Why printers add secret tracking dots (2020) (opens in new tab)

(bbc.com)

306 pointsjsploit4y ago221 comments

221 comments

I noticed all the recent printers from HP required a setup which...

- Required me to install an app

- Required me to enable gps on my device (and allow app to access)

- Printer phoned home after / during setup (as did the app)

They really don’t need the dots any more when they know the gps coordinates and have the ability to send anything they want to and from the device.

I personally spoofed the gps, ran a vpn and blocked the device from phoning home (after setup). Had me saying “what the f**!?” a couple of times.

Renaud4y ago

Any device that requires someone to install and app and register to make it work should have a prominent label on the box.

There should be a labelling standard for this where the manufacturer must disclose if any registration is required to operate the device to its full potential, if any app or special software is needed other than a system driver, if any phone-home data is being sent, and what data is actually sent, when and why.

"Buyer beware" but most of the time you have no idea what the experience will be like. It's usually not disclosed on the box, reviews rarely mention it and I'd like to have a sure way of being informed before I make my purchase.

It's a similar thing with software, software and apps that require registration for no other reason than add you to their marketing list, but it's particularly egregious with physical items.

patentatt4y ago

Then every printer would just have the warning, making it useless like the California Prop 65 warning label. Seems like everything is labeled with a prop 65 warning, and I for one completely ignore it because it doesn’t provide useful information (beyond ‘everything will kill you, good luck’). The printer manufacturers would say that the registration is super important and it’s critical to get their spammy low ink level warnings or something.

3 more replies

ISL4y ago

One can create such a labelling standard by starting or partnering with a standards organization.

"This device certified not to compromise your privacy" could be a good selling point for a printer, especially if half of the printers have it and half don't.

grishka4y ago

iPhone boxes have something like "Apple ID and acceptance of EULA and privacy policy required" printed on them, among other things.

ulimn4y ago

You can always download the instructions from the web. It should contain all the info you need to decide.

Of course it won't help when you are shopping and looking around in a store for some reason.

1 more reply

R0b0t14y ago

If you don't want to install the app or create an account you can return the device at no cost. I don't think most box stores will fight you on this. Online sellers usually will, return shipping can be very expensive.

3 more replies

seszett4y ago

Permission to access location on Android is needed to scan for wireless networks (because such a scan allows to find your location from the networks in range).

It doesn't necessarily mean that the app accessed your GPS location.

Depending on your device, actual access might be shown, I recently installed an Epson printer and while the app needed location permission, it did not access might coordinates, it only scanned for wifi networks.

sneak4y ago

It still means it accessed location though; the scan for a printer to set it up on your wifi also collects the information about other APs visible, and that information is equivalent to location.

This is why a wifi scan requires location permission.

godelski4y ago

Scanning networks in range does actually reveal your location, if you know where those access points are. There's public databases and I wouldn't be surprised if printer companies have a more complete/accurate list. So while you're right that people are confusing the two I'm not sure it is meaningfully different in terms of potential outcome (i.e. can you determine my GPS coordinates).

loufe4y ago

The bluetooth/location permission setup in Android may be changing in the next major Android release if I recall. It's a poor setup IMO.

1 more reply

AshamedCaptain4y ago

people are ridicously paranoid with the "gps permission", when usually just connecting a device to the internet is likely to allow it to obtain its location with more accuracy than gps for over 50% of homes.

3 more replies

Ieghaehia94y ago

That makes me wonder: wouldn't there be a market for a printer that clearly doesn't leak any information? Say one with open firmware that parses PCL5 or Postscript or whatever the modern analog is.

"Keep your secrets safe with Printer X".

Or would the state come down hard on any such manufacturer?

callmeal4y ago

>Or would the state come down hard on any such manufacturer?

Remember what happened to the Quest CEO when he refused to allow his company to spy for NSA?

https://www.washingtonpost.com/news/the-switch/wp/2013/09/30...

  Just one major telecommunications company refused to participate in a legally dubious NSA surveillance program in 2001. A few years later, its CEO was indicted by federal prosecutors. He was convicted, served four and a half years of his sentence and was released this month.

AnIdiotOnTheNet4y ago

The real problem with that is that consumers have communicated, quite clearly, that privacy is not a significant concern for them.

2 more replies

ptero4y ago

While some market is there, making such a printer (hardware and firmware) would be non-trivial. Manufacturers did a lot of research to print well, and making even black and white printer of comparable quality may be very hard.

1 more reply

atian4y ago

https://www.nytimes.com/wirecutter/blog/why-all-printers-suc...

remontoire4y ago

I suspect that the company would get a visit from the secret service

1 more reply

Cullinet4y ago

that's terrible advertising I'd expect the secret service to come just to mock our pretensions

our biggest client just wants a offline ios printer driver for bouncing previews to Acrobat via the share option. ios so far off our path.. this client would talk about any OSS driver deal for commercial rates in fact they definitely don't want any unique driver to profile... we're totally lost to find resources we can understand or resources at all. for a business to thrive with critical necessities hobbled I think there's always a central crime like how drugs and spectacles frames prices shown constant price for 30 plus years.. something artificial is happening with pressure applied.

lsiq4y ago

I stopped buying HP printers a decade ago when I found tons of HP spyware when doing some system cleaning.

mcv4y ago

I have a Samsung printer, but support for that also switched to HP a number of years ago.

