EDIT: Here is a source:
Recent versions of image editors such as Adobe
Photoshop or Paint Shop Pro refuse to print banknotes.
According to Wired.com, the banknote detection code in
these applications, called the Counterfeit Deterrence
System (CDS), was designed by the Central Bank
Counterfeit Deterrence Group and supplied to companies
such as Adobe as a binary module. However,
experiments by Steven J. Murdoch and others showed that
this banknote detection code does not rely on the
EURion pattern. It instead detects a digital
watermark embedded in the images, developed by
An interesting hack is that this Digimarc pattern could be used for a Copy Attack . To my knowledge the mark is not tied to the image of the bank note in any way. So in short:
You could extract the Digimarc pattern and apply it to any other document, which then in turn could not be edited by mentioned software.
I think it's only the legal issues that keep people from RE'ing the algorithm and generating obviously-non-banknote images which get detected, in a similar spirit to this:
As the watermark detection algorithm is not that resource-intensive, I would guess that a false positive is even easier to produce.
All said with a /s, but with a serious question. What happens when we reach a point where the software and hardware exist to do this? Many hosting providers are already doing something similar as well. I believe they work by taking a image hash and comparing it to a known database, but the newer hashes work even as the images are slowly modified.
Would there be any way to stand against this trend without being demonized?
I'm just glad we're not at the level of "open-source image processing software and hardware enables banknote counterfeiting" yet...
Suffrage, Civil rights, Gender equality movements have/are been able to stand and change world while being demonized.
Every political position is demonized by its opponents. The ones that are successful are championed by people that persevere even though they are demonized. (That is not, of course, to say that all those with such champions are successful, however.)
edit: found it here https://github.com/jplona/code/blob/master/eurionize.pl
(Jokes aside, I love GIMP and just want to make clear I hate the whining of the irrational "GIMP is worse than Photoshop" family of HN posters.)
I'm assuming this is a case of "the suits told us it couldn't import banknotes", so they made it not import banknotes. Banknotes that were already imported... well you didn't say anything about that.
(The same thing happened for the DVD encryption. Someone asked an engineer for encryption. The engineer just happened to have made it easy to bruteforce the key, negating the entire point of the encryption.)
Remember: you're the software engineer -- write the software you want, not the software you think someone wants you to write.
The DVD Content Scramble System came out in 1996, at which time the US still heavily regulated the export of "strong" crypto. DVD-CSS uses a LFSR-based stream cipher with a 40 bit key because it could be implemented efficiently in hardware, and the export restrictions did not apply to ciphers with 40 bit keys. Considering the constraints it was designed under I don't think anyone should be inferring that it was weak on purpose.
That's easier said than done, kudos to those that pull that off but there is this thing called code review and if your co-workers are halfway competent you'll get called on what you built. In some cases that can be a career limiting move.
Better to pick your employers so that you don't end up as an enabler of technology used against the public interest.
Of course if you're going to 'take one for the team' and purposefully gain employment somewhere for the sole reason of messing with the machine that's a laudable strategy but it will likely come at a price in the longer term.
I have recent relevant experience in this regard. I'm working on a system for university-level language professors, a large part of which is making it easy for them to use videos for homework assignments. We recently had a meeting with one of the university's copyright lawyers to ensure that the video delivery system was sufficiently "safe", and they'd be legally protected from being sued for copyright violations when professors want to use films in their classes.
We quickly discovered that, if we explained things well enough that the copyright lawyer was capable of understanding how decrypted video ended up on the students' screens, and thus how a sufficiently tech-savvy student might possibly pirate it, they would freak out and insist we Do Something More. The obvious solution: stop explaining how things work, 'cause this is just making more work for ourselves. Tell them "other people used this thing and didn't get sued", and deflect all technical questions, on the other hand, and they leave us alone and let us work on something reasonable.
And so it should be. We're talking about a technological measure that is being implemented with the intent of preventing an actual crime. There is a real possibility in this case that undermining the measure will increase the amount of that type of crime that is committed. There is also little evidence that the measure is being abused by others on a significant scale with actual negative side effects for anyone.
Now, a developer might not want to implement that measure because they were concerned with other consequences that might not be in the public interest, or with the future potential for such consequences. This might be a perfectly reasonable position morally and/or technically, and as you say, that developer has the choice not to take that job. It's not as if good programmers are starving in the streets for lack of other opportunities, after all.
But if you do take a job as a programmer on a project, typically your authority and responsibility do not extend to setting the requirements and deciding on policies like this. If you presume to deliberately undermine those whose jobs do include making those decisions, you should be treated as a bad employee and dealt with accordingly, and that does include being fired, getting a professional reputation for being unreliable and not a team player, and so on.
Also, if you decide you don't want to try that hard on "anti-counterfeiting" protection, that's fine with me ;)
If you fuck up your goals, yup, you could be fired. Supply of programmers is much lower than demand, so I bet you'll find more work. Or you can retire and repair bicycles for a living. You'll do fine.
It's not always that easy =(
This brings up the thought of whether some of the developers for locked-down systems like game consoles, phones, tablets, etc., are deliberately introducing vulnerabilities with the intention of enabling users to use them to take control of their devices, and of course they would behave entirely as if it was accidental. It's somewhat far-fetched and optimistic, but certainly a nice possibility to think about...
Even though console/content lockdown is a business line item, it's not as much of a priority to the business to ship a console that will sell well, and to develop it with deadlines that are too short.
Remember: you're the Xer -- do the X you want, not the X you think someone wants you to do.
"Remember, you're the politician. Pass the laws you want, not the laws you think the electorate want you to pass."
"Remember, you're the soldier. Fight the wars you want, not the wars you think your country's leadership want you to fight."
