DEDA – Tracking Dots Extraction, Decoding and Anonymisation Toolkit

Posted by pavel_lishin 4/1/2025

DEDA – Tracking Dots Extraction, Decoding and Anonymisation Toolkit(github.com)

286 points | 99 comments

otaviogood 4/1/2025|

Me and my team used these yellow tracking dots to reconstruct shredded documents for a DARPA shredder challenge over a decade ago. You can see our program highlight the dots as we reconstruct the shredded docs. https://www.youtube.com/watch?v=uzZDhyrjdVo Thanks to that, we were able to win by a large margin. :)

computerdl 4/2/2025||

Oh wow, I remember hearing about this challenge on Daily Planet when I was still in elementary school. It's super cool seeing a follow up, it brought back a hidden memory.

Super cool demo btw

AceJohnny2 4/2/2025|||

and here I thought the library shredder/scanner in Vinge's Rainbows End was just sci-fi loosely based on gene sequencing...

(I mean it is, but seeing this almost real-world implementation is fun!)

dylan604 4/1/2025||

what was the process of getting each of the shredded pieces scanned for your program to use. I'm guessing that process could have a write up on it just as much as the solver. there's definitely a personality type that can handle that type of mess

otaviogood 4/2/2025||

DARPA scanned the shreds. The funny thing is, they didn't want to shred the original paper, so first they photocopied the paper in a high quality color copier, shredded it, and scanned it. And that's where the little yellow dots came from. :D

dylan604 4/2/2025|||

interesting. now my brain is churning on why would they not want the originals shredded. what does that say about the value they placed on the originals? why would they open a contest up with documents of such perceived value as the content? being DARPA, i'm sure there's a reason though

otaviogood 4/2/2025||

You might be reading into it too much. I think the originals were just random pieces of different kinds of paper. Graph paper, yellow lined, paper, blank white paper... I don't remember exactly, but I think the copies could be special paper with a colored backside so they would know which way was up really easily for the scanning process.

dylan604 4/2/2025||

no it was a deliberate what if meant in jest that probably really could have been kept to myself

anitil 4/2/2025|||

Did they scan both sides of the shreds?

chaps 4/1/2025||

Had the experience of poking at tracking dots recently for circumstances I won't share here.

Do y'allself a favor and get a blue LED flashlight and point it at a color print. It's shocking how many are printed. It looks like a spattering of sand across the entire page!

RachelF 4/2/2025||

I'm surprised there's not been a class action against printer manufacturers for all the extra yellow toner that's been used.

kmoser 4/2/2025||

Not to mention failure to accurately print what you sent to the printer. There must be some use case where these "invisible" dots actually undermine the intended output.

timewizard 4/2/2025|||

It's not even just for printers anymore.

https://datadotusa.com/technology.htm

ale42 4/2/2025||

Not exactly the same thing. This is more akin explosive tracers, i.e., lots of small particles that contain some identifying information.

atVelocet 4/1/2025||

Are we talking about laser, color laser and/or ink printers?

twalkz 4/1/2025||

> My printer does not print tracking dots. Can I hide this fact?

> If there are really no tracking dots, you can either create your own ones (deda_create_dots) or print the calibration page (deda_anonmask_create -w) with another printer and use the mask for your own printer

The thought of being able to “spoof” the tracking dots of another printer has interesting implications for deniability. Though I guess in this case you’d still need access to the original printer to print the anonmask…

decimalenough 4/1/2025||

Per Wikipedia, the dots' "arrangement encodes the serial number of the device, date and time of the printing", so all you really need to spoof somebody else's printer is the serial number. Which can likely these days even be accessed remotely through printer settings.

CobrastanJorji 4/1/2025|||

No need to examine the printer. Just find a sheet of paper that printer printed, decode the dots, and then print your super illegal whatever with their printer's dots and a timestamp that makes sense for whatever you're framing them for doing. Nobody's ever gonna believe "the dots were a lie." They sound too much like fingerprints.

dylan604 4/1/2025||

Or just go to a big box retailer, grab a couple of serial numbers off of the packaging, and then randomize per page.

thfuran 4/2/2025|||

Better than nothing, but you probably don't want to produce a document that purports to have been printed by three different printers that were likely only in the same place during a relatively short period surrounding when you went to see them. You'd be better off just making up serial numbers.

