Forgot your password?
typodupeerror
Privacy Printer

Hidden Codes in Printers Cracked 562

Posted by CmdrTaco
from the big-brother-pwnz-you dept.
r84x writes "A research team led by the Electronic Frontier Foundation (EFF) recently broke the code behind tiny tracking dots that some color laser printers secretly hide in every document. The U.S. Secret Service admitted that the tracking information is part of a deal struck with selected color laser printer manufacturers, ostensibly to identify counterfeiters. However, the nature of the private information encoded in each document was not previously known. "We've found that the dots from at least one line of printers encode the date and time your document was printed, as well as the serial number of the printer," said EFF Staff Technologist Seth David Schoen."
This discussion has been archived. No new comments can be posted.

Hidden Codes in Printers Cracked

Comments Filter:
  • by suso (153703) * on Tuesday October 18, 2005 @08:51AM (#13816210) Homepage Journal
    Its a good thing that I can't print [suso.org]. [warning: experimental music made from printer noises]
  • by OctoberSky (888619) on Tuesday October 18, 2005 @08:53AM (#13816226)
    Anyone have a printer friendly version? On second thought.... nevermind. //Tin foil hat on
    • by Smidge204 (605297) on Tuesday October 18, 2005 @09:18AM (#13816406) Journal
      Forget the tinfoil hats! Everything I print from now on will be on foil-backed paper!

      =Smidge=
      • Print everything with pretty yellow floral background and all will be fine :D
  • Before... (Score:5, Insightful)

    by trevordactyl (908770) on Tuesday October 18, 2005 @08:53AM (#13816227)
    Before anyone has a conniption, consider this: do you really think that "they" have a database they could reference to find out what printer serial number goes to what citizen? I don't. I know they could, but I choose to believe (most likely for good reason) that they don't.

    Just realize that 99.9% of the world doesn't give a shit about anything you do, and all that paranoia just slips away. That's what I did.
    • Re:Before... (Score:5, Informative)

      by Anonymous Coward on Tuesday October 18, 2005 @08:58AM (#13816251)
      do you really think that "they" have a database they could reference to find out what printer serial number goes to what citizen?

      Most laser printers are rather expensive items. If you paid with a credit card, then yes, they have it in a database. (All stores record the serial number of high-ticket items they sell. I've actually gotten recall notices this way, so I know the store shares it with the manufactorer.) Even if you paid in cash, if you filled in the warranty card, they have it. Got a mail-in rebate? On file. Ever had to have it serviced? You're on file.
      • Re:Before... (Score:4, Insightful)

        by Itchy Rich (818896) on Tuesday October 18, 2005 @09:33AM (#13816512)

        If you paid with a credit card, then yes, they have it in a database.

        The retailer or manufacturer may have it in a database, but whatever shadowy organisations the parent was alluding to probably doesn't. Government agencies have enough trouble keeping track of where people live without having to track their posessions too.

        • Re:Before... (Score:5, Insightful)

          by panthro (552708) <mavrinac@gmaGIRA ... minus herbivore> on Tuesday October 18, 2005 @09:53AM (#13816683) Homepage
          The Shadowy Organization probably doesn't have all that information on file directly, but clearly the idea behind setting up this "deal" with the printer manufacturers is that they can obtain the information from them when they need it (say, when they find a fake twenty with the dot pattern embedded).

          Who's to say what it takes for them to obtain this information and how they use it? I'm personally not satisfied to just think "they'll only obtain it when they need it, and they will only use it for a Good Cause". It's not paranoia, it's like Murphy's law: if it can be abused, it probably will be.
          • Re:Before... (Score:3, Interesting)

            by WaterBreath (812358)
            Any part of security or law enforcement can be abused. IMHO that is not, in itself, enough to justify ruling it out. Among other things, we must weigh the degree of damage that can be done by the abuse, and the ease by which it could be abused.

            It really is a question of where you draw the line. The problem is, no one can ever agree where the line should be drawn. Maybe we crossed it already. If so, how long ago? A year? A decade? Two decades? Half a century? It depends on who you ask.

