[HN Gopher] Police claims to have fingerprinted computer based o...
___________________________________________________________________
Police claims to have fingerprinted computer based on printed
document
Author : chha
Score : 179 points
Date : 2022-05-13 06:41 UTC (16 hours ago)
(HTM) web link (www.nrk.no)
(TXT) w3m dump (www.nrk.no)
| boomboomsubban wrote:
| I somewhat wonder if this is a non-story and they concluded that
| the note was printed inside the house. Or they have a suspect in
| mind and they want someone close to them to call in that their
| computing is suspicious.
| dmix wrote:
| They might just be trying to convince the public they are
| trying hard or maybe a cop bragged too much to a journo which
| is more likely.
| smilespray wrote:
| Most of these forensic findings use publicly known techniques.
|
| What _does_ intrigue me is how they managed to determine the
| graphics card.
|
| Anyone?
| hoistbypetard wrote:
| > What does intrigue me is how they managed to determine the
| graphics card.
|
| Cheap GDI printers use the PC for rendering. I find it a bit
| surprising that would give enough to identify a specific card
| from a printed sample, but it certainly seems plausible.
| tpmx wrote:
| It's odd. If it was from microdots they should know a lot more
| than about the printer than "most likely an HP inkjet".
| rob74 wrote:
| Or they do know more, but they're not releasing everything?
| The details they have published are not that useful in
| pinpointing a suspect - I mean, there are probably thousands
| of Norwegians who have a PC/laptop with Intel integrated
| graphics, Windows 8/10, an HP printer and who buy paper and
| envelopes from Clas Ohlson (a chain with over 200 stores).
| dontlaugh wrote:
| If they knew both, it would be odd to say an exact GPU
| model but not a printer model.
| vintermann wrote:
| Thousands are not that many. There's going to be a lot of
| people you can exclude from a crypto currency ransom/murder
| case planned at least 6 months in advance.
| sim7c00 wrote:
| there's a lot of techniques used in such research which is
| not 'public knowledge' (even though a lot of techies might
| know them). Hence, information might purposfully be a bit
| vague, to give the idea they did not reach certain
| conclusions.
|
| I'd expect they would, as you, know the exact model and make
| of the printer if it was microdots.
|
| They can also have libraries of things printed with lots of
| printers to analyse the quality of print etc., and then get
| an estimate for example by a neural network examining
| artefacts. in such a case, it would never be 100% certain,
| but maybe 95-99% range somewhere if they do it good.
|
| I can _imagine_ such techniques might even also get to the
| point where they can somewhat certainly identify other
| aspects of the pc like graphics cards, even though they don't
| know exactly how the network will draw these conclusions.
| 1970-01-01 wrote:
| PCL6 and WYSIWYG is my guess.
|
| https://support.hp.com/us-en/document/c00068221#AbT3
| phire wrote:
| It could theoretically effect font rendering, but I really
| doubt it.
|
| It's more likely the printer driver have encoded information
| about the gpu into the yellow microdots [1] that many color
| printers use to trace pages.
|
| But if they have microdots, then they really should have more
| information.
|
| [1] https://en.wikipedia.org/wiki/Machine_Identification_Code
| cm2187 wrote:
| What about B&W laser printers?
| phire wrote:
| They typically don't do watermarking. The whole
| justification was stopping the counterfitting of currency,
| since color printers can produce quite good results for
| near zero effort.
|
| And you can't really use a b&w laser to print convincing
| notes.
| lupire wrote:
| But now the gov wants to spy more, so they should have
| light grey tracking dots.
| [deleted]
| codedokode wrote:
| They can use black microdots, I guess? Or some kind of
| stenography in the printed image.
| kuroguro wrote:
| There's quite a few papers on browser fingerprinting via canvas
| / webgl, I assume it's similar. Here's one talking about (among
| other things) fonts and GPU detection:
|
| https://hovav.net/ucsd/dist/canvas.pdf
| shakna wrote:
| I assume a lot of that information comes from the Machine
| Identification Code [0], the "yellow dots" emitted by almost all
| printers.
|
| There's a number of encoding schemes [1], though most of those
| only identify the printer - they don't go far enough to identify
| the graphics card or OS where it originated. That's a new
| capability - if it's being accurately relayed here.
|
| [0] https://en.m.wikipedia.org/wiki/Machine_Identification_Code
|
| [1] https://dl.acm.org/doi/10.1145/3206004.3206019
| IshKebab wrote:
| Identifying the graphics card/OS doesn't sound impossible.
|
| They figured out it was Wordpad (presumably based on line
| breaking or similar) which narrows it down to Windows, and the
| graphics drivers probably subtly affect the font rendering in
| the same way that can be used for canvas fingerprinting.
|
| That said, Windows 8 or 10 using Wordpad and Intel integrated
| graphics doesn't exactly narrow it down.
| lupire wrote:
| Surely only color printers print yellow dots?
| [deleted]
| Aachen wrote:
| You ever seen a black and white printer printing yellow?
|
| Or do you mean light gray dots or so? Because I haven't heard
| of such a thing but find it hard to prove this negative.
| rospaya wrote:
| > emitted by almost all printers
|
| I believe it's only by some copiers and laser printers, not
| inkjets for example.
| einr wrote:
| Indeed if they had the identification code they would have
| been able to pinpoint the model and serial number of the
| printer, but they haven't released that information -- only
| that it is a HP printer with HP 302 or 304 model ink
| cartridges, which I assume is based on analysis of the
| chemical composition of the ink.
