Analysis of Printer Watermarking Techniques

Interesting paper: Maya Embar, Louis M. McHough IV, and William R. Wesselman, "Printer watermark obfuscation," Proceeding
RIIT '14: Proceedings of the 3rd annual conference on Research in information technology:

Abstract: Most color laser printers manufactured and sold today add "invisible" information to make it easier to determine when a particular document was printed and exactly which printer was used. Some manufacturers have acknowledged the existence of the tracking information in their documentation while others have not. None of them have explained exactly how it works or the scope of the information that is conveyed. There are no laws or regulations that require printer companies to track printer users this way, and none that prevent them from ceasing this practice or providing customers a means to opt out of being tracked. The tracking information is coded by patterns of yellow dots that the printers add to every page they print. The details of the patterns vary by manufacturer and printer model.

EDITED TO ADD (11/14): List of printers and whether or not they display tracking dots (may not be up to date).

Tags: , , , ,

Posted on October 24, 2014 at 8:36 AM • 37 Comments

Comments

StigOctober 24, 2014 8:57 AM

I remember reading about Romania under Ceaucescu, that they had severe restrictions on owning a typewriter. One of the requirements was registration of a type sample with the authorities. How deplorable that we now "voluntarily" have something that seems just as invasive.

BoppingAroundOctober 24, 2014 9:38 AM

Stig,

> One of the requirements was registration of a type sample with the authorities.

The same was true for East Germany and the Soviet Union.

paranoia destroys yaOctober 24, 2014 9:44 AM

Several of the bypasses listed involved printing a solid background or dots in yellow to hide the pattern.
The PDF states their dot template is available for download.

Another simple hack would be to tape over the yellow print head.
Granted, color documents would look weird.

vas pupOctober 24, 2014 10:02 AM

@All: As you see, that is only done for color printers to prevent currency reprints(my best guess). Some of those printers (high resolution) even have recognition feature of most popular currencies to prevent making copy(you got blank or illegible copy). Some printers stored images on internal storage device of all copies being made which could be retrieved by manufacturer's technician or anybody else (crooks, your gov or foreign agent, lawyers, etc.). Xerox provides option to override such images by default on client's request.
The point is when you buy any copy machine you must be informed of all features affected security and privacy. If those features are required by Law (compliance by manufacturer), that Law should be cited (not in small print) for buyer. Otherwise, buyer should be provided with option to disable permanently or ad hoc those features. Buyers always right. Right?

MartinOctober 24, 2014 10:03 AM

This is not a new development. The use of yellow indicators to identify a particular printer and time frame has been in place for many years; maybe more than a decade.

Somebody noticed?October 24, 2014 10:06 AM

This has been going on for years. I thought everybody knew about it. No, really, I'm serious! I suppose something like this fades into the background after a while, and then it pops up again.

Personally, I use a B&W laser printer, but mainly because I got fed up with inkjets, and the B&W printers are oh so cheap now.

(And have you noticed how the yellow cartridge ink level keeps going down, even if you're printing B&W documents?)

CallMeLateForSupperOctober 24, 2014 10:15 AM

Their obfuscation modus is elegant. Implementing it sounds futzy though; I'd never feel 100% "covered" and would feel pressure to check output from time to time.

If I had done that work, I would have immediately begun reconsidering the "root" modus... because I prefer firmware solutions. :-)

As the paper says, one option - and the best one, to my mind - is to simply avoid using leaky printers. "Vote with your feet."

Clive RobinsonOctober 24, 2014 10:25 AM

It's also done another way that works on black and white printers as well.

In essence it adds "noise" to the image in blocks of print and on print edges. The noise is very similar to a spread spectrum signal that is repeatedly modulated with a serial number etc. As such it can survive distortion in either direction (LR/UD) --but usually not both at the same time-- so will remain present in photocopies and even some fax machines (obviously it does not survive OCR ;)

This system has been available for getting on for two decades that I know of.

SecondhandprintershopperOctober 24, 2014 10:40 AM

How about going to a store and buying a printer for [your special purpose] with cash?

If you don't use that printer to other purposes it is difficult to track beyond the shop. They may have security cameras in the shop, but after a while old videos are most likely destroyed.

You can also buy a second hand printer from a flea market. Quite difficult to find out the new owner there either.

ATNOctober 24, 2014 11:00 AM

@Secondhandprintershopper:
The printer phone home at driver installation or driver update with your complete identification.
The USB printer may appear as a ethernet USB once and send a frame home with same info.
The cash has banknote numbers which may be read by cash machine / ATM...

BearOctober 24, 2014 11:09 AM

This is why I have a printer which I bought with cash secondhand at a swap meet.

Well, one of the reasons. The other being that it was cheap.

Bryan KerringtonOctober 24, 2014 11:35 AM

Seems like the authors are not just bringing awareness to this but finding a way to obfuscate it. The abstract listed above is not the whole thing; the rest is this:

"In this document, our team will discuss several obfuscation methods and demonstrate a successful one.

