DEDA – Tracking Dots Extraction, Decoding and Anonymisation Toolkit

Posted by pavel_lishin 1 day ago

DEDA – Tracking Dots Extraction, Decoding and Anonymisation Toolkit(github.com)

283 points | 97 comments

otaviogood 1 day ago|

Me and my team used these yellow tracking dots to reconstruct shredded documents for a DARPA shredder challenge over a decade ago. You can see our program highlight the dots as we reconstruct the shredded docs. https://www.youtube.com/watch?v=uzZDhyrjdVo Thanks to that, we were able to win by a large margin. :)

computerdl 1 day ago||

Oh wow, I remember hearing about this challenge on Daily Planet when I was still in elementary school. It's super cool seeing a follow up, it brought back a hidden memory.

Super cool demo btw

AceJohnny2 1 day ago|||

and here I thought the library shredder/scanner in Vinge's Rainbows End was just sci-fi loosely based on gene sequencing...

(I mean it is, but seeing this almost real-world implementation is fun!)

dylan604 1 day ago||

what was the process of getting each of the shredded pieces scanned for your program to use. I'm guessing that process could have a write up on it just as much as the solver. there's definitely a personality type that can handle that type of mess

otaviogood 1 day ago||

DARPA scanned the shreds. The funny thing is, they didn't want to shred the original paper, so first they photocopied the paper in a high quality color copier, shredded it, and scanned it. And that's where the little yellow dots came from. :D

dylan604 1 day ago|||

interesting. now my brain is churning on why would they not want the originals shredded. what does that say about the value they placed on the originals? why would they open a contest up with documents of such perceived value as the content? being DARPA, i'm sure there's a reason though

otaviogood 1 day ago||

You might be reading into it too much. I think the originals were just random pieces of different kinds of paper. Graph paper, yellow lined, paper, blank white paper... I don't remember exactly, but I think the copies could be special paper with a colored backside so they would know which way was up really easily for the scanning process.

dylan604 1 day ago||

no it was a deliberate what if meant in jest that probably really could have been kept to myself

anitil 1 day ago|||

Did they scan both sides of the shreds?

twalkz 1 day ago||

> My printer does not print tracking dots. Can I hide this fact?

> If there are really no tracking dots, you can either create your own ones (deda_create_dots) or print the calibration page (deda_anonmask_create -w) with another printer and use the mask for your own printer

The thought of being able to “spoof” the tracking dots of another printer has interesting implications for deniability. Though I guess in this case you’d still need access to the original printer to print the anonmask…

decimalenough 1 day ago||

Per Wikipedia, the dots' "arrangement encodes the serial number of the device, date and time of the printing", so all you really need to spoof somebody else's printer is the serial number. Which can likely these days even be accessed remotely through printer settings.

CobrastanJorji 1 day ago|||

No need to examine the printer. Just find a sheet of paper that printer printed, decode the dots, and then print your super illegal whatever with their printer's dots and a timestamp that makes sense for whatever you're framing them for doing. Nobody's ever gonna believe "the dots were a lie." They sound too much like fingerprints.

dylan604 1 day ago||

Or just go to a big box retailer, grab a couple of serial numbers off of the packaging, and then randomize per page.

thfuran 1 day ago|||

Better than nothing, but you probably don't want to produce a document that purports to have been printed by three different printers that were likely only in the same place during a relatively short period surrounding when you went to see them. You'd be better off just making up serial numbers.

CobrastanJorji 1 day ago||

Nah, it's even better. "These messages were printed on a variety of different printers on three separate dates, but all of the printers were in an Office Depot during that time. Now we just need to go through the footage of those days to see who was in that store on all three days." Meanwhile, you're in another state on those days, doing crime.

Terr_ 1 day ago|||

> on all three

Except if you can manipulate the timestamps, then they aren't relevant anymore, so the search space is much bigger than the intersection of each set of days.

It's the intersection of all the people who visited each printer at least once any time.