I would really like to know if there's a good printer manufacturer that makes simple, high quality printers that just work, don't require all these needless hoops, and respect the customer. Sounds like there should be a market for that, and yet somehow all printer manufacturers seem to suck.

3 more replies

unixhero4y ago

Just use a Unix based OS like OSX and Linux. No spyware / adware drivers needed.

Solved

2 more replies

nwallin4y ago

Why do people buy printers that aren't from Brother?

spiritplumber4y ago

I have a HL-1440 that is old enough to still have a Centronics connector (in addition to USB1) and it's a tank. I had to take it apart once between 2008, when I got it from a university that was throwing it out, and today. It prints all my shipping labels.

Ballas4y ago

Although I agree with the statement for other reasons, do you know that Brother does not do anything similar to what is reported in the article?

1 more reply

R0b0t14y ago

I remember the advice to buy a brother circa 2015-2017. Apparently it has changed? Personally unsure, I just bought one, as I worked backwards from "which printer has the cheapest toner" and it is still brother.

There is no way to force the business models to keep printing on a full cartridge that has met its page limit(per reviews on Amazon), and the salesman at a store told me brothers have replaceable parts in them now besides the toner carts that they force you to replace.

diamondo254y ago

Brother software has always been the worst experience for me. Its like some ancient Windows XP setup that you have to download from a 2003 website that sometimes gives errors and isnt very helpful. Uninstalling feels like Norton, where you probably need extra software to remove the crud it left behind.

3 more replies

nine_k4y ago

Because HP or Lexmark or Epson or Xerox used to be great, I suppose.

They often are not any more, at least on the software side.

Also, of course, if you need to produce really great colors (think 6-color inkjets), or really large printouts (say 3' wide), your choice is narrower.

JoshTriplett4y ago

I just recently set up one of those printers. They have a lot of dark patterns trying to steer you towards the app (and the "instant ink" junk), but it was still possible to skip over that and do all the setup on the printer itself, at which point it became a normal discoverable network printer.

NavinF4y ago

I assume you're talking about WiFi setup? Ethernet to your switch or USB to a RPi should be a lot more reliable and works without an app. Then again, I haven't set up a printer in a decade.

bobmaxup4y ago

Good luck finding a company that does things much differently. There is a printer cartel, and they want every penny they can squeeze out of those things.

grishka4y ago

What exactly is stopping people from designing an open-source printer? Even if it is patents, surely many of them should have expired by now?

1 more reply

ta9884y ago

Never buy HP, sane brands like Brother don't require that.

MaxBarraclough4y ago

Do you have the option of using Free and Open Source drivers?

TroisM4y ago

I recently got a HP LaserJet Pro M15W Printer and I didn't need to install an app... But I don't use it's wifi capabilities and plug it in with a USB cable.

mindcrime4y ago

Some previous HN posts with related discussion on this topic:

https://news.ycombinator.com/item?id=14501894

https://news.ycombinator.com/item?id=21330718

https://news.ycombinator.com/item?id=17392977

https://news.ycombinator.com/item?id=14509249

https://news.ycombinator.com/item?id=14506508

https://news.ycombinator.com/item?id=14505444

dang4y ago

Thanks! Here are the ones I found that have comments, plus a few others:

Why printers add secret tracking dots (2020) - https://news.ycombinator.com/item?id=26526035 - March 2021 (3 comments)

DEDA – Tracking Dots Extraction, Decoding and Anonymisation Toolkit - https://news.ycombinator.com/item?id=17392977 - June 2018 (7 comments)

Why printers add secret tracking dots - https://news.ycombinator.com/item?id=14505444 - June 2017 (100 comments)

Printer Tracking Dots Back in the News - https://news.ycombinator.com/item?id=14504833 - June 2017 (1 comment)

List of Printers Which Do or Do Not Display Tracking Dots - https://news.ycombinator.com/item?id=14501894 - June 2017 (210 comments)

Secret Dots from Printer Outed NSA Leaker - https://news.ycombinator.com/item?id=14494818 - June 2017 (211 comments)

Printer dots raise privacy concerns - https://news.ycombinator.com/item?id=245963 - July 2008 (13 comments)

qwertox4y ago

Thank you for putting the title and date in there.

taylorfinley4y ago

There's a tool to obfuscate your printer's unique code, found here: https://github.com/dfd-tud/deda

hanniabu4y ago

If I'm doing anything that requires this type of tool, I wouldn't want to just obfuscate the code, I'd want it completely removed it altered.

dzhiurgis4y ago

IMO you generally want to send the authorities as much wrong path as possible.

But then once they realise they are being fooled thats a datapoint in itself.