            Some would sa
        • Re:Before... (Score:5, Insightful)

          by Hans Lehmann (571625) on Tuesday October 18, 2005 @09:58AM (#13816729)
          The CIA/FBI doesn't need to keep the information in a database, they have the manufacturers & retailers to do that for them. If they find a printed paper that's of "interest", they contact the manufacturer of the printer. The manufacturer knows which retailer the printer was sold to. The retailer, not wanting to question on their patriotism, rolls over & hands them your credit card information. Presto, you've vanished to behind barbed wire on some Carribean island.
        • Re:Before... (Score:5, Interesting)

          by xappax (876447) on Tuesday October 18, 2005 @10:08AM (#13816831)
          God bless the PATRIOT Act, which among many other things, grants law enforcement agencies broad privileges to private corporate information in the name of investigating "terrorism". Fact is, neither the FBI nor Xerox would have to (or in Xerox's case, be allowed to) tell you that they had shared their serial number database with the government.

          I hear the argument over and over again that "just because they're allowed to, the government doesn't have time to spy on little old you, so quit being paranoid". This is true, and the government realizes it, which is why they are striving for "Total Information Awareness". The idea is that all the information the feds could ever desire is already collected in outrageous detail by private organizations like the phone company, ISPs, bookstores, etc. - so why not just pass laws granting the Feds unrestricted, secret access to this info? That way, the government doesn't have to have been spying on you your whole life. The moment you get caught up in some "suspicious" incident like looking around too much on the subway or criticizing the American government while in an American airport, your whole history is at the government's fingertips (including, now, what documents you printed!), and believe me, they'll find reasons for suspicion.

          God bless the PATRIOT Act, my friend.
        • Re:Before... (Score:3, Insightful)

          by plj (673710)
          And what if the information used in tracking falls to the hands of a totalitarian government? Let's see what could happen in say, China:

          Used to be like this:

          <print>

          Free Tibet!
          Democracy now!
          Taiwan indepencence!

          </print>

          Official 1: Who printed this?! Track him down now!
          Official 2: Sir, it's just an ordinary printout. There is nothing we can do.
          Official 1: Damn!

          But now, welcome to the brave new world:

          <print GUID="......">

    • Re:Before... (Score:5, Insightful)

      by Alchemar (720449) on Tuesday October 18, 2005 @09:01AM (#13816275)
      What do you think all the registration cards that are "required" for warrenty are about. It is utterly amazing how much junk they store on individuals in the name of marketing. I will agree that no one will care about most people, but not caring and not having the information in a database are two different things. I have a very unique name derived from a misspelling on a birth certificate. The only two people in the world with my name is me and my father, but I still pull up over 500 hits if I enter it in google. Most of them some kind of goverment or school entery. No one cares about me or my father now, but the information is still there if that ever changes.
    • Re:Before... (Score:5, Interesting)

      by Anonymous Coward on Tuesday October 18, 2005 @09:02AM (#13816276)
      do you really think that "they" have a database they could reference to find out what printer serial number goes to what citizen?

      Yes, they must, otherwise this tracking information is useless, right? They can't be that dumb. And most high-end color printers are sold to businesses and often have service contracts. It's not that hard. How many people buy a printer for cash?

      And many networked printers "phone home" to the manufacturer via email or web. My Xerox phaser 7750 (great printer, btw) tries to send an email every month to Xerox. They're blocked now.

      Just realize that 99.9% of the world doesn't give a shit about anything you do, and all that paranoia just slips away.

      I know that. But I prefer that my printer doesn't track what I print.
      • Re:Before... (Score:4, Insightful)

        by WeeLad (588414) on Tuesday October 18, 2005 @09:46AM (#13816629) Journal
        Yes, they must, otherwise this tracking information is useless, right?

        I don't know that the lack of a database would make the information useless. It may work like running ballistics tests on a shell casing found at a crime scene and matching it to a weapon seized from a suspect.

        Even if there ability to find a suspect is limited, they may have the ability to prove, within a court of law, that a document came from the printer in your basement.