CobrastanJorji 1 day ago||

Yeah, but the police (and then the prosecutors if they find someone who matches) are operating under the theory that the tracking dots are correct. They really want the dots to be correct. They don't want the dots to be wrong. This is why nonsense like "fiber matching" lasted so long: the people prosecuting the crimes want it to be right so badly that they're practically on your team.

dylan604 1 day ago|||

Or post a thread on r/inkjetssuck or some such, and just have people from all over the world go into the big box stores to get serials to post as a reply

anigbrowl 1 day ago||||

Assumes single page documents

banku_brougham 1 day ago|||

Why is the randomizing step needed?

Brian_K_White 1 day ago|||

why randomize a mac address?

If everything you print has the same fictitious serial number, it's still a stable identifier that can be triangulated.

banku_brougham 17 hours ago||

Got it. Then why the first step of go to the effort of getting real serial numbers from the big box store. If the dots signature going to be randomized?

Brian_K_White 6 hours ago||

Maybe just to get the vaild format.

dylan604 1 day ago|||

just to throw of the scent. why do people bounce around TOR nodes?

timewizard 1 day ago|||

It depends on how it gets the serial number. If it reads it from internal memory then spoofing your own serial number on each document print is the obvious workaround.

tgsovlerkhgsel 1 day ago||

Once you are at the level of forensic investigations that go down to the tracking dots, most attempts at spoofing anything will be relatively obvious and provide further evidence that narrows down the list of suspects to those aware of such techniques.

You might fool someone who does such analysis casually but I'd expect an actual experienced investigator to e.g. go "the tracking dots are clearly brand X, but the raster used for greyscale is obviously from Y, soooo"

thinkingemote 1 day ago||

Have these dots been used as evidence in a court?

UncleEntity 22 hours ago||

They've been used to figure out who leaked government documents in a few cases IIRC.

chaps 1 day ago||

Had the experience of poking at tracking dots recently for circumstances I won't share here.

Do y'allself a favor and get a blue LED flashlight and point it at a color print. It's shocking how many are printed. It looks like a spattering of sand across the entire page!

RachelF 1 day ago||

I'm surprised there's not been a class action against printer manufacturers for all the extra yellow toner that's been used.

kmoser 14 hours ago||

Not to mention failure to accurately print what you sent to the printer. There must be some use case where these "invisible" dots actually undermine the intended output.

atVelocet 1 day ago|||

Are we talking about laser, color laser and/or ink printers?

timewizard 1 day ago||

It's not even just for printers anymore.

https://datadotusa.com/technology.htm

ale42 1 day ago||

Not exactly the same thing. This is more akin explosive tracers, i.e., lots of small particles that contain some identifying information.

VladVladikoff 1 day ago||

For those who missed it, this is an interesting and related topic: https://news.ycombinator.com/item?id=42880704

ruytlm 1 day ago|

Adding some context to this, because it's a really interesting read that's worth the time if you ask me: it's about how some recently 'discovered' early playtest versions of Pokemon cards were found to be fake, or at least very suspicious, based on the presence (and decoding) of these dots.

I also find it interesting because the person who posted the discovery and breakdown of the dots stood to personally lose thousands of dollars they'd spent on the fakes, but posted their findings anyway.

UncleEntity 22 hours ago||

Or, alternatively, to prove thousands of dollars in damages.

dyingkneepad 1 day ago||

What happens if I print the same page in multiple printers? Like, have the first printer print the actual contents, and then have the other printers add just a little bit of stuff in still-white areas. Does one printer mess the dots of the others?

kadoban 1 day ago|

Yes. How would it know not to?

