Thanks for the kind words, everyone. [more words below] On 11/02/2021, Stuart Longland <stua...@longlandclan.id.au> wrote: > The thing is… the printer is an electro-*mechanical* device. > > There's backlash, there's timing glitches. Even *without* deliberate > "steganography" (are Stegosauruses involved?), your print-out will have > unique flaws in it, that will "fingerprint" your printer as having made it. > > Maybe because the carriage belt has some backlash (or position sensing > is a bit off), the printer "staircases" (a problem that can exist in > dot-matrix or inkjet printers). > > Maybe a hammer or jet is dead leading to a dead "pixel" at regular > intervals. > > Maybe the imaging drum on your laser has an imperfection that means it > attracts proportionately more or less toner at a certain spot than other > areas of the drum. > > Maybe the MCU controlling the laser is a bit jittery and so doesn't > quite hit the target right every time. > > These are real-world devices, with real-world tolerances, and real-world > imperfections.
That's very true, however the deliberate addition of printer steganography suggests that at least laser printers had gotten so much closer to theoretical perfection that the powers that be felt they were "falling behind" on forensics and needed to compensate somehow. That, or maybe it was just a power grab because they could. Actually, most evils are committed because they become justifiable in some way. Maybe the "we're falling behind because lasers" argument was enough to convince politicians in closed sessions and judges in secret courts. Secrecy is seductive. It's a shame Wikileaks wasn't around when this started. I understand that the "falling behind" argument isn't entirely unreasonable. But I'd want people to know. Making e.g. the photocopying of banknotes deceptively easy in an age where stego is included but nobody knows about it would feel awfully close to entrapment. And that's another reason why what happened to Reality Winner is not okay. (I don't actually agree with her politics or other actions, but never mind that. Email me off-list if you positively want to hear more.) There is an honest argument for printer steganography, but its secret introduction proves that its advocates knew they would lose a public debate, and they knew that the courts were already tyrannical enough not to throw out inadmissible stego-evidence and -cases over parallel construction, and that they could be relied upon not to let the public know. On a related note, the reason the judges of (e.g.) America's secret courts have their identities protected to an extreme degree is because they know the public wouldn't stand for any of this. They fear the disinfecting power of sunlight, but as per the previous paragraph, most evils happen because there's some other, at least superficially plausible explanation, and their explanation is that evil terrorists and organised criminals would threaten their safety for exclusively illegitimate reasons, so the most powerful judges "need to" be the ones living in the shadows the most. But just because tyrants somewhat justifiably fear the people, does not mean tyranny is right. My Modest Proposal to any court officer anxiously shunning sunlight: --flips the script-- "If you're not doing anything wrong, you have nothing to fear." If you don't want to fear the people, don't be a tyrant. Throw that stego case out with prejudice. Does any of this closely relate to OpenBSD? I'm not sure. Could OpenBSD build on e.g. deda <https://github.com/dfd-tud/deda> and ship with mitigations enabled, so printing would be secure by default, or as secure as it can be, which isn't very? Again, I'm not sure. This gets hairy very, very quickly, and there'd be a cost-to-benefit analysis to be done that I'm not anywhere near competent or well-positioned enough to perform. ¯\_(ツ)_/¯ --Ian