And who knows, maybe tools like that print microcode inside the microcode. If it does I hope it’s not the full text of gpl licence.

rasz4y ago

What you want is a printer bought at goodwill/recycling center with cash or from hamfest free trash pile. Those dots made sense when printers were $500-1000 in ~1995.

egypturnash4y ago

I wonder if changing the background of your printout to 100% yellow would defeat this. The BBC article insinuates there are other schemes that are lesser-known than the dots, though.

1 more reply

ant6n4y ago

I wonder whether it would be possible to just build your own printer. That is, rip out the electronics from some common model and replace with an Arduino that just sends the correct signals to the hardware to print.

m3at4y ago

Non-serious for a topic that very much is, but this "fuck you, low on cyan" meme makes a lot of sense now: https://old.reddit.com/r/funny/comments/d2bwot/printers/

_moof4y ago

CMYK processes can also do “rich” black, which uses some or all of the other inks in addition to black. The result is darker than black ink alone.

gmueckl4y ago

It's just that this stops being funny when the printer firmware is is hell bent on keeping the printer offline until all the cartridges are back over minimum levels. I own an older Lexmark printer that still works like a charm. But it shuts down completely if it runs low on any color. This is especially aggravating if you need to print s single page urgently and you don't have a cartridge in reserve.

arrakeen4y ago

just to keep the non-serious stuff together, this topic always reminds me of this tweet: https://twitter.com/PPathole/status/1116670170980859905

oldgradstudent4y ago

Reminds me of the scene in The Life of Others (2006) where the Stasi has samples from every registered typewriter in East Germany, so they have to smuggle a special typewriter.

tehwebguy4y ago

As if printer companies weren’t already some of the worst offenders of consumer trust

ivolimmen4y ago

When my last printer died I switched to the Ecotank series from Epson. It's a good printer and it has a better business model; you own the printer and you do not have to buy expensive ink from Epson as you already bought the printer (not like all the other printers out there)

hinoki4y ago

I think in this instance the owner of the printer, the NSA, is very happy with this feature.

yosito4y ago

I suspect smartphone cameras may add a similar type of tracking mark to photos taken with the phone. I assume the NSA would be able to determine which phone a photo came from based on something like this. I don't have anything more than rumors, but if anyone has a link about this, it would be interesting!

clusterfish4y ago

Don't even need a special mark, the sensor's physical uniqueness is enough: https://www.theverge.com/2017/12/13/16771854/researchers-stu...

smorgusofborg4y ago

That's interesting but more like having the ballistics than directly getting a serial number to ask the supply chain about.

throwaway815234y ago

I believe these dots are only printed by color printers, ostensibly to help catch currency counterfeiters. So the simplest countermeasure is use monochrome printers for daily stuff and for anything sensitive. I guess sometimes you'll NEED color, but very often you can probably do without it.

daenz4y ago

I've always wondered if jpeg encoders added something like this to screenshots. Should be possible to add a compression-resilient pattern that encodes the screenshotter's host details.

magnat4y ago

Blizzard watermarks screenshots produced by World of Warcraft find and track users of emulated servers by embedding user account info and server IP all across the image.

https://www.ownedcore.com/forums/world-of-warcraft/world-of-...

npteljes4y ago

Fascinating stuff. I didn't think my trust in software could be broken any more, yet here I am.

2 more replies

madsbuch4y ago

It would be interesting to know if there are some GDPR ramifications here. Do Blizzard leak private data if I grab a screenshot and share it publicly?

13of404y ago

I'm not sure about jpeg, but with an algorithm like 'deflate' the encoder is constantly making decisions about whether it's more efficient to represent a series of bytes as a literal or as a reference to a previous series. I think a steganographer could take advantage of that by encoding something like a tracking number in the form of the occasional less efficient decision.

garaetjjte4y ago

But what's the incentive for printer manufacturers to do it at all? It isn't mandated by any law. Some three letter agency comes to them with offer they can't refuse? Or they give them bazillions of dollars in exchange?

amalcon4y ago

The incentive is that they'd rather do it on their own, than be forced into doing it. Adding the fingerprinting dots on their own gives the manufacturers control over how the fingerprinting works, lets them do it in the most inexpensive way, and means they don't need to submit proof of the fingerprinting feature.

shadowgovt4y ago

It also likely involves a behind the scenes tit for tat.

How many government provision contracts has Hewlett-Packard closed?

Forge364y ago

"if we implement this the FBI won't be visiting us to ask for help as often"

That's probably enough incentive for most to do it once known or suggested

magpi34y ago

It would be an unbelievable scandal if it came out that the U.S. government was forcing all U.S. printer companies to do something like this.

