that does not produce
visible dots but still creates a tracking code. We don't know the details but
we do know that some companies told governments that they were going to do
this, and that some newer printers from companies that the government agencies
said were onboard with forensic marking no longer print yellow dots.

That makes me think that it may have been a mistake to create this list in the
first place, because the main practical use of the list would be to help
people buy color laser printers that don't do forensic tracking, yet it's not
clear that any such printers are actually commercially available.

~~~
RachelF
What is annoying is that the user pays for this. How much more yellow toner do
I need to buy because my print outs are covered in yellow dots?

I wonder how many million extra gallons of yellow toner and ink are wasted
every year printing these tracker dots?

~~~
therein
On some printers, this is the reason why the printer will refuse to print a
BW-only printout while the only empty cartridge is the color one.

~~~
anc84
That needs a citation or a sarcasm tag.

~~~
mcv
Does an anecdote count? My Samsung refuses to print b&w when a color cartridge
is empty.

~~~
dspillett
I've always assumed that is just lazy design (some resources that _might_ be
needed are unavailable, report and refuse to print withut checking if they are
_actually_ needed for the current job) rather than due to a security (or even
ink selling) measure. I've seen the behaviour as far back as the first colour
photocopier I ever used.

~~~
seszett
I've seen that as well a long time ago on a black+red photocopier, no yellow
and probably no tracking patterns since red would have been quite visible.

------
nathanvanfleet
The Lives of Others, which takes place in East Germany and includes a
typewriter which is not registered with the government; was one of the best
movies I've seen in a long time. And it's ultimately the live we'll live as
tracking technologies continue to get better.

~~~
cm2187
When we start evoking the Stasi in a discussion about this surveillance, it
always feels a bit like a Godwin point. But the reality is that all of this
surveillance is exactly what the Stasi used to do and what the west was
fighting the communist block for. If I had told people in the 80s that shortly
in all western countries, all communications will be monitored, it will have
become illegal to have any discussion that the government cannot eardrop on,
the state will be compiling a file on every of its citizens and want to have a
list of every book and article every citizen reads, they would have thought
that the russians invaded us.

~~~
lb1lf
Pedantry mode: All of this surveillance is exactly what the Stasi _dreamed_ of
doing.

(I fully agree with your point; however, I'd argue that the (relative, back
then) lack of digital storage and communication made gathering of information
much, much harder back then than it is now - even for the Stasi.)

~~~
Consultant32452
The Stasi would've likely loved these tools, but I'm not sure they're
necessary. The point of the Stasi behavior was to instill fear in the masses,
to turn neighbor against neighbor. The fact that the average citizen today is
hardly even aware of things like printer dots means it's serving a different
purpose.

~~~
lb1lf
Then again, it could be argued that the need to instil fear in the masses
arose precisely as they didn't have the resources to scrutinize all the people
all the time. (

So they needed to make sure all the people expected to be under surveillance
all the time, to keep them from doing anything undesirable (to the state, that
is) while not being watched.)

IIRC the Stasi had a hard time connecting the dots (pun not intended) as the
massive data sets mostly existed on file cards.

Today's problem is somewhat different: You've got loads of data, you've got
the means to rapidly search and index it - but still, for some reason or the
other, massive data collection doesn't appear to lead to much by way of
desirable (to the populace, that is) results - actual terrorists apprehended,
actual conspiracies unearthed, etc.

A cynic would assume that means the data is collected for other, more
nefarious purposes. Cough.

~~~
unholythree
I agree. Without moralizing on the motives, it seems like the objective of
establishing an institution like the Stasi is control. If you can have that
control with a velvet glove and spare the resentment so much the better.

------
ProfessorLayton
It would be neat if there was a privacy printing app that added random yellow
dots to a document to obscure the info.

Perhaps simply printing a single yellow dot through a few different printers
would be enough to accomplish the same thing. Then using the resulting paper
for "real" prints.

The more I think about it, this could even be a service. "Preprinted" paper
that went though a bunch of printers, each adding their own unique identifier
each time, then sold and distributed.

That or just paying cash for a printer.

~~~
brianwawok
I hate to be the security is not important if you aren't doing anything wrong
guy.... but I use a printer to do things like print a picture for my kid to
color. What the hack are you doing with you printer to need pre dotted paper?

~~~
demarq
Your kid, enjoys the nice things in life in part thanks to the thankless work
of activists. Lot's of freedoms we have today are because of people who put
themselves under great risks to benefit the rest of us. They might be printing
pictures for their kids or evidence of powerful entities doing things they
shouldn't be doing.

So it's nice that you print stuff for your Kid, but what about those who print
for societies sake?