CobrastanJorji 4/2/2025||

Nah, it's even better. "These messages were printed on a variety of different printers on three separate dates, but all of the printers were in an Office Depot during that time. Now we just need to go through the footage of those days to see who was in that store on all three days." Meanwhile, you're in another state on those days, doing crime.

Terr_ 4/2/2025|||

> on all three

Except if you can manipulate the timestamps, then they aren't relevant anymore, so the search space is much bigger than the intersection of each set of days.

It's the intersection of all the people who visited each printer at least once any time.

CobrastanJorji 4/2/2025||

Yeah, but the police (and then the prosecutors if they find someone who matches) are operating under the theory that the tracking dots are correct. They really want the dots to be correct. They don't want the dots to be wrong. This is why nonsense like "fiber matching" lasted so long: the people prosecuting the crimes want it to be right so badly that they're practically on your team.

dylan604 4/2/2025|||

Or post a thread on r/inkjetssuck or some such, and just have people from all over the world go into the big box stores to get serials to post as a reply

anigbrowl 4/2/2025||||

Assumes single page documents

banku_brougham 4/2/2025|||

Why is the randomizing step needed?

Brian_K_White 4/2/2025|||

why randomize a mac address?

If everything you print has the same fictitious serial number, it's still a stable identifier that can be triangulated.

banku_brougham 4/2/2025||

Got it. Then why the first step of go to the effort of getting real serial numbers from the big box store. If the dots signature going to be randomized?

Brian_K_White 4/3/2025||

Maybe just to get the vaild format.

dylan604 4/2/2025|||

just to throw of the scent. why do people bounce around TOR nodes?

timewizard 4/2/2025|||

It depends on how it gets the serial number. If it reads it from internal memory then spoofing your own serial number on each document print is the obvious workaround.

tgsovlerkhgsel 4/2/2025||

Once you are at the level of forensic investigations that go down to the tracking dots, most attempts at spoofing anything will be relatively obvious and provide further evidence that narrows down the list of suspects to those aware of such techniques.

You might fool someone who does such analysis casually but I'd expect an actual experienced investigator to e.g. go "the tracking dots are clearly brand X, but the raster used for greyscale is obviously from Y, soooo"

thinkingemote 4/2/2025||

Have these dots been used as evidence in a court?

UncleEntity 4/2/2025||

They've been used to figure out who leaked government documents in a few cases IIRC.

VladVladikoff 4/1/2025||

For those who missed it, this is an interesting and related topic: https://news.ycombinator.com/item?id=42880704

ruytlm 4/2/2025|

Adding some context to this, because it's a really interesting read that's worth the time if you ask me: it's about how some recently 'discovered' early playtest versions of Pokemon cards were found to be fake, or at least very suspicious, based on the presence (and decoding) of these dots.

I also find it interesting because the person who posted the discovery and breakdown of the dots stood to personally lose thousands of dollars they'd spent on the fakes, but posted their findings anyway.

UncleEntity 4/2/2025||

Or, alternatively, to prove thousands of dollars in damages.

dyingkneepad 4/2/2025||

What happens if I print the same page in multiple printers? Like, have the first printer print the actual contents, and then have the other printers add just a little bit of stuff in still-white areas. Does one printer mess the dots of the others?

kadoban 4/2/2025|

Yes. How would it know not to?