1 more reply

sneak4y ago

You don't need a weatherman to know which way the wind blows.

spoonjim4y ago

The NSA did not need these dots to track Reality Winner. Even a ordinarily secured corporate environment will record an audit log of anything written to outputs, on the service side (so the print server will effectively print a second copy to disk with all information about who printed it, mail server will record all outgoing messages even if deleted from user’s Sent folder, etc).

hoppyhoppy24y ago

Yup, the FBI arrest affidavit didn't mention the dots. There could have been some parallel construction to avoid testifying about secret printer dots in court, but on the face of it it appears that the government found out who it was in more conventional ways:

>The U.S. Government Agency conducted an internal audit to determine who accessed the intelligence reporting since its publication. The U.S. Government Agency determined that six individuals printed this reporting. WINNER was one of these six individuals. A further audit of the six individuals' desk computers revealed that WINNER had e-mail contact with the News Outlet. The audit did not reveal that any of the other individuals had e-mail contact with the News Outlet.

>On June 3, 2017, your affiant spoke to WINNER at her home in Augusta, Georgia. During that conversation, WINNER admitted intentionally identifying and printing the classified intelligence reporting at issue [...] WINNER further admitted removing the classified intelligence reporting from her office space, retaining it, and mailing it [...] WINNER further acknowledged that she was aware of the contents of the intelligence reporting and that she knew the contents of the reporting could be used to the injury of the United States and to the advantage of a foreign nation.

https://www.justice.gov/opa/press-release/file/971331/downlo...

vxNsr4y ago

Their way sounds much easier than using dots on a page to try to trace it back to a specific printer... especially because they already knew it came out of the NSA... the question was which person who had access to the doc and a printer in the org did it.

not2b4y ago

Printer dots aren't secret, the EFF has been drawing attention to them for years.

1 more reply

er4hn4y ago

The dots were used afterwards to see what happened to the document. By showing that the document she had printed was given to the press, they are able to take her in. Otherwise if multiple people had printed the same document in the past several weeks, you need to investigate each of them.

djrogers4y ago

There’s no indication that happened either. The court docs say an investigator went to her house and questioned her, and she admitted to printing the doc and sending it to the press. That’s how 99% of police work is done in the real world.

1 more reply

spoonjim4y ago

At somewhere like NSA the print server can introduce small variations into the printing like margins and whitespace that can be used to make each print unique.

The Intercept knows all of this, which is why I suspect that for whatever reasons they had, they intentionally threw her to the wolves. The Intercept is not run by dummies.

tgvaughan4y ago

First skimmed, then read through the article carefully, but it seems the text doesn't actually explain "why" printers do this. What am I missing?

Aachen4y ago

Same here. Who convicted them to all start doing it? Why do they put up with this and screw with their customers?

0des4y ago

It is to track people printing fake currency.

1 more reply

downandout4y ago

A more foolproof way to track this would be to slightly change the wording of important sections in each copy handed out. This would allow them to track down even copies of confidential documents that were simply transcribed or where the press used excerpts.

pjerem4y ago

Those documents may probably have legal value, and could be legitimately handled by dozens or hundreds of people. And we are talking about millions of pages. That could only work with an intentional trap when you know someone leaks but not who.

Aachen4y ago

With five variations of ten sentences ("We now have", "Now we have", "Right now we have", etc., you can probably come up with this many in under five minutes), one combination randomly assigned to a user accessing the document, you get 5^10=9.8M variations. That should narrow it down.

Not that I necessarily think doing this is a good thing, for the record.

bullen4y ago

Tip: Buy an AxiDraw instead, their boards and drivers are open-source and you pick the pen! :D

teddyh4y ago

That’s a plotter, not a printer.

bullen4y ago

Exactly so you have to move to SVG, better for everyone! ;)

cable26004y ago

When did this start? Maybe you can buy an old printer that does not do it and get a USB adapter for it? The early HP Laserjets were fine.

nwallin4y ago

You can go to anywhere right now and buy a b&w only laser printer and it won't have the dots. The secret tracking dots thing only works if you have yellow ink on white paper- it's hard to see. If your printer attempts to "secretly" add black dots to white paper everyone will notice.

RuggedPineapple4y ago

Im not sure when it started, but I do know back in the early 90's copiers and printers were already currency aware. The copier in my elementary school wouldn't copy a dollar bill at anything close to full size, had to be at least either 75%/125%

londons_explore4y ago

Which raises the question... Could you copy it at 125% and then copy that copy at ~75% to end up back at the scale you started...?

3 more replies

sumedh4y ago

Canon copiers and printers in early 2000 could scan and print Indian Rupees, dont ask me how I know that.

I assume the note needs to have the euro constellation, if its not there the copier/printer would work normally.

qvobilqwnimshme4y ago

If you don't know by now, printing has changed. It's no longer just about what happens in the office. Now, people want to print from where they want, when they want. And that means a lot more printing is happening on devices not managed by IT departments. This means printers are more susceptible to malware since their regular security updates aren't coming from IT — they're coming from manufacturers of the printer or operating systems or third party apps used on them. https://www.braindumps4it.com/braindumps-HP2-I06.html

turingcomplet4y ago

I learned about this from watching the documentary [1971](https://en.wikipedia.org/wiki/1971_(2014_film)).

egberts4y ago

That’s why the end-user should maintain separate firewalled subnet (DMZ) networks for their unique grouping of IoT, cable settops, PC/Mac, mobile devices and in-house servers.