~~~
mowenz
That's the most important argument. The second has to do with the vast number
of different kinds of abuses that will occur--that you previously couldn't
even imagine would--when we give up our privacy^1

[1]-[https://www.privateinternetaccess.com/blog/2016/09/police-
ro...](https://www.privateinternetaccess.com/blog/2016/09/police-routinely-
misuse-state-federal-databases-stalk-romantic-interests-business-partners-
family-even/)

------
i336_
I just realized something.

\- Office IT maintenance all hate printers

\- I'm sure you've gaped at the control software that came with the little $40
inkjet you bought (or had to use) at some point

\- Even the creator of MINIX cited "buggy printer drivers" as his rationale
behind prferring nanokernel architecture (all drivers run in userspace)
instead of monolithic approach (all drivers run in ring 0; printer driver sits
next to crypto keyring).

So. Printers are terrible.

Remember Brinks' fireproof safes that were absolutely rock-solid but were
running fully _un_ patched WinXP and had a USB port on the side of the keypad
for "security updates"? Hackable with a keyboard stuffer that looked like a
flash drive.
[https://news.ycombinator.com/item?id=9961024](https://news.ycombinator.com/item?id=9961024)

I remember reading (somewhere) a conclusion that went along the lines of,
Brinks are awesome at making safes - and this safe was truly amazing - but
they weren't a software company, to a profound extent.

It's clear to me that printer companies are similarly really, _really_ bad at
software design too.

So, reverse-engineering the firmware to figure out what things printers are
doing use probably wouldn't be all too difficult.

The printer companies were told to write the code, not write it perfectly and
make it impossible to unravel as well.

Of course, if anyone actually take a crack at this (excuse the pun) that'll
make things change a bit, but printer firmware is probably at the "open sesame
in a big way" stage right now, and the printer industry is huge and slow to
change, which suggests reverse engineering could remain trivial for a little
while, even with publishing.

~~~
jbmorgado
I was actually discussing this the other day at work (I work in a relatively
small laboratory of about 50 people and we don't have a dedicated IT
department so most of us contribute a bit to keep the IT infrastructure).

It is incredible how fickle printers are, all the hassle they give, printing
problems, network connection problems, special drivers to install even on
modern operating systems, paper jams (one would have guessed by now they
should have at least solved the paper jams) even on our quite expensive
printers.

It's like everything but the print quality got stuck in the year 2000 and
never again evolved.

------
kylehotchkiss
It could just print the mac addresses of all the nearby wifi networks. One
subpoena to google's mapping service and you know exactly where the paper was
printed. Yay, surveillance.

~~~
comboy
Seems like a lot of data to print. I suppose just unique id would be enough.
If the printer has access to wifi or internet connection in general (even
through usb drivers) it can report the details.

~~~
likelynew
Well, modern printers print with 100s of ppi, which on doing some maths
suggest around 100 dot in a box of side 1 mm(in 250 ppi, most printers print
with more ppi), enough for displaying 64 bit number with hash, even if it only
works in binary mode. If more that just on/off can be detected, it can store
much more.

------
bobsam
The real question you should be asking yourself is how hard it is to fake
these. If I get hold of someones copies, can I use them as template?

~~~
kemiller2002
I think this is an excellent example of why security through obscurity is a
bad idea. Now that we know they are there, it's only a matter of time before
they are all broken and duplicated. How hard is it? I don't know, but I can't
imagine that its impossible. Given time and technology, someone will figure
how to forge these without difficulty.

They were clearly betting on the fact that no one would notice they are there.
What scares me is we're just finding this out. How long have criminal
organizations and rogue nations known about this and what have they used it
for?

~~~
schoen
I'm confused about why people consistently think that this was a total secret,
no matter how many waves of press coverage it gets.

[https://en.wikipedia.org/wiki/Printer_steganography](https://en.wikipedia.org/wiki/Printer_steganography)

There were press articles about it by 2004 (and I think some earlier), we had
written the tool that Rob Graham used to decode these scans by 2005, and I
gave a number of TV interviews about it during 2005. A small number of
manufacturers (maybe worried about European data protection laws) also alluded
to the existence of the technology in their user manuals. Some of the people
from industry who contacted me also said that this was common knowledge to
people in the printing industry since at least the turn of the millennium.