| dhosek wrote:
| They also say, "Ink cartridge type HP 302 or HP 304 _color_
| cartridges are used." [italics mine].
|
| In that case, they may have the yellow watermark and just
| aren't saying so.
| jcrawfordor wrote:
| To my knowledge only laser printers participate in the
| MIC scheme. While the boundaries of the program are
| somewhat unknown, just from a technical perspective
| inkjets generally struggle to produce low enough coverage
| for the marks to not be pretty visible to the eye (bleed
| of inkjet inks prevents high-pitch halftoning performed
| by laser printers to produce very low coverage).
| jklinger410 wrote:
| IIRC the yellow dots just identify the printer, not the
| computer.
| 93po wrote:
| The printer, which was likely bought with a credit card and
| whose serial number was documented when purchased or when
| installing drivers that phone home with IP address, location,
| etc.
| xattt wrote:
| All the other details are fairly straightforward (toner,
| envelope, paper, etc) that can be nailed down with enough
| legwork, but I am wondering how they possibly had figured out the
| GPU of machine.
|
| - Are there certain rendering artifacts that can be seen on
| printed glyphs that give clues to the GPU?
|
| - Or, are they going by heuristics here? (I.e. it was XYZ GPU,
| because it was a common machine that at the time that would be
| running Win 8 or 10)
| shakna wrote:
| > Are there certain rendering artifacts that can be seen on
| printed glyphs that give clues to the GPU?
|
| Most printers will do their own rendering, it's not often that
| a text document gets pre-rendered by the OS.
|
| If it was printed straight from WordPad without being converted
| to an image, there's no artefact from the host OS, there.
| hoistbypetard wrote:
| > Most printers will do their own rendering, it's not often
| that a text document gets pre-rendered by the OS.
|
| Without surveying the industry, I doubt that's accurate. Most
| inexpensive home printers sold to purchasers of Windows PCs
| are GDI printers. Part of the cost savings associated with
| those comes from using the PC to render the document.
| formerly_proven wrote:
| This is an ongoing investigation, the police don't have to be
| truthful in their releases. It might be a guess, it might be
| because they're already fairly sure who did it or is an
| accomplice and want to create pressure. They might know it for
| entirely different reasons than analyzing a piece of paper.
| at_a_remove wrote:
| I was wondering if they weren't working on a parallel
| construction angle.
| einr wrote:
| On the surface it seems like a very strange assertion.
|
| Even if there were subtle GDI rendering differences -- which
| I doubt -- it is hard to believe that a printout would let
| them positively identify _Intel HD Graphics 630_
| specifically, as opposed to say HD Graphics 610 or 615 which
| are slightly slower clocked versions of the same GPU released
| at the same time and which almost definitely use the same
| drivers and GDI rendering system.
|
| But if the information comes from elsewhere, as in already
| having a suspect and knowing what computer they used -- they
| should reasonably have given more information from the same
| source -- CPU model, etc.
|
| I can't imagine a possible way to leak _only_ GPU info --
| unless GDI or the Intel drivers has some secret mechanism for
| intentionally rendering some sort of subtle identification
| code onto printer output.
|
| It's just really hard to understand.
| ComputerGuru wrote:
| You're assuming extreme precision and competence. I'm
| guessing they have an incomplete database of GPU samples
| and a fuzzy result came back like "86% match to Intel 630,"
| and that's what they published.
| pilsetnieks wrote:
| It's Norwegian police, though, so they might be held to
| higher standards of accountability.
| FargaColora wrote:
| Any evidence for this suggestion? Most Americans view of
| Norway is completely wrong, and formed by misleading
| propaganda on social media/Reddit.
| GordonS wrote:
| I'm not Norwegian, but I spent the last 20 years working
| for a Norwegian company, and spent a lot of time in
| Norway as a result.
|
| Norway is a beautiful, modern country, and while the
| older generation is still fairly religious (and racist to
| some degree), overall it's pretty liberal. It's a really
| nice place, and I considered moving there more than once.
|
| The Norwegian police may have some warts, but they are
| held to a _much_ , _much_ higher standard than police in
| the US.
|
| Honestly, there is no comparison between US police and
| those in any part of Europe or Scandinavian - we don't
| have paramilitary-style police busting down doors with
| flashbangs and automatic weapons blazing, police officers
| regularly murdering people, or anything like the overt
| fabrication of "evidence" that some US PDs seem to think
| is a sport to see how much they can get away with.
| vintermann wrote:
| No, that's right. But there's a still a lot of things the
| police get away with, especially with respect to drug
| addicts, "troubled youth" and other people who don't get
| believed/sympathy when they complain. And then there's
| NNPF, a not-so independent NGO consisting of current and
| former narcotics police, which advocates for (and largely
| runs, without political approval) a much more macho
| tough-on-crime narcotics policy with school visits etc,
| interventions which have been rightly rejected by the
| Norwegian social science and political establishments.
|
| It's a constant fight to make sure Norwegian police
| doesn't drift closer to UK/US style police, and in many
| ways we are losing.
| alophawen wrote:
| And then there is the police.
|
| https://www.bbc.com/news/world-europe-41313700
| chillingeffect wrote:
| Taking bribes to let hashish into Norway... not straight
| and narrow... but several furlongs behind Muricops.