To be clear, it's possible/probable that some or all of it could still be read depending on details I don't know.

rustcleaner 4/1/2025||

I'm beginning to think the MIB show up to any nerd's house who starts an equivalent of OpenWRT project, for printers. Can't have untracked speech, need to be able to surgically strike certain founts of inconvenient memes. This sort of thing is why my craigslist sourced b&w laser printer is on its own VLAN with a CUPS server playing go-between. Nobody consented in an informed manner to Niantic's operation for the last decade+. Nobody consents to their every print being traceable. There is nothing, nothing about the product or process which warns the device owner or user that "Lack of obvious visible identifiers in the output does not mean it is identifier-free (steganographic identifier)." Just like nobody consents to the Universal Machines in our products being locked down to the point that even we the owners can't repurpose them as we see fit. We as peoples have come to accept the barrage of insults from commercial and state entities, that it's either a shit-sandwich or no-sandwich at all (plus a beating). Louis Rossmann's Consumer Action Taskforce (CAT) is becoming a great anthology of what I am talking about in this regard.

It's time to fight back! Let's start hacking the good printers out there, get their firmwares replaced with something viable, and start divorcing this nonsense. These tracking dots and other steganographic tracking methods exist precisely to track people like me and silence me, people who point out the occulted control methods, people who spread memes deemed information hazards and malinformation by the giant onyx squid.

[/rant]

rustcleaner 4/1/2025|

Besides, if I wanted to counterfeit I would [naïvely] get one of those tight tolerance watchmaker CNCs and have printing stamps made out of aluminum or something. Printing to paper in the usual home-office way seems to me an asinine method which is easily detected by most people who handle bills regularly.

15155 4/1/2025|||

The point of these technologies is to stop the low hanging fruit and trace the source of ransom notes, leaked documents, and the like.

For counterfeiting, a technical person's first thought is: "how does the Bureau of Engraving and Printing actually do it?" and then they do that - and you nailed it: offset printing.

Laser printers and inkjets can't even remotely compare.

tgsovlerkhgsel 4/2/2025||||

That's a lot more work, skill and initial investment required than just trying to slap a dollar bill on a copier. Which means a lot fewer people will try, especially since the people with these skills can usually easily make enough, and possibly more, money through legitimate means.

There were people who did counterfeiting "right", down to getting real printing presses, suitable paper etc. https://www.businessinsider.com/frank-bourassa-on-how-he-cou... (it's strongly implied that he got away with 6 weeks in prison and likely got to keep a decent amount of the profit).

Henchman21 4/2/2025|||

Ya gotta do what the cartels do: bleach out singles and print $100 on it so it feels right

rustcleaner 4/2/2025||

Then there's needing to contend with possible serial number scanning occurring at automated stations and at financial institutions, cataloging the movements of specific bills, detecting clones (improbable or impossible physical note appearances), and detecting zombies (decommissioned/known-destroyed numbers, and numbers never emitted). Randomly generating numbers is likely to trip clone and zombie sensors at various surveillance points.

Bill scanning to verify authenticity is already occurring, why not record the fact Bank of xAI ATM #67387 tendered two Franklins with serial numbers $SERIALA and $SERIALB to you (verified by PIN and card, and possibly bolstered by Face ID incognito); maybe older systems only do the verification locally and lack OCR, but I'm positive new systems are plenty powerful enough to run pared down OCR on serial numbers... wait they have been doing it with cheques all these years with handwritten dollar values, so why not OCR serial numbers coming and going? You see? The net deepens. I probably can't suggest methods of washing this data without possibly committing some obscure crime, so I will leave you to your creative imaginations...

15155 4/2/2025||

99.9% of ATMs in the United States do not have bill scanning capability and are purchased for $1000-$2000.

Hyosung isn't putting this capability on these cheap units, neither is NCR on even more expensive units.

mschuster91 4/1/2025||

This gonna be pretty important in the next years... people, if you plan on printing protest flyers and pamphlets, either get them done in a professional print shop (if you know someone you can trust, that is), or at the very least buy the printer in cash, never ever connect it to the Internet, and only connect it via USB to a Linux computer - macOS and Windows both will install printer drivers automatically that might phone back to the mothership and link your printer ID to some sort of identifier.

m4rtink 4/2/2025||

For reference how this was done in the totalitarian countries of the eastern block: https://en.m.wikipedia.org/wiki/Samizdat

6SixTy 4/1/2025|||

Get a silkscreen kit if you really care that much. Also allows you to print T-Shirts.

decimalenough 4/1/2025|||

Wouldn't it be way easier to just track the people handing out the flyers?

