
Fake Documents that Alarm if Opened - phsr
http://www.schneier.com/blog/archives/2011/11/fake_documents.html
======
jgrahamc
But like my 'email canary': <http://blog.jgc.org/2011/06/my-email-canary.html>

~~~
mike-cardwell
That's a really nice idea. I think my solution is better though. If an
attacker manages to access my email account, all they're going to see are PGP
encrypted emails.

[https://grepular.com/Automatically_Encrypting_all_Incoming_E...](https://grepular.com/Automatically_Encrypting_all_Incoming_Email)

They wont be able to read password reset emails or anything else in there.

I might set up a canary though, as it sounds like a useful way of being made
aware of a compromise.

~~~
Splines
It'd be interesting to see how your (and other's) setup have endured actual
attacks. As someone non-versed in security, I think your approach sounds
great. But how does it fare when someone comes knocking?

I wonder the same thing about my setups. I have a password manager with random
passwords for every site/forum that I encounter. It'd be nice to know of the
efficacy of this work - has it helped me in any way? I'll never know.

------
praptak
There is a much better (and older) idea: introduce subtle watermarks into the
actual content of the document itself. Minor typos, changes of word order,
maybe even different facts. Different people in your organization get access
to those slightly different versions. Once a document emerges where it's not
supposed to be, your knowledge about who might have leaked it increases.

I have heard (not confirmed) that mapmakers introduce small errors into their
maps to detect competition copying their maps instead of the terrain.

~~~
delinka
While reading the blog post, I was thinking about steganographically inserting
data into printed documents. It might be more difficult in this age of grammar
and spell checkers, but sounds fun to play with.

It just occurred to me that stego could be applied at the word level to get
around spelling and grammar corrections.

~~~
Djehngo
There was a tool which was used to trace forum leaks/mirrors, it was made/used
by an Eve Online Alliance of all things. (If you can find a 2010/2011 mirror
of the "Pandemic Legion" forums there should be a description of it on there).

From what I read it would introduce subtle changes based upon some identifier
(either IP address, user account or both).

The variation was generated by using unicode characters which were either
invisible or very close substitutions to actual characters. This could be
countered by anyone who knew it was there however.

There was also the ability to write a block of the post in multiple different
ways. With 5 blocks written 5 ways each you can get 3125 different variations
of a post.

There is probably some interesting mathematics relating the level of
redundancy to the minimum number of documents that would be required to make
an un-tracable version.

------
phpnode
I've been doing this for a while with <http://trackmycv.com/> basically you
can embed a transparent pixel in an MS word (or any other kind of MS office
document) and get notifications whenever it's opened.

------
jasonkolb
This is why I would never heavily use a computer without something like Little
Snitch (<http://www.obdev.at/products/littlesnitch/index.html>) installed.

Highly recommend.

------
TorKlingberg
The phone home mechanism is not necessarily on the client side in MS Word
macros. It could be the file server logging access to the fake documents.