    • by sisina (849900) on Tuesday October 18, 2005 @09:03AM (#13816288)
      Holy crap! 600,000 people are watching every move I make? Where's my Xanax??
    • Re:Before... (Score:3, Insightful)

      by Tx (96709)
      Don't swallow too much of that sand while your head's down there. They don't need a centralized database, the same manufacturers that agreed to implement this tracking scheme will happily tell them which vendor received the shipment containing a particular serial number, and the vendor will happily tell them who that individual printer was sold to, it's in their records from when they scanned the barcode prior to selling you the printer.
      • Re:Before... (Score:5, Interesting)

        by Anonymous Coward on Tuesday October 18, 2005 @09:09AM (#13816343)
        I don't know about the USA, but in the UK the only barcode that gets scanned is the 13-digit EAN product code which does not contain any kind of unique serial number.

        Buy a printer and fail to send the warranty card in and there is no entry in any list.

        The reason they have this stuff is so that they can match the printer to the document in the courtroom after they catch you. It's not a tracking system.
    • i would expect that the database is not that extensive. what the hidden serial number lets law enforcement do is to verify that *this* is the printer that printed the bogus dollars. i would expect that the same tools they have had for tracking counterfeiters before still works, this gives them more evidence.

          of course that means that you have to look at security on your color laser printers, since you don't want john q. public posssible printing anything 'bad'...

      eric
    • It's not because they cannot link it directly to you that it doesn't have value (maybe they can, if you registered your printer). They can still determine that two pages are printed by the same printer. They can determine that they were print on the same day, or that one page was printed earlier than the other. If they raid the house and find the printer they have evidence. They can check the clock and tell on what day the pages where printed. All that sort of stuff.
    • Re:Before... (Score:5, Interesting)

      by aug24 (38229) on Tuesday October 18, 2005 @09:14AM (#13816378) Homepage
      Yeah, I reckon they do. I work implementing such systems. Read on...

      Modern asset tracking systems use the serial number of each big-ticket item to track it (if it is serialised - most expensive kit is). The asset, whatever it is, is tracked from entry to the system through to exit - with an EPOS transaction being recorded against it as it leaves if sold.

      It is pretty damn easy for a database coder to write a bit of SQL to say 'give me the credit card number that bought this item'. I could do it in minutes.

      Provided the Feds wanted to track a given machine, and it had been bought with plastic, there's no reason they shouldn't be able to find that info very easily, given the cooperation of the vendors. Your last para relies on you not being someone the Feds are interested in - and that relies on you assuming they won't be interested in people who haven't broken the law. I hope you are right, but recent events suggest otherwise to me...

      Justin.
      • odd (Score:3, Insightful)

        Isn't it considered best practice at this point to obfuscate credit cards in a one-way hash? I know for a fact that a certain vendor (rhymes with Storacle) had serious complaints regarding the storage of credit card numbers unencrypted.

        They have since changed that practice, I believe. (there was an enhancement request logged almost 5 years ago to take care of it)

        The more robust CRM/Order Management systems that have serialization tracking would allow you to associate a customer number (and consequently all

        • Re:odd (Score:3, Insightful)

          by PGillingwater (72739)
          Next to impossible?

          Granted, it's not easy. But it's also not wildly difficult to use the constrained keyspace of a credit card to generate a dictionary of all possible hashes for valid credit cards (remember, the key space is even further constrained by check digits implicit in the numbers), and store that on a simple lookup table on more or more Blu-Ray DVDs.
    • Re:Before... (Score:5, Insightful)

      by rbochan (827946) on Tuesday October 18, 2005 @09:22AM (#13816434) Homepage
      Yep, and Americans in the 1930's and 1940's didn't think the cute guy/girl they dated for a couple of months in college were any big deal. They didn't think writing a book report for a class was any big deal.

      Then along came Senator Joseph McCarthy...

    • Re:Before... (Score:5, Insightful)

      by DjReagan (143826) on Tuesday October 18, 2005 @10:35AM (#13817080)
      "Just realize that 99.9% of the world doesn't give a shit about anything you do, and all that paranoia just slips away"

      Oh, so there's only 0.1% of the world who is interested in what I'm doing?