| marvin wrote:
| Sibling comment's points about police- and judicial
| excesses in the case of drug-related crime, however, are
| very much relevant. It's hard to consider the darker
| parts of Norwegian culture and mindset from a Western
| perspective, as it takes on shapes that are largely
| unfamiliar in Western culture. Criticism against
| Norwegian society looks more like criticism against
| collectivist societies, where out-of-the-norm non-violent
| behavior is sometimes harshly punished.
|
| I do agree that our police cannot be compared to the US
| "out of control" situation, where both its conduct and
| its excessive use of violence is extreme and avoids
| judicial oversight. But that's not to say it goes clear
| of criticism from a systemic perspective.
|
| There are ongoing debates and investigations concerning
| effectively punitive cavity searches against persons
| suspected of having smoked a joint, using suspected drug
| use as a pretext for invasive home searches, immediate
| confiscation of drivers' licenses after reports of one-
| off marijuana use (no judicial process involved),
| involuntary commitment to somatic hospital followed by
| coerced drug testing in pregnant women after (flimsily)
| suspected drug use, punitive home searches against drug
| reform activists and more.
|
| The most high-profile of the two latter cases were
| conducted against women who visibly participated in
| democratic debate for reforming our drug laws, and
| participation in said debate was documented in writing as
| probable cause for having the woman involuntarily
| committed by the police.
|
| All but the very last example is strongly suspected to be
| systemic; it has happened with regularity. And the
| problems are so obvious that the conduct clearly has a
| high degree of political support, although "should we
| systematically jail marijuana smokers and degrade them by
| probing their vagina or rectum in the police station" has
| never featured in a debate preceding the elections for
| Parliament.
|
| Also plenty of criticism regarding the democratic role of
| a private drug law activist organization (NNPF) that's
| effectively both part of the police force _and_ a central
| partner in the bureaucratic process for determining what
| drug policy should be democratically enacted.
| karencarits wrote:
| > participation in said debate was documented in writing
| as probable cause for having the woman involuntarily
| committed by the police.
|
| No. If this is the case from just before Christmas, the
| media reporting was extremely biased as the health
| services cannot comment due to privacy. However, the
| woman posted her letter on Twitter (now deleted but still
| available at the internet archive) and it was, in my
| opinion, justified. (1) The woman had a history of drug
| use, (2) her mother had reported concerns regarding the
| woman's drug use and asked the health services to
| consider involuntary treatment the same year as the woman
| became pregnant, (3) the woman did not meet her GP after
| becoming pregnant, (4) the woman did not respond when the
| health services approached her to evaluate her drug use
| voluntarily, (5) the woman moved to another municipality
| (which may have been interpreted as an attempt to
| "escape" from them), (6) the woman did not approach the
| health services in her new municipality to follow up her
| pregnancy. In light of the two previous
| reports of concern and the use of drugs, [the woman]'s
| information about pregnancy, [her] lack of contact with
| her GP during pregnancy, [the authorities] found cause
| for concern. [...] The decision was made on the basis
| that she has orally informed [the authorities] and
| confirmed to [the authorities] that she is pregnant and
| the severity of which drugs (including cannabis, MDMA,
| LSD) that she has stated that she uses in the newspaper
| and Social Media. Use of these drugs is not compatible
| with pregnancy. There is no information on how far she
| has come in her pregnancy or that she has followed up
| regular pregnancy controls. [...] The municipality
| considers that it is overwhelmingly probable that the
| mother's drug intake will be harmful to the fetus
|
| The national guidelines highlight that the fetus should
| have priority - "the care of the fetus takes precedence
| over the care of the woman" - and that
| Pregnant women with substance abuse problems are in a
| special position and the consequences for the fetus can
| be serious if the municipality spends too much time
| considering the use of coercion. The municipality must
| therefore not spend unnecessarily long time on assessment
| and testing of voluntary measures. The due diligence
| requirement requires quick clarifications to prevent the
| fetus from being exposed to an unnecessary risk of
| injury.
|
| and that coercision should be considered if "the pregnant
| woman deliveres a positive urine sample, fails to take a
| urine sample or fails to make an appointment"
|
| However, it is mentioned several times in that letter
| that she had been positive to drug use in her public
| writing and admitted to using several illegal drugs in
| social media. That was probably not okay, but the
| decision was not - by far - based on that fact alone.
| marvin wrote:
| What you've posted here is an excellent representative
| example of the form of social control in Norwegian
| society that I'm criticizing. It's a great contribution
| to the discussion.
|
| I sort of doubt we can find agreement, since we appear to
| have quite different views on what basis is required for
| the authorities to perform this kind of incredibly
| invasive use of force against a citizen that isn't even
| suspected of having broken a law. This is not suspicion
| in the legal sense -- it's a _possibility_ or a worry.
|
| I'm not able to draw the conclusions you are from the
| part of the letter you've quoted. None of what is
| mentioned there is evidence -- she has publicly stated
| that she's been using certain illegal drugs on numerous
| occasions, that she's advocated for legal reform
| regarding drug use and that she is pregnant. She has
| declined seeing a publicly-provided doctor wrt. the
| pregnancy.
|
| None of this is an indication of drug use!!
|
| Related side note. If you ask other Europeans, e.g.