Only problem i’ve had with this setup is during the configuration of IoT where mobile device must be on same subnet as IoT devices, that is all.

macpete424y ago

Would it be possible to print out on a piece of yellow paper to make the yellow dots undetectable?

macpete424y ago

How about adding custom additional yellow dots to render the hidden information useless?

chupachup4y ago

I remember finding out about printer tracking dots while checking if there is any way police could find me for mildly vandalising a neighbor's business sign.

dukeofdoom4y ago

If printers can do this, then why wasn't it done with ballots? It would make auditing possible to have each paper ballot a unique id.

sircastor4y ago

Ballots are tricky. In the US, You want to ensure anonymity while also ensuring the voters franchise is not threatened.

If we want them to be uniquely identifiable, then we don’t need to hide the identifier. If we don’t want them to be uniquely identifiable, then hiding the identifiable ID becomes a violation of the voters privacy.

willis9364y ago

This begs the question of how the secret dots aren't a blanket violation of the 4th amendment.

Also IANAL but I feel like there must be some law about deception of this kind. Selling a product that does something you don't expect it to, were never told about, and would not reasonably even observe feels somehow like fraud.

beebeepka4y ago

I thought the US has something called voting registration and it's public. How does that ensure anonymity?

4 more replies

jahmed4y ago

What exactly does "audit" mean to you?

Ballots typically do have unique IDs usually on some part that is removed by the voter. The problem is that isn't linked to anything because we don't want it linked to anything. This form of auditing isn't compatible with ballot secrecy. US elections do undergo rigorous process audits but the electorial process presents challenges to results audits.

dukeofdoom4y ago

With mailed out ballots, if each paper ballot had a unique id. You could audit:

1. That each paper ballot was only counted once by the tabulating machine.

2. No extra ballots were returned with an id that was not generated.

3. Easily spot copied ballots.

You could probably audit more things. If for example the id corresponded to a county, and so on.

2 more replies

sethammons4y ago

Couldn't you give a unique prime number to each person each election (untracked) and use that to calculate a final product of a particular election, and then people could independently validate their vote went where it should?

2 more replies

IanCal4y ago

Most countries have a secret ballot. In the UK all ballots are linked to the voter with an intermediate table effectively, which is then destroyed after a certain time.

More generally, for ballots you don't need to hide this, you could just have a number on them.

suction4y ago

There are very persistent rumours that exactly this is done in Japan at every election. I can't find a Non-Japanese source right now.

yreg4y ago

How would they do it? Have a unique id for each envelope and enter citizen ID and ballot ID in a database as they hand you the envelope?

The process should be well known since all it takes to find out is go sit in an election committee.

1 more reply

anthony_romeo4y ago

Would that open up conspiracies about the end of the 'secret ballot'?

danghacker4y ago

A third world country whose offshoring programmers are regularly mocked by the ivory tower SV elites can do voter id but not the world's richest country

FridayoLeary4y ago

I've been thinking of a similar idea for the last few weeks. It's interesting that it is apparently already common practice.

anothernewdude4y ago

I've never once been able to detect these dots on any scanned document.

cosmin8004y ago

This is really old news.

bsenftner4y ago

Printers: a completely destroyed product. I gave up on printers over 20 years ago. They are shitty ruined products I do not waste any time on anymore. It's far easier to just have more screens than deal with the shit show called printers attached to computer networks failing to be a useful utility.

mark-r4y ago

I've known about the yellow dot patterns on color printers for a long time. If you've ever wondered why the yellow ink on your printer goes down faster than you think it should, now you know.

But this article seems to imply that the yellow dots also occur on black-and-white printers. How is that possible?

Raineer4y ago

This comment is a ridiculous. Your claim is that a few almost-imperceptible yellow dots are causing your ink cartridges to go down faster?

Your printer uses 10-100x the ink these dots require just by powering it on when it has to do a flush. These make effectively zero impact.

Source: I am an inkjet print engineer, but also just common sense.

imwillofficial4y ago

It’s not really common sense. That’s pretty domain specific knowledge.

I had no idea my printer used any ink at all during startup.

hoppyhoppy24y ago

Sorry, which part of the article seems to imply the yellow dots also occur on b&w printers?

mark-r4y ago

They give an explicit example of a HP Laserjet. The image is B&W under white light and my experience with Laserjets is that they're B&W printers. I know they make color versions, but that's not how it's presented in the article.

2 more replies

programmarchy4y ago

So removing the yellow cartridge thwarts dot tracking?

stephen_g4y ago

A lot of printers will just refuse to work without one of the cartridges fitted... Hell, some refuse to print even if one does still have some have ink in it but the printer thinks it should have run out at the time...

1 more reply

jancsika4y ago

Or just replace it with a black cartridge.

Then the jury must select the "not guilty" verdict since "has_yellow_dots" evaluated to false.

-HN Legal Reasoning

j / k navigate · click thread line to collapse

221 comments

lettergram4y ago

I noticed all the recent printers from HP required a setup which...