~~~
Mathnerd314
None of those are enough. Unless the spying feature is directly marketed to
consumers, e.g. a TV ad that says "Buy a color printer THAT SPIES ON YOU
today!", >92% of the population will never learn about it. (That estimate
being from the # who don't read license agreements:
[https://measuringu.com/eula/](https://measuringu.com/eula/))

Generally, anything that less than half of the population knows abut is a
secret (e.g., menstruation is still called a "secret" in some circles...), so
you shouldn't be confused, just disappointed at how gullible / uninformed the
average person is.

~~~
bubblethink
>Unless the spying feature is directly marketed to consumers, e.g. a TV ad
that says "Buy a color printer THAT SPIES ON YOU today!", >92% of the
population will never learn about it.

Heh. The tagline for this car HUD ([http://www.jbl.com/connected-
car/CP100+LEGEND.html](http://www.jbl.com/connected-car/CP100+LEGEND.html))
says, "Now your car can be on the grid too". That's getting pretty close to
your tagline.

------
bo1024
FOSS seems to be the best, if not only, solution. (As usual, when it comes to
freedom and privacy...)

~~~
beefsack
It's likely any tracking mechanism would be implemented inside the hardware,
not as part of drivers.

~~~
rjmunro
It would be in the firmware. It should be possible to hack a printer with open
source firmware.

You could even make a printer with open source hardware - something like this,
but higher resolution:
[https://www.youtube.com/watch?v=zX09WnGU6ZY](https://www.youtube.com/watch?v=zX09WnGU6ZY),
or think [http://reprap.org/](http://reprap.org/) \- home made 3d printers
made only from commonly available and 3d printed parts.

~~~
aaronmdjones
> It should be possible to hack a printer with open source firmware.

You'd think so. After all, Stallman created FSF in part because of his
frustrations with a printer!

> In 1980, Stallman and some other hackers at the AI Lab were refused access
> to the source code for the software of a newly installed laser printer, the
> Xerox 9700. Stallman had modified the software for the Lab's previous laser
> printer (the XGP, Xerographic Printer), so it electronically messaged a user
> when the person's job was printed, and would message all logged-in users
> waiting for print jobs if the printer was jammed. Not being able to add
> these features to the new printer was a major inconvenience, as the printer
> was on a different floor from most of the users. This experience convinced
> Stallman of people's need to be able to freely modify the software they use.

------
tiku
We could just sell "tracking dotted white paper", with 150 different patterns
on it.. Or just release a pdf that has them embedded so you can print that
first.

------
kazinator
Paying cash for the printer should mitigate things. At best they can tell
something like that the page was printed by something that passed through a
BestBuy warehouse in your town in the first quarter of last year, and that's
it.

Buy a printer hundreds of miles away from home while on a road trip, pay cash,
and then do whatever you want with it: print yourself a hundred million
dollars and enjoy your print-irement. :)

Simply the _awareness_ about the possibility of tracking goes a long way.

~~~
vacri
If your printer is on a network, it can 'phone home' in most cases. They now
know which IP address the printer lives behind. Get compromising document >
look up serial number from dots > look up IP address from serial number > get
address for IP from ISP (through means fair or foul). Payment option is
irrelevant.

~~~
kazinator
In those "most cases" when it's not blocked from doing so by your firewall.

If you were paranoid enough to pay cash for a printer somewhere far from home
because of the tracking issue, you will probably block it from sending
messages outside of your LAN.

------
icholy
Here's how you decode them
[https://w2.eff.org/Privacy/printers/docucolor/](https://w2.eff.org/Privacy/printers/docucolor/)

~~~
8_hours_ago
_This information is the result of research by Robert Lee, Seth Schoen,
Patrick Murphy, Joel Alwen, and Andrew "bunnie" Huang._

Does bunnie do any non-cool projects?? He inspires me more than any other
developer/researcher today.

------
JulianMorrison
If your printer has tracking dots, this doesn't tell the people reading the
tracking dots on the printout anything, unless they either

\- already suspect you, or

\- can trace the serial back to the purchase.

Conclusion: buy your printer second hand and don't get caught.