| someone from Germany, they might tell you that Norway's
| system of having regular, public-sector scheduled
| pregnancy inspections where declining will make alarms go
| off...is actually pretty creepy from a privacy
| perspective. At least that's what my left-voting German
| friends told me when they had kids a few years ago. Not
| that the service is a bad thing, but that declining or
| arranging your own is considered grounds for suspicion.
|
| There is a difference between the Norwegian
| (Scandinavian?) and Western mindset here that our
| discussion illustrates splendidly. Our society is in some
| ways more collectivist; there are numerous situations
| where the rights of the individual are put last which
| contrast quite markedly to other Western societies. And
| these rules are enforced with strict social penalties.
|
| The same contrast can be seen in the 13 (and counting)
| cases where the Norwegian Child Protective Services,
| supported by the Norwegian Supreme Court (and obviously
| the laws enacted in Parliament), have had rulings against
| them in the Human Rights court in Strasbourg.
| porbelm wrote:
| HAHAHAHAHAHAHAHAHAHAHAHAHA
|
| If you only knew how much the Norwegian police are blasted
| these days for over-stepping boundaries in searches of
| persons, and their interpretation of reasonable cause for
| home searches, and their ties to the private drug cop
| association NNPF (and reluctance to release membership
| details)
|
| Like, the "State Attorney" (Riksadvokatsembetet) had to
| issue a clarification that busting someone with a joint in
| the street is NOT reasonable cause to search their home for
| more, please stop doing that you morons, also don't lift
| people's testicles to see if they have hidden something
| there thank you.
|
| All the while more violent and serious shit is being
| ignored.
|
| ACAB, also here.
| vintermann wrote:
| Don't pretend to laugh when you are angry. Of course
| you're right police are not great here either, just
| recently there was a case with punitive cavity searches
| etc. Police are also complaining about harassment online
| and ostracism offline (gee, I wonder why?)
|
| But the fact that they are complaining about these things
| shows they're not quite as unrestricted as police in
| other parts of the world. Lying is one of the areas there
| is a difference: Norwegian police aren't allowed to e.g.
| lie to a suspect that his friend has already confessed.
| Which isn't to say they won't, but cases can get thrown
| out over it.
|
| So it's a stretch to think that the police are lying to
| the public about the positive evidence they have. Lying
| by omission, maybe, perhaps being wrong, hell yes, but
| making up things out of whole cloth in public in _just to
| gather information_ would be new ground for Norwegian
| police.
| formerly_proven wrote:
| What does this have to do with "accountability"?
| type0 wrote:
| Do Norwegian police work as depicted in the movie "The
| Snowman"?
| karencarits wrote:
| https://youtu.be/vfUmlZCXrAI?t=20
| yobbo wrote:
| This is not quite fingerprinting, since there's nothing unique
| about the alleged setup.
|
| There's quite a lot required for them to credibly show that the
| letter could only have been produced on a pc with "Intel HD
| Graphics 630". I suspect the argument is on the level of "we
| tried to duplicate it with some random PCs and the one with Intel
| HD graphics looked most similar".
|
| But even if it is true, integrated intel GPUs are in (maybe?) a
| third of all windows PCs.
| Someone wrote:
| Most interesting parts (IMO):
|
| _"Program and program settings: When preparing the letter,
| WordPad for Windows is most likely used. Default settings for
| font, line spacing and paragraph are used. The page layout has
| been Letter."_
|
| That, I think, can be inferred with good confidence from
| precisely measuring various font measurements, looking at how
| lines got broken, etc, and comparing that with a database of
| program defaults for a large set of OSes and programs.
|
| _"Device, operating system and video card : When designing the
| threat letter, a Windows PC has been used, with an operating
| system Windows 10 or 8."_
|
| I guess either WordPad or the font got tweaked somewhat in that
| Windows version. Maybe WordPad started using ligatures more
| aggressively, its page width got a tiny bit wider, or, in the
| font, some letter shape or spacing table changed a tiny bit, or a
| character was added.
|
| _"The PC has had an integrated video card, Intel HD Graphics
| 630."_
|
| That, for me, is the most intriguing part. Does Windows use the
| GPU to render fonts even if they get printed, and are there
| subtle differences between GPUs and their software rendering
| that, statistically, can be recovered from the somewhat noisy
| print?
| sokoloff wrote:
| HD630 is the integrated GPU on Intel's Kaby Lake line of
| processors.
|
| That narrows it down to coming from 10s of millions of computer
| perhaps?
| ridgered4 wrote:
| I'm actually surprised they could narrow it down even that
| much. The skylake and coffeelake iGPUs always seemed
| basically identical to the kabylake one.
| chipsa wrote:
| I'd be surprised if there was any noticeable difference
| between the HD630, and any of the other Gen9 architecture
| iGPUs.
| dagw wrote:
| _Does Windows use the GPU to render fonts even if they get
| printed_
|
| Most cheaper printers (esp. on Windows) use the GDI protocol
| for printing. These printers only know how to print rasterised
| images, so the document is rasterised by the OS/Print driver
| and only this final rasterised image is sent to the printer.
| This is different from higher end PCL/PS printers where the
| document is translated into a page description language and the
| printer is (partially) responsible for rasterising the final
| document for print.
|
| Since Windows uses the GPU to render fonts I wouldn't be
| surprised if the same code is used to rasterise the fonts for
| GDI printing.
|
| That being said I'm very surprised they can identify the GPU
| just from that, unless there is some specific bug in the driver
| for the card which produces an obvious font rendering artefact.