      I'm glad it works out for you, but 6 million people snooping around in my private life doesn't make my paranoia go away.
  • more links (Score:5, Informative)

    by morcheeba (260908) * on Tuesday October 18, 2005 @08:54AM (#13816233) Journal
    For those interested in a quick summary, the docucolor example [eff.org] is the best place to look. (it has pictures!)

    More information can be found on the EFF's printer-privacy webpage. [eff.org]

    Also interesting is Andrew Bunnie's flat bed page scanner mod [bunniestudios.com] to use blue light instead of white. This made the yellow tracking dots easier to see, and the whole page could be seen at once to determine the pattern they made.
    • by Animaether (411575) on Tuesday October 18, 2005 @09:06AM (#13816313) Journal
      You'd think it would be easier to...

      A1. scan as normal
      A2. separate the channels into CMYK in Photoshop/whathaveyou
      A3. inspect the Yellow channel.

      B1. scan as normal
      B2. separate the channels into RGB in GIMP/whathaveyou
      B3. do a difference matte between the channels
      B4. inspect the result

      C1. replace the yellow toner cartridge with a black one
      C2a. stock the other holders with empty cartridges
      C2b. or if that causes a printer error/warning, block the cartridges' output
      C3. print

      D1. get a sheet of blue filter plastic
      D2. scan through that

      But I guess the array of blue LEDs with soldering involved is a lot more geeky :)
      • all good ideas, but some flaws.

        For A and B, the contrast/resolution may not be enough to detect the smallest droplets of yellow ink.

        I also thought of C, but that's an expensive process - I'm sure that you would get many messed-up pages afterwards while the new toner feeds through. Or, maybe not - depends on how the toner is fed in. This would be hard to do when you're testing Kinko's printer, though.

        D is a good idea, but the idea is to also make it monochromatic light - the blue plastic might let in too man
        • by pla (258480)
          For A and B, the contrast/resolution may not be enough to detect the smallest droplets of yellow ink.

          With a 600DPI scanner, those work just fine.

          Personally, I used the following steps, and ended up with glaringly obvious black dots (~10-30 pixels) on a white background:

          1) Print a supplies status page (or anything with a lot of empty space)
          2) Scan at 1200DPI (but 600 works, just takes more care in doing the next few steps)
          3) Drop the red and green channels to nothing (you can probably stop here, but
    • by meringuoid (568297) on Tuesday October 18, 2005 @09:08AM (#13816327)
      Also interesting is Andrew Bunnie's flat bed page scanner mod to use blue light instead of white. This made the yellow tracking dots easier to see, and the whole page could be seen at once to determine the pattern they made.

      Right. So now, in order to ensure that we remain safe from terrorists, paedophiles, and liberals, we need to compel scanner manufacturers to make sure their products will refuse to show the secret codes we already compelled the printer manufacturers to install.

      Don't worry, citizen. We have it all under control.

  • Ink Jet? (Score:3, Interesting)

    by CaptainTux (658655) <papillion@gmail.com> on Tuesday October 18, 2005 @08:54AM (#13816234) Homepage Journal
    I wonder if ink jet manufacturers are doing this or will do this soon? Anyone in the know?
  • by GroeFaZ (850443) on Tuesday October 18, 2005 @08:58AM (#13816256)
    "If you can read this, you are about to be busted"
  • by Anonymous Coward on Tuesday October 18, 2005 @08:58AM (#13816259)
    I bet most people's printers will print "Jan-01 1980 12:00" in little blinking dots.
  • Conspiracy math (Score:5, Insightful)

    by zappepcs (820751) on Tuesday October 18, 2005 @08:59AM (#13816264) Journal
    I love conspiracy math: Lets see, conservative estimate of 400 million printers in North America alone, and no method of tracking serial number to location or owner past the original purchase, assuming cash was not used. So, hmmmm a data base with 400 million records, tied to dubious information... yeah, that's useful, but on second thought, it would allow police to figure out if the printer that counterfit documents were created with was in North America or Europe... that would be helpful, but not really worth putting on the tin foil hats.