Included in this document is an explanation of the firmware generated yellow dots matrix and answers to the following questions:
1. Which printers produce the dots?
2. How are the dots put on?
3. What is needed for testing?
4. What is the dot size and spacing?
5. Where are the dots located on the page?
6. How can the dots be rendered useless?"

There are links in the references that have all of their documentation.

Steganographix, 2013--2014. Steganographix Documentation Retrieved May 20, 2014 from https://drive.google.com/folderview?id=0B9ZrovajUPg2NFEtNXZKUi02Tjg&usp=sharing

Steganographix, 2013--2014. Steganographix Images Retrieved May 20, 2014 from https://drive.google.com/folderview?id=0B9ZrovajUPg2U3Z2Ul9WSXI0b1U&usp=sharing

Maybe this is old hat for a lot of people but kudos to them for putting the research for a "solution" together and winning an ward for this.

albertOctober 24, 2014 11:48 AM

So that's why the yellow cartridge on my hardly-used Brother laser-jet (a fine unit, BTW) has run low! So I'VE been paying for counterfeit detection?
.
OK, I don't have a problem with trying to track currency counterfeiters, but I DO have a problem with potential abuse. History has taught us that if something can be abused, it will be abused, and in the shortest possible time.
.
The USSS, like the FBI, CIA, NSA, etc. are apparently overworked to the point where they can't do their jobs, and so require all sorts of often illegal computer assistance. I'll say it again, those who live by the computer, will also die by the computer.
.
At least they could reduce the price of the yellow refills, subsidized by the gov't, of course. :)
.
I gotta go...

LessThanObviousOctober 24, 2014 12:56 PM

I hadn't seen the technical details of this hidden printing in the past, looks like an interesting read. It's one of many reasons not to register any product you purchase if you don't want your devices to create a linkable trail as you go about your life. I've never taken issue with the water marking itself as at least in the U.S. it is illegal to send a letter without identifying yourself as the sender. As I understand it to do so may be considered harassment. The value the feature offers in prosecuting kidnapping and ransom or counterfeiting "prank bomb threats" from idiot teenagers seems worth the cost to any legitimate privacy concern.

Has anyone ever heard of a case where this data has been abused?

Michael DwyerOctober 24, 2014 2:26 PM

Keep in mind that the EFF information -- the list of which printers print dots and which don't -- is a decade old, and the EFF no longer seems to be chasing this issue.

Still, this list -- plus my poor experiences with HPs printers -- drove me right to the Oki brand... and it turns out they're great machines. You can't find toner for them, since nobody's heard of Oki anymore, but I've been very happy with their printer products. Their multi-function machines are a little lacking, but the core printer engine is great.

JohnOctober 24, 2014 3:06 PM

@LessThanObvious • October 24, 2014 12:56 PM

The identification requirement only applies to the postal service -- not to handbills or leaflets.

And in fact, the Supreme Court has heled that there is a First Amendment right to anonymous speech.

Your implicit argument that watermarking of all documents is logical or reasonable because of the need to track physical mail is therefore laughable and overbroad.

- The government has no inherent right to track papers i store for my own enjoyment, leaflets I hand out to strangers, or printed documents used to engage in First Amendment protected speech.

If there is no law requiring identification of all papers, private companies should not give an inch and implement tracking technology not required by law.

Apple's encryption policy is the best response to government requests -- if you don't like it pass a law and we'll obey it.
Any government request for more is abuse.

mooOctober 24, 2014 3:55 PM

Yeah, I'm also surprised people didn't know about this. I remember reading articles about this more than ten years ago. It was always couched in terms of an anti-counterfeiting measure, but it would obviously be useful for other investigative purposes too (e.g. to track down someone sending printed threats).

G.Scott H.October 24, 2014 7:16 PM

The implementation of the obfuscation image in a MS Word template is very incomplete. A better approach would be loading the obfuscation image as a watermark in the printer. Most color laser printers I have seen have this custom watermark feature. All printed documents would be protected from tracking then. Lacking a custom watermark feature, then a filter driver would be an alternative.

sena kavoteOctober 24, 2014 8:06 PM

After printing, how about using on the same paper, perfectly aligned, a yellow ink tank filled with a chemical that can dissolve and vaporize the yellow ink from previous printing? Dissolving and vaporize may not be correct chemical terms. Then maybe fill the whole paper with by-products of that kind of chemical reaction so the former places of yellow spots are not different.

sena kavoteOctober 25, 2014 8:29 AM


The Association for Computing Machinery seems not to have heard about the wondrous computing machinery called TOR network, because when I visit the link with tor browser, I get this:

"
We are sorry ...

... but we have temporarily restricted your access to the Digital Library. Your activity appears to be coming from some type of automated process. To ensure the availability of the Digital Library we can not allow these types of requests to continue. The restriction will be removed automatically once this activity stops.

We apologize for this inconvenience.
"
Bruce should not give links that won t work with TOR or if those are given, then the whole article should be copypasted here and that is not ok with all sites (I do not know if full copy pasting is ok with ACM).

anonOctober 25, 2014 1:34 PM

@sena kavote: You - Tor - VPN - ACM ... problem solved by adding an extra hop that's outside the Tor network.

sena kavoteOctober 25, 2014 3:43 PM

The argument that this dotting prevents counterfeiting of cash is ok, but it is not ok to put dots on white paper. Printer firmware could know when printer is definitely not used for forgery of cash, and not print the dots.