To be clear, it's possible/probable that some or all of it could still be read depending on details I don't know.

rustcleaner 1 day ago||

I'm beginning to think the MIB show up to any nerd's house who starts an equivalent of OpenWRT project, for printers. Can't have untracked speech, need to be able to surgically strike certain founts of inconvenient memes. This sort of thing is why my craigslist sourced b&w laser printer is on its own VLAN with a CUPS server playing go-between. Nobody consented in an informed manner to Niantic's operation for the last decade+. Nobody consents to their every print being traceable. There is nothing, nothing about the product or process which warns the device owner or user that "Lack of obvious visible identifiers in the output does not mean it is identifier-free (steganographic identifier)." Just like nobody consents to the Universal Machines in our products being locked down to the point that even we the owners can't repurpose them as we see fit. We as peoples have come to accept the barrage of insults from commercial and state entities, that it's either a shit-sandwich or no-sandwich at all (plus a beating). Louis Rossmann's Consumer Action Taskforce (CAT) is becoming a great anthology of what I am talking about in this regard.

It's time to fight back! Let's start hacking the good printers out there, get their firmwares replaced with something viable, and start divorcing this nonsense. These tracking dots and other steganographic tracking methods exist precisely to track people like me and silence me, people who point out the occulted control methods, people who spread memes deemed information hazards and malinformation by the giant onyx squid.

[/rant]

rustcleaner 1 day ago|

Besides, if I wanted to counterfeit I would [naïvely] get one of those tight tolerance watchmaker CNCs and have printing stamps made out of aluminum or something. Printing to paper in the usual home-office way seems to me an asinine method which is easily detected by most people who handle bills regularly.

15155 1 day ago|||

The point of these technologies is to stop the low hanging fruit and trace the source of ransom notes, leaked documents, and the like.

For counterfeiting, a technical person's first thought is: "how does the Bureau of Engraving and Printing actually do it?" and then they do that - and you nailed it: offset printing.

Laser printers and inkjets can't even remotely compare.

tgsovlerkhgsel 1 day ago||||

That's a lot more work, skill and initial investment required than just trying to slap a dollar bill on a copier. Which means a lot fewer people will try, especially since the people with these skills can usually easily make enough, and possibly more, money through legitimate means.

There were people who did counterfeiting "right", down to getting real printing presses, suitable paper etc. https://www.businessinsider.com/frank-bourassa-on-how-he-cou... (it's strongly implied that he got away with 6 weeks in prison and likely got to keep a decent amount of the profit).

Henchman21 1 day ago|||

Ya gotta do what the cartels do: bleach out singles and print $100 on it so it feels right

rustcleaner 1 day ago||

Then there's needing to contend with possible serial number scanning occurring at automated stations and at financial institutions, cataloging the movements of specific bills, detecting clones (improbable or impossible physical note appearances), and detecting zombies (decommissioned/known-destroyed numbers, and numbers never emitted). Randomly generating numbers is likely to trip clone and zombie sensors at various surveillance points.

Bill scanning to verify authenticity is already occurring, why not record the fact Bank of xAI ATM #67387 tendered two Franklins with serial numbers $SERIALA and $SERIALB to you (verified by PIN and card, and possibly bolstered by Face ID incognito); maybe older systems only do the verification locally and lack OCR, but I'm positive new systems are plenty powerful enough to run pared down OCR on serial numbers... wait they have been doing it with cheques all these years with handwritten dollar values, so why not OCR serial numbers coming and going? You see? The net deepens. I probably can't suggest methods of washing this data without possibly committing some obscure crime, so I will leave you to your creative imaginations...

15155 19 hours ago||

99.9% of ATMs in the United States do not have bill scanning capability and are purchased for $1000-$2000.

Hyosung isn't putting this capability on these cheap units, neither is NCR on even more expensive units.

noodlesUK 1 day ago||

I'm really curious what proportion of printers can be decoded with public tools. Are there any stats on which manufacturers codes have been cracked?

IvyMike 1 day ago|

The github references this document: Timo Richter, Stephan Escher, Dagmar Schönfeld, and Thorsten Strufe. 2018. Forensic Analysis and Anonymisation of Printed Documents. In Proceedings of the 6th ACM Workshop on Information Hiding and Multimedia Security (IH&MMSec '18). ACM, New York, NY, USA, 127-138.

There is a copy here: https://ericbalawejder.com/assets/hexview/Forensic-Analysis-...