    Anyway, so the government requires each printer manufacturer to maintain a database of all printers sold, so that if needed, they can subpeona the records? No wonder printer ink costs so much :)

    I'm thinking that this would only go so far, and not be much more useful than a database of gun rifling marks?
    • Re:Conspiracy math (Score:2, Insightful)

      by c_g_hills (110430)
      It's doubtful it could be used for tracking a printer's life history. More likely is that it would be used in court to prove the origin of a particular document.
    • Re:Conspiracy math (Score:5, Informative)

      by photon317 (208409) on Tuesday October 18, 2005 @09:18AM (#13816405)

      Even if all the database can tell them reliably is that HP ColorLaserJet Model 55 Serial Number 89928798734 was distributed to a certain Best Buy store, that goes a long way. When the Secret Service finds counterfeit bills, they know from the serial what store it was originally purchased in. Chances are it didn't move far, and chances are that Best Buy's records can lead to a very short list of potential buyers. Even if it was resold by one of them, the investigation becomes fairly trivial at that point.

      But perhaps more importantly, even if you can't use it (embedded serial numbers in documents) as a primary method of tracking down the counterfeiter, you can certainly use it as court evidence once you do catch them by other means. It's pretty damning evidence if they can show that they seized a printer with serial number 89928798734 at your home address, and they can also show conterfiet currency or documents with the same serial number embedded that showed up elsewhere.
    • Quit being clueless. (Score:5, Interesting)

      by cnelzie (451984) on Tuesday October 18, 2005 @09:26AM (#13816463) Homepage
      Let's assume you purchase your color laser printer with cash.

          Let's assume you take that home and hook it up to your Windows XP Home Edition printer.

          Now, that printer is installed and it requests you "Register" the printer. You decline to do so.

          During the normal course of use, a little dialog box pops up stating that there is an update to download from your color laser printer manufacturer's website and the printer application will be more then happy to do so.

          How does your application know that it needs to be updated? Well, it checked with a central server.

          If that application checks with a central server, would it be difficult to imagine that the central server would be able to obtain the following?

          IP Address, Printer Serial number, timestamp of communication.

          With just the timestamp and the IP Address your PC used to communicate with the central server, you can be easily traced. It's easier if you are on broadband, slightly more difficult if you are on a service like AOL or MSN.

          I am not being a tinfoil hat wearer here. I am just pointing out that it is actually easier to track down a user of a particular printer then you believe it to be.

          The only way to be more anonymous with such a cash paid color laser printer purchase would be to never connect it to a PC that has Internet Access.
      • by arkanes (521690)
        With just the timestamp and the IP Address your PC used to communicate with the central server, you can be easily traced. It's easier if you are on broadband, slightly more difficult if you are on a service like AOL or MSN.

        For what it's worth, AOL maintains extensive logs and readily cooperates with law enforcement. I suspect that MSN does as well. I briefly assisted in a fraud investigation (purchasing stuff via our website with stolen credit cards) and the perpetuator was dialing in from an AOL acc

  • by doublem (118724) on Tuesday October 18, 2005 @09:03AM (#13816290) Homepage Journal
    In Soviet Russia, anyone who owned a typewriter was required to send a sample page to the government.

    The theory of course being that they would use it to try and track down any subversive content.

    And now the US government has made it quick, easy and automated to do the same.

    I want to know who the bastards are that are adding this technology to their printers so I can avoid them like the plague.

    Yes, I know I could just not send in the registration card, but what if the government decided to crack down on those who critisize the war? Suddenly when they confiscate my printer, they can find out if any of the documents they've declared subversive came from my printer.

    This is too Big Brother for my tastes.
  • by packman (156280) on Tuesday October 18, 2005 @09:03AM (#13816293) Homepage
    now what? Would there be any way to fake it? Until that's not possible - I have mixed feelings about this - we could be worse off with these findings. As long as this system is out-there we can check who printed smth ourselfs if we really want to... Isn't that a more serious privacy issue? Ok - shouldn't have been there in the first place but as long as there's no way to stop this...
    • This would be fun:

      1. Mail local politician and ask for something, get nice letter in reply.
      2. Decode info hidden in letter.
      3. Create Communist, Satanist and other anti-government propaganda with fake, hidden info.
      4.???
      5. Profit!
  • Who cares... (Score:2, Interesting)

    by Feint (135854)
    Great. Now I know what data is in the dots. It includes as expected serial numbers and dates, but not what I had for breakfast, nor the color of my underwear!