We can change router firmware and computer bios. Can't we also change printer firmware? Why would it be more difficult?

If printer manufacturers want to be extra responsible, they better publish new firmware that does not print dots unless the print job seems to be cash with at least 10% certainty. I mean look for proportions of colors / histograms or something to get some slight indication before putting the dots. If they don't do this, there will be 3rd party firmware updates that will not check for cash. That kind of forgeries will be low quality anyway. Serious counterfeiters would have to use older mass printing methods anyway.

This whole printer thing is so weird and fishy. Think about who have been in charge in those companies.

Do I remember correctly that Carly Fiorina was HP CEO before being in a political campaign? She probably made a decision about those dots for hewlett packard printers. What could have happened behind the scenes? Other users of this forum are better at that kind of speculation.

Also, if the dots for white paper have some real purpose like extortion letters, then cops in many countries should know about that.

These dots could also reveal something about cops, diplomats, spies and militaries. For example, specific navy ship or tank battalion could use these printers to spread information to civilians and then spies could deduce something about their movements by detecting the same printers in different areas. Also, if someone has something from a police department printer, it could get someone in deep trouble with mafia.

CD, DVD and blu ray burners need to be checked too. They could have extra bits or some bits could be burned with different power to form base 3 digits instead of the normal base 2 digits. Normal disk reader sees all bits 0 or 1 but special reader sees some of those 1 s as 1 or 2...

usCashScanFunOctober 25, 2014 6:40 PM

Go ahead and get yourself some US 20 dollar bills, and try to scan them into your computer. I always get a kick watching reactions to the counterfitting popups. 'You mean the scanner KNOWS what i'm scanning?'
lol

Random832October 25, 2014 7:44 PM

@anon

> @sena kavote: You - Tor - VPN - ACM ... problem solved by adding an extra hop that's outside the Tor network.

A VPN that anyone can use would provoke the same response from the ACM. One that he has to log into would defeat the purpose of using Tor.

SomebodyOctober 26, 2014 1:27 AM

A database of who owns what printer is not needed for the identifying watermark to be useful. The police could always do it the old fashioned way -- They have a document, and a suspect; get a warrant (I said it was old fashioned); seize any printers and compare.

Moreover in this case having a obfuscating pattern loaded in the printer, or even the print driver, would at least be a useful hint to them, unless there were many other printers with the exact same modification. Better to load a pattern purely for the ransom note, or stick with scissors, glue and a newspaper.

R. J. BrownOctober 26, 2014 7:02 AM

Who uses printers anymore anyway? About all I ever use a printer for anymore is to print out a document so I can sign it and then scan it and email it back to close a contract. I haven't printed anything out to give the paper to someone else at least all this year (2014).

anonOctober 26, 2014 10:55 AM

@Random832: "A VPN that anyone can use would provoke the same response from the ACM. One that he has to log into would defeat the purpose of using Tor."

These webservers are looking for automated connections to avoid bots and DDoS attacks ... because the Tor circuit is established through an automated process, Tor users often get blocked by these security measures or more likely - are forced to fill out an extra captcha.

They won't prevent you from accessing the site through an open proxy, unless that same IP has been used for malicious purposes before.

As for logging in to a VPN, that's not a problem unless there's personally identifying information associated with your account on that service. Use a new username and password, pay with bitcoin and don't give the VPN provider your real name or home address.

Anonymous CowardOctober 27, 2014 3:50 AM

In other news, photocopying stamps (which are legal tender) works fine.

AC

Old Hardware OwnerOctober 27, 2014 1:29 PM

@usCashScanFun

My old flatbed scanner that I bought in 1998 never tells me that when I scan US currency. The software is also from 1998, so maybe the anti-counterfeiting awareness wasn't built into them at that time.

Steve FriedlOctober 27, 2014 2:45 PM

I imagine the authors of this paper would have no trouble framing somebody else for (say) USMailing a threat to a government official if they knew what kind of printer their target used.

And if such ability could be weaponized in a tool, where one could input the data to appear in the forgery (date/time, serial#, etc.) it would create plausible deniability for users of genuine printers if such a tool were in wide use.

Sheilagh WongJune 29, 2018 7:53 AM

Most people buy printers at big box stores, like Staples or Costco with a credit card. I suspect most never submit the warranty card back to the vendor. (I know I never do; I'm simply too lazy.) In order for this system to work there has to be databases of printer serial numbers linked to printer purchasers through their credit cards. If these databases exist think about how dangerous it could be if one ever got out, like Equifax's credit data. If anyone can find out the exact time and place of a document's printing the implications are frightening. Domestically violent people could track down the location of their former spouse. Police could inadvertently disclose the location of witnesses in protection.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

← The NSA's Role in Commercial Cybersecurity The Ineffectiveness of Sealing the Border Against Ebola (and Other Viruses) →

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.