| flutas wrote:
| > unless there is some specific bug
|
| Could also be by design, similar to printer identification
| dots. Have the artifacting vary every so slightly from one
| GPU to another. Then again, I feel (emotional statement, not
| of fact) that this would be known by now if it was a thing.
| mike_hock wrote:
| I thought it _was_ known that printers all leave a unique
| fingerprint (device-specific, not just model-specific).
| Ferrotin wrote:
| Color printers are known to.
| hermitdev wrote:
| I was reading these comments while simultaneously trying to
| get some work done. I was taking a screenshot of some
| settings to show to a coworker for verification and
| immediately noticed something was off about the screenshot.
| It looked nothing like the screen! Apparently screenshots on
| Win10 with HDR is kind of funny. It looks like everything is
| neon. Like the standard HN orange banner looks like a yellow
| highlighter. Funny thing is, if I take the screenshot from my
| non-HDR monitor, it looks as expected.
|
| So...evidently from a sample of me, I can tell from which
| monitor a screenshot was taken...
| noduerme wrote:
| Brilliant comment. Coming at this as a typographer/graphic
| artist and erstwhile coder, I'd bet it comes down to reverse
| engineering anti-aliasing algorithms. I'm not sure how it's
| done in Windows, but on Macs there are various levels of
| crispness you can set in default type as it's rasterized and
| if you zoom in a bit they have very clearly recognizable
| differences. Take the four bottom-left pixels of a capital A
| at 300 ppi, and compare their ink value ratios with different
| anti-aliasing techniques, and I bet you could get a signature
| of what card did the rasterization.
|
| Gaussian blur is your friend if you wanna send a death note,
| I guess.
| lupire wrote:
| Gaussian blur is mostly invertible. Need more randomness.
| noduerme wrote:
| Depends on the tolerance of what you're trying to hide.
| If the goal is just to obliterate the way something was
| previously anti-aliased, or make it trigger tons of
| false-positives, then a small blur and not relying on the
| inbuilt rasterization would probably do the trick.
|
| Prior to this it had never occurred to me. But yeah, more
| randomness. Noise filter and blur, then a bit more noise,
| then photograph it, print the photo, scan it on another
| device, put it in the washing machine, leave it on the
| porch for a week and repeat.
| sdenton4 wrote:
| Mostly... It's a low pass filter, so if the information -
| anti aliasing techniques in this case - is concentrated
| in high frequency, it'll be wiped out.
| Someone wrote:
| I don't think printer drivers do anti-aliasing on text. The
| hardware of a printer does anti-aliasing for free.
|
| Also, I doubt you can get conclusive evidence from a single
| letter. Luckily, your average random note has lot of them,
| even duplicated ones. I would carefully align and average
| out as many capital A's as I had, and work with that.
| noduerme wrote:
| IDK. In the olden days, desktop printers sometimes had
| embedded font faces or PS1 fonts would be sent to the
| printer, but any vector file for large/high-res print
| quality had to be "ripped" or rasterized first, usually
| with a dedicated card. These cards definitely had
| signature looks and feels to them, but so did the fonts.
| There were differences between the way an Adobe Times New
| Roman would rip versus the one that came stock on your
| Apple IIsi.
|
| Pinpointing a version of Windows, if it was printed from
| a stock OS font, could be as simple as comparing tiny
| differences in the vector files and knowing if one pixel
| would rasterize at 60% black versus 50%. To the extent
| that the rip goes through a graphics card, it would be
| knowing whether that card rendered the 60% as 58% or 62%.
|
| I'm pretty sure if you scale it down, the printer driver
| will do an extra layer of downsampling and add its own
| anti-aliasing; but the printer hardware doesn't do that,
| it just sprays the dots it's told to spray, and in
| general the drivers replicate the pixels that are sent
| from Photoshop or in this case, MS Word, which uses
| something like QuickDraw used to be on a Mac, an embedded
| system process, to rasterize the fonts.
| zinekeller wrote:
| > I don't think printer drivers do anti-aliasing on text.
| The hardware of a printer does anti-aliasing for free.
|
| You missed the explanation above why you're wrong, at
| least on consumer non-PostScript printers. Most cheap
| printers nowadays passes the buck of rasterisation to
| Windows (and its horrible, security headache spooler).
| You can even check if which is which: in Windows 10, open
| Settings, then Devices, select Printers & scanners,
| select [your name of printer], press Manage, press
| Printer Options (not Print _ing_ options), open the
| Advanced tab and then click on the Print Processor...
| button. If it says "winprint" then Windows handles the
| rasteriser.
| kevin_thibedeau wrote:
| Anti-aliasing text is of limited value at the resolutions
| printers can achieve. 1200+ DPI inkjets and lasers have
| been commonplace for over 20 years. That doesn't mean GDI
| variations won't influence pixels due to small numeric
| differences.
| _Microft wrote:
| > The hardware of a printer does anti-aliasing for free.
|
| I think they meant something like "ink smears".
| zinekeller wrote:
| In that case, then it'll be purely a mechanical thing.
| Another thing that is still handled by the printer
| (unless its drivers are sophisticated, winprint isn't) is
| halftoning, but I'm not sure if that counts as anti-
| aliasing.
| thewebcount wrote:
| > are there subtle differences between GPUs and their software
| rendering that, statistically, can be recovered from the
| somewhat noisy print?