    What would be interesting is info on how to keep the printers from putting the dots in at all. If it's not possible, then don't buy one of those printers if you care about it that much. There is a list of manufacturers that put *some* info in your printed docs, so why not just avoid those? Do you really care if the date/time is on it? Even the serial n
    • Re:Who cares... (Score:4, Insightful)

      by timeOday (582209) on Tuesday October 18, 2005 @10:32AM (#13817056)
      don't buy one of those printers if you care about it that much.
      Duh, that's why this whole printer fingerprinting scheme was impelemented in secrecy. It has been going on for years and only just now do we know about it.

      To me that's perhaps the biggest issue. At one point this was supposed to be a democracy, now it seems we're sliding into acceptance of secret laws and practices, and a general acceptance that "they" are watching (without even knowing who "they" are). We used to deride "conspiracy theorists" for thinking this kind of stuff was happening. Now we know it is happening, so we just deride the conspiracy theorists for caring.

    • Re:Who cares... (Score:3, Interesting)

      by k2r (255754)
      I do.

      Where I come from (Germany) people have been executed because their anonymous printings could be traced back to them.

      Eg: Read http://en.wikipedia.org/wiki/White_rose [wikipedia.org]

      Now imagine how easy this would have been if they used one of these laser-printers for the leaflets and for their homework.

      If you give away your personal freedom to this regime a future fascist regime isn't likely to give it back to you.

      k2r
  • by Junior J. Junior III (192702) on Tuesday October 18, 2005 @09:07AM (#13816319) Homepage
    Just send in the little round yellow guy to eat some of the dots and confuse the feds. No more paranoia!
  • Codes (Score:2, Interesting)

    by Anonymous Coward
    hehe seen the paranoia already. I feel that your looking at this all wrong.
    instead of using a large database to hold every printers details. the authorities will use this information after they have caught a criminal to aid in the conviction. with the evedience of the printer and some sample counterfit examples. it would be very easy to tie that person to the crime.

    the other example I can think is to find out how many counterfitters there could be. if they get 10 examples and the codes all match. then
  • by Albanach (527650) on Tuesday October 18, 2005 @09:07AM (#13816325) Homepage
    How much of this is encoded in the printer driver? In other words, are OSS drivers partially immune?

    I can only imagine the time and date are passed from the host PC - most printers don't know what time/date it is - at least on those I jsut glanced at I can't set it myself. Of course the network attached ones could have an NTP client but that'd be easily blocked at the firewall.

    At least if you can make every printout say it happened three decades ago you don't need to worry about proving you were not in the office at the time the printout was made.

    • by molo (94384) on Tuesday October 18, 2005 @09:24AM (#13816447) Journal
      This is for color lasers. The EFF tests to generate sample pages were done with postscript that gets fed directly to the printers. You might be able to hack the firmware, the encoded data gets added by either the postscript rasterizer or the actual bitmapped layout engine.

      My bet is on the rasterizer.

      -molo
    • by ebuck (585470) on Tuesday October 18, 2005 @09:36AM (#13816544)
      Past disccussions have indicated that this information is programmed into the printer control circuits themselves, no software is required or even aware of the "extra" dots.

      If that is true, then no amount of dirver manipulation will help, with the possible exception of a driver that "adds" extra dots to make the message meaningless. In theory, you could add extra dots, but in practice it would be ineffective unless you could gurantee perfect alignment (or the extra dots would be easy to filter out). Since some dots would come from software, and others come from hardware control programs, it's not a simple task to gurantee alignment.
    • by morcheeba (260908) * on Tuesday October 18, 2005 @09:47AM (#13816635) Journal
      I forgot to link to Bunnie's printer disassembly [bunniestudios.com] [via [hackaday.com]]