- Required me to install an app

- Required me to enable gps on my device (and allow app to access)

- Printer phoned home after / during setup (as did the app)

They really don’t need the dots any more when they know the gps coordinates and have the ability to send anything they want to and from the device.

I personally spoofed the gps, ran a vpn and blocked the device from phoning home (after setup). Had me saying “what the f**!?” a couple of times.

Renaud4y ago

Any device that requires someone to install and app and register to make it work should have a prominent label on the box.

It's a similar thing with software, software and apps that require registration for no other reason than add you to their marketing list, but it's particularly egregious with physical items.

patentatt4y ago

3 more replies

ISL4y ago

One can create such a labelling standard by starting or partnering with a standards organization.

"This device certified not to compromise your privacy" could be a good selling point for a printer, especially if half of the printers have it and half don't.

grishka4y ago

iPhone boxes have something like "Apple ID and acceptance of EULA and privacy policy required" printed on them, among other things.

ulimn4y ago

You can always download the instructions from the web. It should contain all the info you need to decide.

Of course it won't help when you are shopping and looking around in a store for some reason.

1 more reply

R0b0t14y ago

3 more replies

seszett4y ago

Permission to access location on Android is needed to scan for wireless networks (because such a scan allows to find your location from the networks in range).

It doesn't necessarily mean that the app accessed your GPS location.

sneak4y ago

It still means it accessed location though; the scan for a printer to set it up on your wifi also collects the information about other APs visible, and that information is equivalent to location.

This is why a wifi scan requires location permission.

godelski4y ago

loufe4y ago

The bluetooth/location permission setup in Android may be changing in the next major Android release if I recall. It's a poor setup IMO.

1 more reply

AshamedCaptain4y ago

3 more replies

Ieghaehia94y ago

That makes me wonder: wouldn't there be a market for a printer that clearly doesn't leak any information? Say one with open firmware that parses PCL5 or Postscript or whatever the modern analog is.

"Keep your secrets safe with Printer X".

Or would the state come down hard on any such manufacturer?

callmeal4y ago

>Or would the state come down hard on any such manufacturer?

Remember what happened to the Quest CEO when he refused to allow his company to spy for NSA?

https://www.washingtonpost.com/news/the-switch/wp/2013/09/30...

  Just one major telecommunications company refused to participate in a legally dubious NSA surveillance program in 2001. A few years later, its CEO was indicted by federal prosecutors. He was convicted, served four and a half years of his sentence and was released this month.

AnIdiotOnTheNet4y ago

The real problem with that is that consumers have communicated, quite clearly, that privacy is not a significant concern for them.

2 more replies

ptero4y ago

1 more reply

atian4y ago

https://www.nytimes.com/wirecutter/blog/why-all-printers-suc...

remontoire4y ago

I suspect that the company would get a visit from the secret service

1 more reply

Cullinet4y ago

that's terrible advertising I'd expect the secret service to come just to mock our pretensions

lsiq4y ago

I stopped buying HP printers a decade ago when I found tons of HP spyware when doing some system cleaning.

mcv4y ago

I have a Samsung printer, but support for that also switched to HP a number of years ago.

3 more replies

unixhero4y ago

Just use a Unix based OS like OSX and Linux. No spyware / adware drivers needed.

Solved

2 more replies

nwallin4y ago

Why do people buy printers that aren't from Brother?

spiritplumber4y ago

Ballas4y ago

Although I agree with the statement for other reasons, do you know that Brother does not do anything similar to what is reported in the article?

1 more reply

R0b0t14y ago

diamondo254y ago

3 more replies

nine_k4y ago

Because HP or Lexmark or Epson or Xerox used to be great, I suppose.

They often are not any more, at least on the software side.

Also, of course, if you need to produce really great colors (think 6-color inkjets), or really large printouts (say 3' wide), your choice is narrower.

JoshTriplett4y ago

NavinF4y ago

I assume you're talking about WiFi setup? Ethernet to your switch or USB to a RPi should be a lot more reliable and works without an app. Then again, I haven't set up a printer in a decade.

bobmaxup4y ago

Good luck finding a company that does things much differently. There is a printer cartel, and they want every penny they can squeeze out of those things.

grishka4y ago

What exactly is stopping people from designing an open-source printer? Even if it is patents, surely many of them should have expired by now?

1 more reply

ta9884y ago

Never buy HP, sane brands like Brother don't require that.

MaxBarraclough4y ago

Do you have the option of using Free and Open Source drivers?