~~~
cestith
\- in cash

------
mattpavelle
My cursory research into this topic (this morning...) lead me to believe
inkjet printers may be uncompromised (not printing steganographic dots). The
NYTimes believed this to be the case as well back in 2008
([http://www.nytimes.com/2008/07/24/technology/personaltech/24...](http://www.nytimes.com/2008/07/24/technology/personaltech/24askk-001.html))
- anyone with more knowledge of the subject have information about this?

~~~
schoen
I wrote the original article, and that consistently matches what we've learned
and heard. However, that doesn't mean that forensics can never identify the
printer that printed a document (there's an entire lab at Purdue that's been
studying possible ways to do so for over a decade!), just that the printers
are not intentionally engineered to track their users.

Edit: It looks like the Purdue lab was only publishing research from 2003 to
2010, or hasn't updated its web site.

~~~
CodeWriter23
So they perfected it and received a gag order under the State Secrets Act.

~~~
schoen
Good thing this country doesn't have a State Secrets Act!

(Maybe
[https://en.wikipedia.org/wiki/Invention_Secrecy_Act](https://en.wikipedia.org/wiki/Invention_Secrecy_Act)
if they filed for a patent.)

~~~
CodeWriter23
That's what I was referring to. Thanks for the clarification.

------
higginss
We need an open source / hardware 2d printer

~~~
apk-d
I love the term "2d printer". What a time to live in.

------
codezero
Is it possible to add yellow dots or the opposite of yellow dots (assuming
they are additive?) to the printed content such that the existing dots become
noise?

~~~
samtho
Just a guess, but I would be willing to bet that some of these manufactures
ensure that the tracking appears outside of normal printable boundaries.

~~~
theodorton
Buy two of the same printer and they'll scramble the code!

------
FatAmericanDev
Is there an open source printing platform that allows the printer to be sure
no codes are inserted?

~~~
mkj
I guess you can use a 3d printer as a 2d plotter...?

~~~
callalex
We're halfway to going back to tablets, in the literal sense.

------
whiw
So if we swap our yellow and (say) blue cartidges then these dots will become
more apparent?

~~~
jerrre
if you find a printer which accepts it... (haven't tried, but I fear it won't
be this easy)

------
dmitrygr
Time to start printing full yellow background instead of white. Con: lots of
yellow toner needed. Pro: no tracking.

Or maybe never refill Yellow toner and then dots fail to appear.

~~~
Simulacra
..or a return to dot matrix printers? Good thing I never threw those away.

~~~
bonaldi
I think that might make you easier to track. Even driving slowly round the
neighbourhood listening carefully would ferret you out.

~~~
Simulacra
LOL I'm still not throwing them out. Nostalgia. They'll sit on a shelf next to
my Nintendo and typewriters.

------
kazinator
> _the source of documents produced with other printing technologies are also
> possible, but, as far as we know, other kinds of printers do not
> deliberately encode their serial numbers in their output._

To clarify, _other_ here refers to anything other than a color laser?

Also, are color LED printers included as color laser? (I would think so).

~~~
schoen
> To clarify, other here refers to anything other than a color laser?

Right.

> Also, are color LED printers included as color laser? (I would think so).

Yes. We could also perhaps say "color printers other than inkjet or dot
matrix".

Also color photocopiers (using the same codes).

------
tarikozket
For people wondering what the dots looks like:
[http://static.snopes.com/app/uploads/2017/06/printer_EFF_dot...](http://static.snopes.com/app/uploads/2017/06/printer_EFF_dot_code_fb-865x452.jpg)

------
c3833174
Why not just use dot matrix printers?

Can be had for free from business throwing them out, ribbons are readily
available, plus they can be used as generic printers (limited graphics
capability, but supported both on windows and CUPS) or by writing directly to
/dev/lp0

~~~
fizgig
Someone from Purdue (I think) did research on being able to identify printers
that used stepping motors due to unique characteristics in various models as
well as individual printers.

I'm not sure if dot matrix was in the study (I want to say it was inkjet?) but
the principle remains the same.

Not as precise as embedded serial numbers with watermarking, but it could get
a whistle blower identified.

------
Cieplak
Time to start reverse engineering printer firmware :)

------
amiga-workbench
Are there any known forensic marking methods used by monochrome laser
printers?

~~~
schoen
No, but it may still be possible to tell them apart in some ways.

It would be good to start with

[https://engineering.purdue.edu/~prints/publications.shtml](https://engineering.purdue.edu/~prints/publications.shtml)

and then see who's cited them in the last few years.