      The basic conclusion is that many of the watermarked printers share a Canon print engine -- he suspects it is this engine that is doing the watermarking. The US Government just had to convince the critical-equipment supplier to add the tracking - not all the printer companies. He also notes that the Tek Phaser printers don't have this because they were developed before the Canon engine. (Oh, how I longed for a phaser back in the day!)
  • Disgusting. (Score:3, Insightful)

    by caluml (551744) <slashdot&spamgoeshere,calum,org> on Tuesday October 18, 2005 @09:08AM (#13816330) Homepage
    That's pretty disgustingly low behaviour. Makes you wonder what other identifying information might be written into seemingly random data.
    Improve, or something else [microsoft.com]....? TCP timestamps too. Just use the LSB, and by making it a 1, or a 0, and you can transmit infomation hiddenly..
  • by digitaldc (879047) on Tuesday October 18, 2005 @09:09AM (#13816333)
    Instead of sereptitiously putting in tracking codes in customer's documents, maybe the government should investigate the price gouging practice that ink cartridge manufacturers use to boost their profits?

    I want my money back for the ID dots that were printed without my knowledge or consent. A sum of $3000.00 will be sufficient to cover all past and future ink cartridge costs.

    From http://www.atlascopy.com/newsletters/Printer_Cartr idge_Price_Fixing.htm [atlascopy.com]

    CNET.com analyzed the cost for inkjet printing and reported that the costs ranged from 14 cents to $1.32 per page. If it costs 21 cents per page and you print only an average of two pages per day, the annual cost of ink would be more than the cost of the printer.
    The ink cartridge for a low end HP printer, containing only one tiny ounce of ink, costs a mind boggling $30.00! That's price gouging, and all printer manufacturers are doing it. That's called PRICE FIXING and it's illegal. To add to the rip-off, some of them put all the colors into one cartridge. Then you have to buy a new cartridge when only one color runs out, wasting the remaining ink.
  • by Anonymous Coward
    They say the date and time is encoded besides the printer serial number. What I can't grasp, how should a color laser printer know the exact time? It is simply a peripheral and not necessarily network attached.
    • by RubberDogBone (851604) * on Tuesday October 18, 2005 @10:50AM (#13817207)
      Speaking as a trained Xerox Docu* operator who can recite his DEEZEROCEE serials in his sleep.....

      The DocuColor printers in question are very high end printer/copiers that are installed and maintained by trained technicians known by Xerox as Customer Service Engineers or CSEs. When it breaks or needs parts, you call your CSE. Think "on-site support" but on steroids. You pay a ton for this.

      The system clock is set by the installer CSE and possibly updated as needed on subsequent service calls, and there are MANY of those as DocuColors require frequent maintenance and upkeep. It is not uncommon to have service once a week for some models. Or worse. They can be touchy beasts. The machines, I mean. The CSEs can be your pal or your worst nightmare. I like the ones my bosses hate. Go fig.

      So what is the clock for? Among other things, time stamps are used by the printshop for tracking when every single print was made including which operator made it. So no more late night "free copies" for your pals. Xerox also uses the logs for all sorts of legit reasons. Nothing evil there.

      So what about resetting the clock? First you'd have to get the machine open. This is not like a computer with handy access panels and common PCBs, er, that's PWBs in Xerox-speak. You'd have to know the machine inside-out, have the tools and the skill to take it apart (God help you), and hope that the battery is resettable rather that buried inside a chip. Xerox is very, very aware of people trying to cheat the machine meters to make free copies so stuff like counters and clocks are already armored and protected from prying hands.

      Assuming you managed to do all those things and got the machine back together, then it has to be recalibrated because taking it apart will have wrecked the system setup. So you have to call your CSE, who resets the clock straight away, probably by pushing the keys with the bones he removed from your hands for messing with his machine. If you're still alive at this point, you are right back where you started!

      Side notes: the vast majority of DocuColors are leased out by Xerox rather than sold, so the machine is normally Xerox property from assembly to reman to reman to reman to junkyard. Why? Some of them can cost half a million and up for new, less for used, but either way these are not something people "buy" when they can simply lease. GE Credit is happy to finance the leases and end users find it much cheaper and they don't end up stuck with obsolete machines.