TroisM4y ago

I recently got a HP LaserJet Pro M15W Printer and I didn't need to install an app... But I don't use it's wifi capabilities and plug it in with a USB cable.

mindcrime4y ago

Some previous HN posts with related discussion on this topic:

https://news.ycombinator.com/item?id=14501894

https://news.ycombinator.com/item?id=21330718

https://news.ycombinator.com/item?id=17392977

https://news.ycombinator.com/item?id=14509249

https://news.ycombinator.com/item?id=14506508

https://news.ycombinator.com/item?id=14505444

dang4y ago

Thanks! Here are the ones I found that have comments, plus a few others:

Why printers add secret tracking dots (2020) - https://news.ycombinator.com/item?id=26526035 - March 2021 (3 comments)

DEDA – Tracking Dots Extraction, Decoding and Anonymisation Toolkit - https://news.ycombinator.com/item?id=17392977 - June 2018 (7 comments)

Why printers add secret tracking dots - https://news.ycombinator.com/item?id=14505444 - June 2017 (100 comments)

Printer Tracking Dots Back in the News - https://news.ycombinator.com/item?id=14504833 - June 2017 (1 comment)

List of Printers Which Do or Do Not Display Tracking Dots - https://news.ycombinator.com/item?id=14501894 - June 2017 (210 comments)

Secret Dots from Printer Outed NSA Leaker - https://news.ycombinator.com/item?id=14494818 - June 2017 (211 comments)

Printer dots raise privacy concerns - https://news.ycombinator.com/item?id=245963 - July 2008 (13 comments)

qwertox4y ago

Thank you for putting the title and date in there.

taylorfinley4y ago

There's a tool to obfuscate your printer's unique code, found here: https://github.com/dfd-tud/deda

hanniabu4y ago

If I'm doing anything that requires this type of tool, I wouldn't want to just obfuscate the code, I'd want it completely removed it altered.

dzhiurgis4y ago

IMO you generally want to send the authorities as much wrong path as possible.

But then once they realise they are being fooled thats a datapoint in itself.

And who knows, maybe tools like that print microcode inside the microcode. If it does I hope it’s not the full text of gpl licence.

rasz4y ago

What you want is a printer bought at goodwill/recycling center with cash or from hamfest free trash pile. Those dots made sense when printers were $500-1000 in ~1995.

egypturnash4y ago

I wonder if changing the background of your printout to 100% yellow would defeat this. The BBC article insinuates there are other schemes that are lesser-known than the dots, though.

1 more reply

ant6n4y ago

m3at4y ago

Non-serious for a topic that very much is, but this "fuck you, low on cyan" meme makes a lot of sense now: https://old.reddit.com/r/funny/comments/d2bwot/printers/

_moof4y ago

CMYK processes can also do “rich” black, which uses some or all of the other inks in addition to black. The result is darker than black ink alone.

gmueckl4y ago

arrakeen4y ago

just to keep the non-serious stuff together, this topic always reminds me of this tweet: https://twitter.com/PPathole/status/1116670170980859905

oldgradstudent4y ago

Reminds me of the scene in The Life of Others (2006) where the Stasi has samples from every registered typewriter in East Germany, so they have to smuggle a special typewriter.

tehwebguy4y ago

As if printer companies weren’t already some of the worst offenders of consumer trust

ivolimmen4y ago

hinoki4y ago

I think in this instance the owner of the printer, the NSA, is very happy with this feature.

yosito4y ago

clusterfish4y ago

Don't even need a special mark, the sensor's physical uniqueness is enough: https://www.theverge.com/2017/12/13/16771854/researchers-stu...

smorgusofborg4y ago

That's interesting but more like having the ballistics than directly getting a serial number to ask the supply chain about.

throwaway815234y ago

daenz4y ago

I've always wondered if jpeg encoders added something like this to screenshots. Should be possible to add a compression-resilient pattern that encodes the screenshotter's host details.

magnat4y ago

Blizzard watermarks screenshots produced by World of Warcraft find and track users of emulated servers by embedding user account info and server IP all across the image.

https://www.ownedcore.com/forums/world-of-warcraft/world-of-...

npteljes4y ago

Fascinating stuff. I didn't think my trust in software could be broken any more, yet here I am.

2 more replies

madsbuch4y ago

It would be interesting to know if there are some GDPR ramifications here. Do Blizzard leak private data if I grab a screenshot and share it publicly?

13of404y ago

garaetjjte4y ago

amalcon4y ago

shadowgovt4y ago

It also likely involves a behind the scenes tit for tat.

How many government provision contracts has Hewlett-Packard closed?

Forge364y ago

"if we implement this the FBI won't be visiting us to ask for help as often"

That's probably enough incentive for most to do it once known or suggested

magpi34y ago

It would be an unbelievable scandal if it came out that the U.S. government was forcing all U.S. printer companies to do something like this.

1 more reply

sneak4y ago

You don't need a weatherman to know which way the wind blows.

spoonjim4y ago

hoppyhoppy24y ago

https://www.justice.gov/opa/press-release/file/971331/downlo...

vxNsr4y ago

not2b4y ago

Printer dots aren't secret, the EFF has been drawing attention to them for years.

1 more reply

er4hn4y ago

djrogers4y ago

1 more reply

spoonjim4y ago

At somewhere like NSA the print server can introduce small variations into the printing like margins and whitespace that can be used to make each print unique.

The Intercept knows all of this, which is why I suspect that for whatever reasons they had, they intentionally threw her to the wolves. The Intercept is not run by dummies.

tgvaughan4y ago

First skimmed, then read through the article carefully, but it seems the text doesn't actually explain "why" printers do this. What am I missing?