Terr_ 4/1/2025|||

That depends on whether:

1. You're looking for a very specific person.

2. You want to unconstitutionally punish somebody for free speech, and you don't care who, you just want to cheaply find a convenient victim.

In that respect, tracking-dots are an invitation to #2, since they don't really need much in the way of human labor-hours or focus.

decimalenough 4/2/2025||

Tracking dots can be used to confirm that a specific printer was used to print a specific page. However, going from only a serial number to finding the name and address of its owner is going to be very difficult to impossible. You might be able to track it down to the retailer, but if you buy your printer in person from a stack at Costco, nobody has any idea which printer has which serial number.

rustcleaner 4/2/2025|||

>However, going from only a serial number to finding the name and address of its owner is going to be very difficult to impossible.

Printers send telemetry to the mothership, including serial number. Anyone under NSL cannot disclose that fact, so it's possible (probable) that if OEMs are pulling serial numbers, computer names, usernames, registered owner names, IP address logs, that they are NSL to retain and/or redirect that data feed.

It explains why everything, everything is so ****ing leaky with your information (beyond just advertising). Where do you think our modern machine learning came from? It was in order to process this stupendously gigantic mountain of data! I'm sure Utah was running some less efficient prototype of the learning we see in the public today back in the time of the GWOT!

So no, it's not just to confirm, as a few privileged individuals [at best] can go to terminals and pull up gobs of information. This is one of the reasons seeing-sphere-company's stock has done so well recently (money money for me)!

Terr_ 4/2/2025||

This also gets into the evil of parallel construction, where unconstitutional or at least beyond-voter-awareness method is used, and they make up a different reason afterwards.

mmh0000 4/2/2025||||

Until you install the windows print driver. Which phones home to the manufacturer with your ip address, other computer details, and the discovered printer’s serial number.

HeatrayEnjoyer 4/2/2025||

Source?

mmh0000 4/2/2025|||

Sure! Here's HP¹. You can look up others on your own:

```

    Product Usage Data – We collect product usage data such as pages printed, print mode, media used, ink or toner brand, file type printed (.pdf, .jpg, etc.), application used for printing (Word, Excel, Adobe Photoshop, etc.), file size, time stamp, and usage and status of other printer supplies. We do not scan or collect the content of any file or information that might be displayed by an application.

    Device Data – We collect information about your computer, printer and/or device such as operating system, firmware, amount of memory, region, language, time zone, model number, first start date, age of device, device manufacture date, browser version, device manufacturer, connection port, warranty status, unique device identifiers, advertising identifiers and additional technical information that varies by product.

```

¹ https://web.archive.org/web/20190828162443/https://www8.hp.c...

fsflover 4/2/2025|||

https://news.ycombinator.com/item?id=43557589

jasonjayr 4/2/2025|||

"Register your printer for 6 free months of ink!"

15155 4/1/2025|||

Or, you know, just print massive quantities of valid but randomized tracking dots all over the document using a printer you bought with cash?

thinkingemote 4/2/2025|||

Remember the Russian civilians arrested for protesting the war by waving yellow pieces of paper?

Qem 4/2/2025|||

Could we just print using yellow paper to make the dots indistinguishable from the background?

silverliver 4/2/2025||

Melted toner pallets are shiny and contrast well against paper. I'd set the document background to be a sold yellow before printing it (assuming the privacy invading dots are guaranteed to be yellow).

adamrezich 4/1/2025||

[flagged]

noodlesUK 4/1/2025||

I'm really curious what proportion of printers can be decoded with public tools. Are there any stats on which manufacturers codes have been cracked?

IvyMike 4/1/2025|

The github references this document: Timo Richter, Stephan Escher, Dagmar Schönfeld, and Thorsten Strufe. 2018. Forensic Analysis and Anonymisation of Printed Documents. In Proceedings of the 6th ACM Workshop on Information Hiding and Multimedia Security (IH&MMSec '18). ACM, New York, NY, USA, 127-138.