------
alkonaut
It's basically impossible to rule out that an image (or anything rasterized)
is watermarked.

The best way of ensuring this isn't to test it, but to simply ask the producer
whether they would do this. If they say "no" or refuse to answer then don't
buy that product. Not even if you had a printer from a manufacturer that had
public firmware and driver code could you be sure by just inspecting the code
and the printed output.

If they clearly say they don't watermark output then you probably have to
trust them or simply not use printers.

------
dang
Discussed in 2010:
[https://news.ycombinator.com/item?id=1408510](https://news.ycombinator.com/item?id=1408510)

------
pvaldes
So... Maybe people should start printing some documents directly in yellow
paper?

I wonder if printing a blank page and then double printing the document on
this page would distroy the pattern

It seems that there is an opportunity here for creating a program able to
print a random layer of light yellow points to a blank page.

------
em3rgent0rdr
this is why open-source printers are so essential.

------
fiatjaf
I don't understand what could be done by governments with this kind of
information. Please enlight me.

~~~
Eric_WVGG
An NSA contractor leaked information about the Russians meddling in the 2016
election to the press. She had been identified using these techniques.

[https://www.nytimes.com/2017/06/06/us/politics/reality-
leigh...](https://www.nytimes.com/2017/06/06/us/politics/reality-leigh-winner-
leak-nsa.html?_r=0)

~~~
schoen
Note that the Times qualified this with: "And there may have been an even more
glaring telltale that the F.B.I. did not mention in court filings." (So they
were more cautious in that respect than other journalists, unfortunately.) In
particular, the government has not acknowledged having used this evidence.

------
codedokode
I wonder what is the motivation for printer manufacturers to implement this
kind of tracking?

~~~
NewSystems
I wonder what is the motivation for consumers to care?

------
amq
Even without deliberate watermarking, it is probably provable that an x
document comes from a y printer, based on the way how letters look under
microscope. Relevant, for example, if one would be dumb enough to print secret
documents at home.

~~~
zaxomi
Yes, it probably is. But it is a very big difference that someone can prove
that a specific printer they are in possession of was used by comparing the
printed papers, or if they can just look at the paper and get the serial
number and time the document was printed. (And if they have a database of who
purchased the that printer, they know where they should start to look)

------
lsiebert
I wonder if printing the exact same document on the same paper might mess up
watermarks

------
jakub_g
ICYMI this is linked to this thread from yesterday:

"Secret Dots from Printer Outed NSA Leaker"

[https://news.ycombinator.com/item?id=14494818](https://news.ycombinator.com/item?id=14494818)

------
chris_wot
Makes the following book pretty fascinating reading:

[https://books.google.com.au/books?id=1XKqCAAAQBAJ](https://books.google.com.au/books?id=1XKqCAAAQBAJ)

------
sedachv
Has anyone here tried building a laser printer following Horace Labadie's book
_Build Your Own Postscript Laser Printer and Save a Bundle_?

------
adventist
Why create such a list? It seems like things like this should just be in the
background to be used by people who may need this information in the future.

------
barking
The best bet is to assume that everything is traceable. Best you can do is do
ocr on what you've printed and pass that on, i'd say.

------
dgudkov
Matrix printers may suddenly get back in fashion.

------
kristianp
This seems to be only color printers. Does that mean B&W printers are too hard
to add the tracking information to?

~~~
desdiv
The ostensible reason for this tracking feature is to deter counterfeiters (of
currency). Since no currency is B&W, there would be no defensible excuse to
coercer the manufactures into complying.

------
woof1971
Would printing on yellow paper solve the yellow-dot problem, or would the
still be detectable?

------
_pmf_
There might still be statistically significant alterations that allow
tracking; I'd be very careful.

------
pbhjpbhj
Do scanners also add unique identifiers to output, that seems like the low-
hanging fruit in this space.

------
mtgx
Samsung printer business was just sold to HP, so there goes that option.

------
cowpig
Is there a reason that this would be a bad thing, pragmatically speaking?

~~~
irixusr
Not necessarily. In fact the Stasi thought it was a swell idea!

------
ouid
can I just use up all my yellow ink to solve the problem?

~~~
pja
Then your printer will stop printing & demand that it be refilled. (At least
some are known to do this now.)

------
jlebrech
anyway to make it print someone else's dots?

------
5_minutes
Thanks, handy to know for my ransom notes.

------
JammyDodger
Privacy printer startup anyone?