|
| I'm not sure these days when most GPUs are IEEE-754-compliant.
| But back in the mid to late 2000's I worked on a GPU renderer
| for video editing and we had a few filters that gave noticeably
| different results on different GPUs. One filter did a hard
| black and white threshold, then blurred the result, did another
| hard threshold, etc., in a loop. Because of differences in
| precision of the floating point values (24-bit on AMD at the
| time, if I recall correctly), the thresholds could produce
| minor differences that got magnified by the blurring, and then
| created new thresholds with minor differences, etc.
|
| Even if all the GPUs are using IEEE-754 floats, there are
| driver differences that can cause the results to be slightly
| different, too. Like a simple GLSL mix() function could be
| implemented as result = x * a + y * (1 - a) (where x and y are
| 2 input pixels and a is the alpha of x). Or it could be
| implemented more efficiently as result = a * (x - y) + y. Doing
| the same math in a slightly different way can sometimes lead to
| slight differences in intermediate results which compound in
| the final result. So yeah, it may be possible to tease out some
| of these things by examining something like font rendering.
| oneoff786 wrote:
| I had to chuckle at the first part.
|
| Ah yes, I see they're using the default formatting options.
| That narrows down our search to 99.9999% of the population.
| dagw wrote:
| Letter paper size isn't the default paper size for most
| Windows computers in Norway, so that could be something.
| iampivot wrote:
| It's however the default size for most printer drivers, so
| it's often selected as default when trying to print for the
| first time.
| bombcar wrote:
| Huh you'd think Windows EU edition or whatever would be
| smart enough to default to A4.
| moistly wrote:
| Europe doesn't use letter-sized paper, they use A4. I
| rather doubt that printer drivers installed on a
| Norwegian computer default to an unusable paper size.
| cure wrote:
| I have news for you - the "PC LOAD LETTER" meme works all
| around the world. Printers and drivers a generally quite
| dumb about this, and default to Letter format (and this
| does not make _any_ sense, obviously).
| vegardlarsen wrote:
| We use the same printers and printer drivers as everyone
| else in the world. So it does actually default to Letter,
| and you usually have to change it upon first install. I
| guess it all comes down to who wrote the printer driver.
| mmcgaha wrote:
| This is why I always write my threats and ransom requests in
| pure TeX.
|
| Seriously though, I thought printers have been using microdots
| as identifiers for years. Is this just an old wives tale?
| joering2 wrote:
| So it looks like both printer's fingerprinting and windows
| "fingerprinting" can both be fooled by simply making a B/W
| photocopy at local FedEx. Perhaps do copy of a copy of a copy
| 5 times and you should be good to go!
|
| Just make sure you pay with cash.
| phkahler wrote:
| This could all be deflection. All name-brand printers (in the
| US at least and probably everywhere) watermark printed pages
| with yellow dots that identify the printer serial number. If
| the printer is purchased with a credit card and the SN is
| scanned, there is a perfect trail from your printed page to the
| person who bought it. I suspect if that method was used they
| still may want to claim these other fingerprinting methods to
| avoid spreading the word about printers.
| reset-password wrote:
| One other way this trail can be made is simply by installing
| the drivers. For example I noticed that when you complete the
| driver installation for a Brother color laser printer, the
| installer opens the default browser and navigates to
| brother.com/something/SERIAL_NO_OF_PRINTER. I am assuming
| that on the other end they're capturing the IP,
| fingerprinting the browser, and logging it all forever.
| joering2 wrote:
| Brother is same level evil as Canon. I was proud to learn
| even my new Xerox Phaser 8550 is not fingerprinting paper.
|
| https://www.eff.org/pages/list-printers-which-do-or-do-
| not-d...
| abakker wrote:
| Got a source for this claim?
|
| Edit: Specifically, what about printers that only print black
| and white?
| loopback_device wrote:
| It is quite well known these days, check the EFF [1] and
| Wikipedia [2] pages, there's info on the what, how, when
| and why
|
| [1] https://www.eff.org/pages/list-printers-which-do-or-do-
| not-d... [2]
| https://en.m.wikipedia.org/wiki/Machine_Identification_Code
| k1t wrote:
| https://en.m.wikipedia.org/wiki/Machine_Identification_Code
|
| https://www.eff.org/press/archives/2005/10/16
|
| The implication is that only color printers are affected.
|
| _" The U.S. Secret Service admitted that the tracking
| information is part of a deal struck with selected color
| laser printer manufacturers, ostensibly to identify
| counterfeiters."_
| macksd wrote:
| People are really using consumer printers in
| counterfeiting?
| bragr wrote:
| No because most will refuse to print anything with the
| EURion constellation.
|
| https://en.m.wikipedia.org/wiki/EURion_constellation
| badwolf wrote:
| Huh. Fascinating.
| joering2 wrote:
| Same with photoshop. Try to open this in PS:
|
| https://upload.wikimedia.org/wikipedia/commons/7/7b/Obver
| se_...
| bombcar wrote:
| People will try anything, and I suspect more
| "counterfeiting" is prevented by the EURion constellation
| than we'd expect.
|
| Probably just idiots playing around with the copier
| rather than dedicated gangs, but if it worked they might
| be tempted to say "Well ..."
|
| https://old.reddit.com/r/mildlyinteresting/comments/1s8rl
| 9/i...