Aachen4y ago

Same here. Who convicted them to all start doing it? Why do they put up with this and screw with their customers?

0des4y ago

It is to track people printing fake currency.

1 more reply

downandout4y ago

pjerem4y ago

Aachen4y ago

Not that I necessarily think doing this is a good thing, for the record.

bullen4y ago

Tip: Buy an AxiDraw instead, their boards and drivers are open-source and you pick the pen! :D

teddyh4y ago

That’s a plotter, not a printer.

bullen4y ago

Exactly so you have to move to SVG, better for everyone! ;)

cable26004y ago

When did this start? Maybe you can buy an old printer that does not do it and get a USB adapter for it? The early HP Laserjets were fine.

nwallin4y ago

RuggedPineapple4y ago

londons_explore4y ago

Which raises the question... Could you copy it at 125% and then copy that copy at ~75% to end up back at the scale you started...?

3 more replies

sumedh4y ago

Canon copiers and printers in early 2000 could scan and print Indian Rupees, dont ask me how I know that.

I assume the note needs to have the euro constellation, if its not there the copier/printer would work normally.

qvobilqwnimshme4y ago

turingcomplet4y ago

I learned about this from watching the documentary [1971](https://en.wikipedia.org/wiki/1971_(2014_film)).

egberts4y ago

That’s why the end-user should maintain separate firewalled subnet (DMZ) networks for their unique grouping of IoT, cable settops, PC/Mac, mobile devices and in-house servers.

Only problem i’ve had with this setup is during the configuration of IoT where mobile device must be on same subnet as IoT devices, that is all.

macpete424y ago

Would it be possible to print out on a piece of yellow paper to make the yellow dots undetectable?

macpete424y ago

How about adding custom additional yellow dots to render the hidden information useless?

chupachup4y ago

I remember finding out about printer tracking dots while checking if there is any way police could find me for mildly vandalising a neighbor's business sign.

dukeofdoom4y ago

If printers can do this, then why wasn't it done with ballots? It would make auditing possible to have each paper ballot a unique id.

sircastor4y ago

Ballots are tricky. In the US, You want to ensure anonymity while also ensuring the voters franchise is not threatened.

willis9364y ago

This begs the question of how the secret dots aren't a blanket violation of the 4th amendment.

beebeepka4y ago

I thought the US has something called voting registration and it's public. How does that ensure anonymity?

4 more replies

jahmed4y ago

What exactly does "audit" mean to you?

dukeofdoom4y ago

With mailed out ballots, if each paper ballot had a unique id. You could audit:

1. That each paper ballot was only counted once by the tabulating machine.

2. No extra ballots were returned with an id that was not generated.

3. Easily spot copied ballots.

You could probably audit more things. If for example the id corresponded to a county, and so on.

2 more replies

sethammons4y ago

2 more replies

IanCal4y ago

Most countries have a secret ballot. In the UK all ballots are linked to the voter with an intermediate table effectively, which is then destroyed after a certain time.

More generally, for ballots you don't need to hide this, you could just have a number on them.

suction4y ago

There are very persistent rumours that exactly this is done in Japan at every election. I can't find a Non-Japanese source right now.

yreg4y ago

How would they do it? Have a unique id for each envelope and enter citizen ID and ballot ID in a database as they hand you the envelope?

The process should be well known since all it takes to find out is go sit in an election committee.

1 more reply

anthony_romeo4y ago

Would that open up conspiracies about the end of the 'secret ballot'?

danghacker4y ago

A third world country whose offshoring programmers are regularly mocked by the ivory tower SV elites can do voter id but not the world's richest country

FridayoLeary4y ago

I've been thinking of a similar idea for the last few weeks. It's interesting that it is apparently already common practice.

anothernewdude4y ago

I've never once been able to detect these dots on any scanned document.

cosmin8004y ago

This is really old news.

bsenftner4y ago

mark-r4y ago

I've known about the yellow dot patterns on color printers for a long time. If you've ever wondered why the yellow ink on your printer goes down faster than you think it should, now you know.

But this article seems to imply that the yellow dots also occur on black-and-white printers. How is that possible?

Raineer4y ago

This comment is a ridiculous. Your claim is that a few almost-imperceptible yellow dots are causing your ink cartridges to go down faster?

Your printer uses 10-100x the ink these dots require just by powering it on when it has to do a flush. These make effectively zero impact.

Source: I am an inkjet print engineer, but also just common sense.

imwillofficial4y ago

It’s not really common sense. That’s pretty domain specific knowledge.

I had no idea my printer used any ink at all during startup.

hoppyhoppy24y ago

Sorry, which part of the article seems to imply the yellow dots also occur on b&w printers?

mark-r4y ago

2 more replies

programmarchy4y ago

So removing the yellow cartridge thwarts dot tracking?

stephen_g4y ago

1 more reply

jancsika4y ago

Or just replace it with a black cartridge.

Then the jury must select the "not guilty" verdict since "has_yellow_dots" evaluated to false.

-HN Legal Reasoning

j / k navigate · click thread line to collapse