There is a copy here: https://ericbalawejder.com/assets/hexview/Forensic-Analysis-...

  Table 1 (manufacturer, #of printers analyzed, dots found): 
  Brother 1 no 
  Canon 10 yes 
  Dell 4 yes
  Epson 8 somemodels 
  Hewlett-Packard 43 somemodels 
  IBM 1 yes
  KonicaMinolta 21 somemodels
  Kyocera 4 yes 
  Lanier 1 yes 
  Lexmark 6 somemodels 
  NRG 1 yes 
  Okidata 9 somemodels 
  Ricoh 6 yes 
  Samsung 5 no 
  Savin 1 yes 
  Tektronix 4 no 
  Unknown 1 yes 
  Xerox 15 somemodels

It sounds like they mostly understand the dot patterns wherever they found them, with some caveats that are explained in the paper.

banku_brougham 4/1/2025||

Do black and white laser printers produce tracking dots?

Also, what is the meaning of this tracking, must every corner of our lives be tracked just on principle?

rustcleaner 4/1/2025||

I can't affirm knowledge of steganographic identifiers in B&W printers. I wanted to state I would be surprised if B&W printers did not embed tracking information. There's too much national security value in spamming origination details on everything. There is always, always a safety or security argument to do so, followed with "but what's the harm, you're not doing anything you shouldn't be doing... are you? "

doctoboggan 4/1/2025|||

It's my understanding that the secret service requested (required?) that the printer manufacturers start adding the dots once the printers got good enough to easily recreate paper bills. Because they are primarily a tool for tracking counterfeiters, they are not needed with black a white printers and thus are not included.

krupan 4/1/2025|||

The tracking dots aren't for anti-counterfeiting. The secret service has a separate chunk of code in every color printer that detects if you are printing money and prints out a page that says essentially, "you can't do that." (at least that was the case 20 years ago when I worked for HP).

The tracking dots are used by the FBI if someone prints out classified information and passes it around, or other copyrighted/illegal documents.

Doxin 4/2/2025||

The EURion constellation[0] is how that detection mostly works as I understand it. Neat bit of tech. It's real obvious on euro bills once you know what to look for. Fun fact: not all printers give a hoot about this pattern, so it's a neat trick to annoy people with if your printer doesn't.

[0] https://en.wikipedia.org/wiki/EURion_constellation

theGeatZhopa 4/2/2025|||

mostly, the software in printers/scanners and Adobe's Photoshop alikes is looking out for the "EURion" pattern.

https://en.wikipedia.org/wiki/EURion_constellation

That is not to be confused with (dynamical) and non-visible tracking info on printed sheets, which in fact can have everything coded in. By that, even 1-bit printouts can be identified up to the source. If the printer model and #salt is printed alongside, the prosecution has evidence for the cases the printer involved.

axus 4/2/2025|||

https://www.eff.org/pages/list-printers-which-do-or-do-not-d...

List hasn't been updated since 2017, was probably one guy making inferences from FOIA requests. We'll have to wait until the next time a Chinese university publishes some US government secrets.

jandrese 4/1/2025|||

I think the idea is that nobody is going to be fooled by a B&W $20 bill, so they don't have to print the dots.

dylan604 4/1/2025|||

"money be green, fool!" --D'Angelo Barksdale, The Wire

the only people to be fooled by B&W money are most likely drug related, at least, the only ones willing to attempt to fool others with it.

crtasm 4/1/2025|||

Until you colour it in with a crayon.

tonyedgecombe 4/2/2025||

No yellow dots on monochrome printers.

Decades ago I worked on some software that would adjust the kerning on characters to hide information. As far as I know the project never went anywhere.

29athrowaway 4/2/2025|

You may also be interested in: https://en.wikipedia.org/wiki/EURion_constellation

tgsovlerkhgsel 4/2/2025|

And the lesser known, newer, invisible, digital watermark based version of it. Unfortunately very little information is available about that one. http://www.cl.cam.ac.uk/users/sjm217/projects/currency/

More comments...