| Ferrotin wrote:
| This at least massively reduces anti-counterfeiters'
| caseload.
| shirleyquirk wrote:
| https://en.m.wikipedia.org/wiki/Machine_Identification_Code
| but idk about how many printers do this or whether similar
| techniques are used for black+white printers (i.e. gray-
| scale modulation)
| not2b wrote:
| Color printers must do this; black-and-white printers do not
| (and cannot, there's no yellow ink).
| bryanrasmussen wrote:
| I would guess there must be forensic tools to detect this
| stuff, that the Norwegian police don't just have the best
| experts in Windows and printers in the world who then went
| through all the various systems, but that there should be a
| database of these variations somewhere and tools you can use to
| analyze a printed output to figure out where and what it was
| produced by, so what are these tools is my question.
| mjbeswick wrote:
| Maybe most of this profile is pure speculation based statical
| probability?
| Someone wrote:
| In the end, it's statistics, yes. Maybe, a Mac running a
| windows VM could produce similar output, or somebody could
| run Linux, copy over the specific fonts from Windows 8, tweak
| font rendering to match Windows (e.g. in when to use type
| hints), fiddle with line spacing and page width until their
| LibreOffice or abiword produces the same line breaks and
| spacing, etc, but that somebody would try to do that is quite
| unlikely to start with and also may be very hard to
| accomplish (and that's something experts could have tried to
| do. If so, they could testify about the difficulty of pulling
| it off)
|
| = I don't think it's fair to call this speculation, let alone
| pure speculation.
| rmbyrro wrote:
| This is unrealiable and extremely risky to serve as case
| evidence.
|
| Becomes extremely easy for malicious actors (out or inside the
| police) to fake evidence and frame anyone they'd like.
| greggsy wrote:
| If there's only one PC in a sea of Macs then it's a good way
| to narrow it down. Even better if you can use the application
| characteristics to determine that someone was using a
| particular app at a particular time, then initiated a print.
| It's not irrefutable evidence, but it's someone that tells
| police that a specific event occurred, for which the suspect
| would be compelled to provide a reasonable response.
| vintermann wrote:
| It's probably meant as a lead, not as evidence. Given that
| this is a kidnapping, likely murder case, there's probably
| tons of evidence if you're looking at the right guy.
|
| And I'm wondering about that, because we know the criminal
| must have been a pretty hard-core cryptocurrency nut. There
| aren't THAT many of them in Norway (they've already concluded
| they are a fluent Norwegian speaker).
| dagw wrote:
| _they 've already concluded they are a fluent Norwegian
| speaker_
|
| The person who wrote the ransom they believe to be fluent
| in Norwegian, there could easily be other people involved
| who're foreign.
| alophawen wrote:
| > because we know the criminal must have been a pretty
| hard-core cryptocurrency nut
|
| Do we?
|
| I was still under the impression everybody was blaming her
| husband for the disappearance.
| vintermann wrote:
| I'm thinking of the actual kidnapper/killer. The husband
| has an alibi for the time of the disappearance. The
| suspicion against him was that he commissioned the
| disappearance of his wife, not that he did it himself.
| rmbyrro wrote:
| My main concern is that this _seems_ to be a _precise_
| lead. It might be unconsciously considered close to a real
| fingerprint.
|
| Instead of facing it just as a _lead_ , it might influence
| investigators to, consciously or not, build confidence in
| framing a (wrong) person and and end up building a
| compelling case against them.
| II2II wrote:
| Presumably it is to aid in finding the equipment used. Once
| they find the equipment and can positively identify it, they
| can use other evidence to establish to probable user of that
| equipment.
|
| As for malicious actors, wouldn't that be a risk for most
| forms of evidence? Likewise, wouldn't many of the techniques
| used to establish the validity of other forms of physical
| evidence be applicable when these techniques are used?
| rmbyrro wrote:
| Fingerprints and DNA, for instance, are significantly less
| trivial to fake.
| _jal wrote:
| That seems to be the norm with a lot of, um, creative
| criminal forensics.
|
| Bite mark identification was used forever until blown up by
| particularly shameless grifting, and has never been shown to
| work as practiced. [1]
|
| Tennessee still uses dowsing rods. [2]
|
| Fingerprinting as practiced is a bundle of folk practice,
| guesses, and some science. Quality varies wildly. [3]
|
| Fiber analysis, lie detectors, spatter analysis and many more
| techniques are all crap. When one bogus method is finally
| found legally unreliable, cops and prosecutors find a new
| one.
|
| [1] https://innocenceproject.olemiss.edu/radley-balko-
| reports-on...
|
| [2] https://www.themarshallproject.org/2022/03/17/witching-
| dowsi...
|
| [3] https://www.aaas.org/resources/latent-fingerprint-
| examinatio...
| chiefalchemist wrote:
| My assumption - unfounded? paranoid? - is that:
|
| 1) Printers leave a unique "invisible" watermark; similar to the
| way you can hide an image within an image. The naked eye can see
| it, but it's there.
|
| 2) Aside from that the printer itself has a unique fingerprint,
| similar to how keyboards do (i.e., AI can pick the difference in
| the sound of each key and with that audio can translate your
| typing into letters / words).
|
| 3) Networked printers phone home; with snippets. Again, similar
| to the way some smart TVs send screenshots.
|
| Perhaps not every printer does all of the above, and some not at
| all, but enough do or might.