      Many of the older machines can and do end up on the sale market and it is possible to buy one and own it, but it will still require service (lots for an old machine), toner, supplies, parts, and preventive maintenance. Xerox controls almost all the DocuColor parts, supplies, ink, and most of the trained CSEs so you pretty much have no choice but to sign on for a Xerox service contract even when you own the thing free and clear.

      Yes, there ARE trained key operators who can get in and do SOME maintenance chores but only Xerox can get parts and has the technical knowledge to use them.

  • We had might as well get used to this kind of stuff, because I suspect it's just the tip of the iceberg. Hell, I suspect it's just the tip of the iceberg of what's ALREADY going on, much less what is to come.

    -Eric

  • by G4from128k (686170) on Tuesday October 18, 2005 @09:11AM (#13816353)
    Once the code is cracked, anyone can add a pattern of yellow dots that say anything. Assuming someone can tweeze the overlapping codes, they would discover that the document was printed 10/10/05 by printer 2721272 or 5/8/05 by printer 8798798 or 11/2/05 by printer 9813982, etc. If one can get the alignment right, one could even fill-in the printer's native dot pattern so that all pages are printed on FF/FF/FF by printer FFFFFFF.
  • by maetenloch (181291) on Tuesday October 18, 2005 @09:22AM (#13816439)
    here [bunniestudios.com] a guy opened up his HP printer and looked at the chips involved. It appears that all the printers with hidden codes use the Canon print engine board. Changing the pattern might be as easy as reflashing an eeprom.
  • by Ex Machina (10710) <jonathan.william ... m ['ail' in gap]> on Tuesday October 18, 2005 @10:31AM (#13817046) Homepage
    Of course, this might actually prove useful in the future for historians analyzing our garbage for dating our documents. Assuming, of course, that these tiny dots can survive for a useful amount of time.
  • by dada21 (163177) * <adam.dada@gmail.com> on Tuesday October 18, 2005 @11:15AM (#13817452) Homepage Journal
    There are 3 types of counterfeit artists:

    1. The casual home counterfeiter. A guy with an inkjet who is 'having fun.' These guys get caught quickly by the secret service.

    2. The black market Wal*Mart, a.k.a. the Mob. They reconstitute $1 bills into pulp, reform the cotton into large sheets, and silkscreen new 'old style' $100 bills. By using the real paper and near-perfect ink in the old style bills, they get past the verification pens and bank scanners. Funny thing is, this style of counterfeit is almost dead as credit card fraud is much more lucrative and far safer. Bank draft fraud and money order fraud is easier, too.

    3. The Federal Reserve. Yes, Alan Greenspan and friends is actually the #1 counterfeit organization in the world. Because our currency is no longer backed by hard metal, the FRB is allowed to counterfeit billions of new dollars annually. The is legal by acts of Congress, and is not only the biggest reason for inflation, it is also the cause of the stock market bubble and the housing bubble. It also allows the government to finance off budget programs by introducing new currency into circulation.

    Incorporating these security dots only helps catch common criminals, not large scale organizations. And the worst violator, the FRB, counterfeits legally.
  • This is so old... (Score:3, Interesting)

    by Dan B. (20610) <slashdot@bryar.co m . au> on Wednesday October 19, 2005 @02:53AM (#13824551) Homepage
    I can't believe it has taken 9 years for this to make it to the public...

    I work for Xerox, we actually tell customers about this as a security feature of the machines. The article mentions that Xerox devices are more common in offices rather than homes (true) but company suits want to know that their employees aren't going to be making copies of currency (or stamps, bonds, etc.) on office equipment, thereby making them liable in some way, shape or form.

    If you try to copy a US $ bill on a Xerox, you get a smudgy black blob anyway. It works with a few currencies, but it has the security dots on it (invisible to the naked eye) all over the page. We have been asked to identify the source a few times, and it is usually guys working in pay-for-print copy stores that get busted for conterfieting.

    Other than that, there is no way we can track anything other than the time and place of the copy. So quit stressing.

To understand a program you must become both the machine and the program.

Working...