  Table 1 (manufacturer, #of printers analyzed, dots found): 
  Brother 1 no 
  Canon 10 yes 
  Dell 4 yes
  Epson 8 somemodels 
  Hewlett-Packard 43 somemodels 
  IBM 1 yes
  KonicaMinolta 21 somemodels
  Kyocera 4 yes 
  Lanier 1 yes 
  Lexmark 6 somemodels 
  NRG 1 yes 
  Okidata 9 somemodels 
  Ricoh 6 yes 
  Samsung 5 no 
  Savin 1 yes 
  Tektronix 4 no 
  Unknown 1 yes 
  Xerox 15 somemodels

It sounds like they mostly understand the dot patterns wherever they found them, with some caveats that are explained in the paper.

banku_brougham 1 day ago||

Do black and white laser printers produce tracking dots?

Also, what is the meaning of this tracking, must every corner of our lives be tracked just on principle?

rustcleaner 1 day ago||

I can't affirm knowledge of steganographic identifiers in B&W printers. I wanted to state I would be surprised if B&W printers did not embed tracking information. There's too much national security value in spamming origination details on everything. There is always, always a safety or security argument to do so, followed with "but what's the harm, you're not doing anything you shouldn't be doing... are you? "

doctoboggan 1 day ago|||

It's my understanding that the secret service requested (required?) that the printer manufacturers start adding the dots once the printers got good enough to easily recreate paper bills. Because they are primarily a tool for tracking counterfeiters, they are not needed with black a white printers and thus are not included.

krupan 1 day ago|||

The tracking dots aren't for anti-counterfeiting. The secret service has a separate chunk of code in every color printer that detects if you are printing money and prints out a page that says essentially, "you can't do that." (at least that was the case 20 years ago when I worked for HP).

The tracking dots are used by the FBI if someone prints out classified information and passes it around, or other copyrighted/illegal documents.

Doxin 12 hours ago||

The EURion constellation[0] is how that detection mostly works as I understand it. Neat bit of tech. It's real obvious on euro bills once you know what to look for. Fun fact: not all printers give a hoot about this pattern, so it's a neat trick to annoy people with if your printer doesn't.

[0] https://en.wikipedia.org/wiki/EURion_constellation

theGeatZhopa 1 day ago|||

mostly, the software in printers/scanners and Adobe's Photoshop alikes is looking out for the "EURion" pattern.

https://en.wikipedia.org/wiki/EURion_constellation

That is not to be confused with (dynamical) and non-visible tracking info on printed sheets, which in fact can have everything coded in. By that, even 1-bit printouts can be identified up to the source. If the printer model and #salt is printed alongside, the prosecution has evidence for the cases the printer involved.

axus 18 hours ago|||

https://www.eff.org/pages/list-printers-which-do-or-do-not-d...

List hasn't been updated since 2017, was probably one guy making inferences from FOIA requests. We'll have to wait until the next time a Chinese university publishes some US government secrets.

jandrese 1 day ago|||

I think the idea is that nobody is going to be fooled by a B&W $20 bill, so they don't have to print the dots.

dylan604 1 day ago|||

"money be green, fool!" --D'Angelo Barksdale, The Wire

the only people to be fooled by B&W money are most likely drug related, at least, the only ones willing to attempt to fool others with it.

crtasm 1 day ago|||

Until you colour it in with a crayon.

tonyedgecombe 22 hours ago||

No yellow dots on monochrome printers.

Decades ago I worked on some software that would adjust the kerning on characters to hide information. As far as I know the project never went anywhere.

sciencesama 16 hours ago||

Need a web ui as a self hostable docker so we can take total advantage of this !!

29athrowaway 1 day ago|

You may also be interested in: https://en.wikipedia.org/wiki/EURion_constellation

tgsovlerkhgsel 1 day ago|

And the lesser known, newer, invisible, digital watermark based version of it. Unfortunately very little information is available about that one. http://www.cl.cam.ac.uk/users/sjm217/projects/currency/

More comments...