|
| Finally, law enforcement explanations like the article's to me
| are suspect. For example, how often do we hear that a random-y
| car stop led to a sizable drug bust? So of all the thousands of
| car going up Rt 95 the police randomly picked one with loads of
| drugs? What are the odds?
|
| Moral of the story, if (federal) law enforcement has "insider
| information" they're not going to share that with the public.
| InCityDreams wrote:
| >Moral of the story, if (federal) law enforcement has "insider
| information" they're not going to share that with the public.
|
| I agree: all I've learned is to make a doc on my oldest laptop,
| multi-paged and-fonted, have it printed at different public
| (paid or library) sources and then cobble them together and
| post them from a random place (not taking my phone there,
| either).
|
| _From what I 've anec-heard, those 'rando' car stop/ mega
| busts are politely arranged so the cops get their bust, but the
| real mega-shipments sail on by, untouched. Everybody_ gets a
| payday, even the Prison system!
|
| *the captured mules get to live rent free for a whilem so
| there's that, for them.
| ComputerGuru wrote:
| > have it printed at different public (paid or library)
| sources and then cobble them together
|
| That feels like it exposes your attack surface enormously!
| More witnesses, more cameras, more data to cross reference,
| etc.
|
| Buy a cheap laptop and printer at Goodwill or a garage sale,
| print, destroy them, then mail your manifesto or whatever.
| chiefalchemist wrote:
| > mail your manifesto
|
| Just be sure not to get DNA or fingerprints on the stamp :)
| ComputerGuru wrote:
| Yeah, the last part was very much tongue-in-cheek since
| the difficulties of mailing anonymously are definitely
| much more complicated than "just mail it."
| trompetenaccoun wrote:
| >similar to the way some smart TVs send screenshots
|
| Wtf! Just when I thought I'd heard it all.
| DevX101 wrote:
| Police have been doing this since the days of typewriters. If
| you're a whistleblower with sensitive information, assume your
| printing device has a unique identifier. This is how Reality
| Winner was caught, when she leaked info about Russian
| interference in US elections.
|
| If you're in a highly secure environment, it's even possible the
| content itself may be a unique identifier. I could imagine a
| sensitive document having grammatical alterations unique to each
| recipient.
|
| Journalists should consider this before publishing unredacted
| copies of leaked documents.
| treesknees wrote:
| Zoom does something like this. They'll embed unique information
| into the meeting and meeting audio. I've also heard that the
| arrangement of the participants can also be a watermark but I
| don't have a source for that.
|
| https://theintercept.com/2021/01/18/leak-zoom-meeting/
| el-salvador wrote:
| It's a feature found on the zoom admin panel:
|
| https://support.zoom.us/hc/en-
| us/articles/360021839031-Addin...
| treesknees wrote:
| Yep, the article I linked includes screenshots of the Admin
| panel and hyperlinks to a few Zoom support pages.
|
| I wonder how well the audio fingerprint works over
| telephone. On one hand, it certainly won't have the same
| frequency range as a laptop speaker, but on the other hand
| so few people join by dialing in, it may end up obvious who
| the leaker is.
| hutzlibu wrote:
| "Police have been doing this since the days of typewriters."
|
| Well, that the typewriters and today the printers are unique,
| sure.
|
| But here they seem to claim(I do not speak the articles
| language) that they could identify the computer that send the
| document. Which is a very bold and new claim, I think.
| tux1968 wrote:
| It is fascinating to see what information can be deduced from
| such an artifact. Not exactly the same, but it reminded me of a
| story from the early days of the internet, where a serial killer
| was caught because a map he sent police, showing the location of
| a body, was generated online before being printed.
|
| https://murderpedia.org/male.T/t/travis-maury.htm
| type0 wrote:
| How likely could it be a _Gone Girl_ scenario?
| bryanrasmussen wrote:
| Norwegian - google translate to English https://www-nrk-
| no.translate.goog/norge/nye-opplysninger-om-...
| sundvor wrote:
| This reads so much like Lee Child's Without Fail / Jack Reacher
| (2008) - which I'm currently re-reading. Analysing a printed
| threat:
|
| _'It's a Hewlett-Packard laser. They can tell by the toner
| chemistry. Can't tell which model, because all their black-and-
| white lasers use the same basic toner powder. The typeface is
| Times New Roman, from Microsoft Works 4.5 for Windows 95,
| fourteen point, printed bold.'
|
| 'Typefaces tend to change very subtly between different word
| processors. The software writers fiddle with the kerning, which
| is the spacing between individual letters, as opposed to the
| spacing between words. If you look long enough, you can kind of
| sense it. Then you can measure it and identify the program. ...'_
|
| (Edit: Limited the amount of quoted text a bit; I believe a few
| lines is fine/fair use. Loving the series re-read after the TV
| show, and that I bought them on Kindle originally!).
| jimcsharp wrote:
| I wonder how many writers write about word processors when they
| get writer's block. A bit like devs making dev tools.
| quickthrower2 wrote:
| Like the blog post about why I switched from Jekyll to Hugo
| greggsy wrote:
| Or William S. Burrows creating a fantasies around his Clark
| Nova typewriter in Naked Lunch.
| bombcar wrote:
| Reminds me of the Dan Rather memo, though that was a simpler
| "show it couldn't be that old" style investigation.
___________________________________________________________________
(page generated 2022-05-13 23:02 UTC)