"Remember, you're the fireman. Fight the fires you want, not the fires you think the person who called 911 wants you to fight."
The idea that you should do whatever you want regardless of the team or management you work with looks pretty dumb when you apply it to situations that actually matter. The world would not be a better place if everyone decided to just assume they're right all the time and ignore everyone else.
I see that principle as putting the responsibility back into the shoulders of the person carrying the action.
I see it as a way of ignoring the "just following orders excuse". So no, I don't think it looks pretty dumb, I think it is as something to consider seriously.
Edit: Added footnotes
You're going to Godwin the thread? Really?
If you do want to make that argument, please consider firstly that the Nuremberg defence failed, in that particular context, because it was considered so obviously inappropriate for the defendants to act as they did just because they were ordered to do so that they should have known better and refused to comply.
Secondly, please also consider that the Nuremberg verdicts stand in stark contrast to normal military discipline in basically every armed service in the world, where refusing to follow a lawful order from a superior officer is grounds for a court martial and potentially a severe punishment.
In particular, the current situation recognised by the International Criminal Court and the 100+ signatory states to the Rome Statute lists only genocide and crimes against humanity as manifestly unlawful, potentially admitting the superior orders principle as a defence in other cases where the defendant believed they were complying with a lawful order. This is even noted in one of the links you gave yourself.
In any case, I would hope we all agree that being instructed to implement a software safeguard against criminal production of counterfeit currency is not on the same scale as being instructed to execute millions of innocent people in gas chambers.
"Remember, you're the politician. Pass the laws you want, not the laws the party leaders say you should pass."
"Remember, you're the soldier. Complete the mission without unnecessary collateral damage, even though you wouldn't be punished for killing civilians unnecessarily."
"Remember, you're the fireman. Exercise caution the way you want, not how you've seen firefighters in movies act."
Sometimes you should ignore people and pressure to do the right thing.
"Adobe adds algorithms to Photoshop that prevent users from opening or printing scanned money. While we've been aware of this feature for quite a while"
Posted by Craig Swanson on May 14, 2006 07:03 PM
edit: seems to be more info here, from 2004. Latest Photoshop version contains anti-counterfeit measures
edit: just kidding - I'd probably download a parking lot worth of cars
If you zoom in, you can see 50 written in many places in a really tiny font, barely visible if you look at it with the naked eye. In number 1, the yellow dots are clearly visible (if I remember correctly these are what Photoshop looks for).
They were caught out by scammers (or unknowing people with scammed notes) several times last year and the bank rejected the notes (and of course wouldn't hand them back)
Apparently the counterfeit notes are sometimes on a plastic too, but not sturdy enough to withstand a quick tear. I'm not sure how long that will hold true though.
It's an arms race that will not end.
"Printer steganography is produced by laser printers, including Brother, Canon, Dell, Epson, HP, IBM, Konica Minolta, Kyocera, Lanier, Lexmark, Ricoh, Toshiba and Xerox, where tiny yellow dots are added to each page. The dots are barely visible and contain encoded printer serial numbers and timestamps."
There is nothing preventing Adobe from implementing a script that auto forwards your account details (Via Adobe Cloud!) to law enforcement if the CDS detects money. That alone could easily be made into probable cause and based on how easily warrants are being given nowadays, could easily lead to a no knock warrant being issued.
(author notes his own earlier presentations on this topic starting 2004)
0. http://lcamtuf.blogspot.fr/2014/11/pulling-jpegs-out-of-thin..., http://lcamtuf.coredump.cx/afl/, american fuzzy lop
1. http://news.cornell.edu/stories/2015/03/images-fool-computer..., Images that fool computer vision
Somehow I think it's not that simple, but also somehow I think that real counterfeiters will not be deterred by this manner of weak DRM.
And of course they will get caught and have their lives ruined. So by making the act of falling into the temptation a bit harder, you are keeping more honest people honest.
A few months ago, one of our Konica all-in-one units flat out refused to scan a customer invoice, claiming that it's illegal to scan banknotes.
In the Netherlands there is nothing illegal about copying money; what is illegal is spending it (or having it spent by someone else) as real money on purpose.
Idea behind that, I think, is that there is a gradual scale from real money to good counterfeit to lousy counterfeit to images of money printed in a journal or even on a coffee mug to basically whatever can be printed.
Though from what I understand, it's illegal to make copies (electronic or otherwise) of banknotes in both Scotland and the USA.
When I was recently in the US, I bought a novelty pad of oversized $100 bills from the Bureau of Engraving and Printing gift shop. It's obvious they're not real but they have all the hallmarks of a real bill - a serial number, same print, series number and even the phrase "THIS NOTE IS LEGAL TENDER FOR ALL DEBTS, PUBLIC AND PRIVATE". Even a fake (monochrome, scanned and non-reactive) security strip.
My fiancée bought a similar pad of oversized novelty £20 notes here a few years ago which were littered with the word "specimen" and small print stating that they were for novelty use only. Additionally, many government websites with images of banknotes here have the word "specimen" printed quite prominently on their images (except where the image is a photograph of a banknote in some setting, not stand-alone).
Worth a look if any of this amused you: http://www.thepoke.co.uk/2014/08/05/10-banknotes-improved-by...
What is much more disturbing: I still don't know if it's possible to find hardware devices like scanner and printer, that do what they are intended to do, and are not masking banknotes or leaving special marks on printed image.
I would love to know how to manipulate images/documents to make it so that photoshop won't open them and photocopiers won't copy them...
 - https://affinity.serif.com/
 http://i.imgur.com/XInY8HI.jpg left side
Or you could do what the really clever criminals do and just go into banking and finance.