As the warrant says, she confessed while interviewed by the FBI. Had she not confessed, the documents still contained enough evidence to convict her: the printed document was digitally watermarked.
The problem is that most new printers print nearly invisibly yellow dots that track down exactly when and where documents, any document, is printed. Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document.
In this post, I show how.
You can download the document from the original article here. You can then open it in a PDF viewer, such as the normal "Preview" app on macOS. Zoom into some whitespace on the document, and take a screenshot of this. On macOS, hit [Command-Shift-3] to take a screenshot of a window. There are yellow dots in this image, but you can barely see them, especially if your screen is dirty.
We need to highlight the yellow dots. Open the screenshot in an image editor, such as the "Paintbrush" program built into macOS. Now use the option to "Invert Colors" in the image, to get something like this. You should see a roughly rectangular pattern checkerboard in the whitespace.
It's upside down, so we need to rotate it 180 degrees, or flip-horizontal and flip-vertical:
Now we go to the EFF page and manually click on the pattern so that their tool can decode the meaning:
The document leaked by the Intercept was from a printer with model number 54, serial number 29535218. The document was printed on May 9, 2017 at 6:20. The NSA almost certainly has a record of who used the printer at that time.
The situation is similar to how Vice outed the location of John McAfee, by publishing JPEG photographs of him with the EXIF GPS coordinates still hidden in the file. Or it's how PDFs are often redacted by adding a black bar on top of image, leaving the underlying contents still in the file for people to read, such as in this NYTime accident with a Snowden document. Or how opening a Microsoft Office document, then accidentally saving it, leaves fingerprints identifying you behind, as repeatedly happened with the Wikileaks election leaks. These sorts of failures are common with leaks. To fix this yellow-dot problem, use a black-and-white printer, black-and-white scanner, or convert to black-and-white with an image editor.
Copiers/printers have two features put in there by the government to be evil to you. The first is that scanners/copiers (when using scanner feature) recognize a barely visible pattern on currency, so that they can't be used to counterfeit money, as shown on this $20 below:
The second is that when they print things out, they includes these invisible dots, so documents can be tracked. In other words, those dots on bills prevent them from being scanned in, and the dots produced by printers help the government track what was printed out.
Yes, this code the government forces into our printers is a violation of our 3rd Amendment rights.
While I was writing up this post, these tweets appeared first:
oh wow, @knowtheory just pointed out the microdots on the first and late page of the intercept's docs. printer dots kill puppies, folks. pic.twitter.com/w8qxJ9zvhf— Quinn's internet 👻 (@quinnnorton) June 6, 2017
The date in the microdots is 6:20 2017/05/09 from a printer with serial number #5429535218, according to https://t.co/PVVm7AAjlL pic.twitter.com/6BY7Y3MFhL— Tim Bennett (@flashman) June 6, 2017
Comments:
https://news.ycombinator.com/item?id=14494818
Poof goes a darn fine tracking tool.
ReplyDeleteNot really.
ReplyDeleteThis has been a pretty standard thing for the last decade or so and even NSA contractors forget, or are simply unaware, that it exists.
3rd amendment? Really? You'll liken these yellow dots to quartering soldiers?
ReplyDeleteYes. The reason why the third Amendment is there is not because the founders were angry at being forced to run a hotel for British troops. It is because a common way of quelling dissent was to place soldiers in the homes of rabble rousers, and have them report on the dissenters' activities. Nowadays, the just do the same thing electronically with NSA email intercepts and the like.
DeleteIt's forcing you to run software on behalf of the US Government. That's against the 3rd Amendment.
ReplyDelete"Forcing"? ... no it isn't. You are buying a printer that chooses to run that software. You can overwrite the software yourself if you have the motivation to do so.
DeleteOr the know-how..... said the extremely tech-challenged 67 year old.... me.
DeleteSimply converting to b/w is not sufficient!
ReplyDeletehttp://imgur.com/a/kLovh
And even when you mask them out so that they are no longer visible in the "all white" (paper) background, e.g. by messing with the white/black point of the image there's still the possibility that they could be recovered with correlation methods in grey areas where they aren't visible to the naked eye or just by increasing the contrast.
black and white is not greyscale, btw.
DeleteTechnically I think she had already outed herself in multiple and more obvious ways like using her gmail to communicate with the Intercept, social media activities, etc. Still, a mistake on the part of the Intercept in providing evidence to finger and prosecute her.
ReplyDeletethey v much want you to think this. her gmail was used for a completely unrelated communication with TI
DeleteDon't print in color or on a color printer unless the document warrants it. Black monochrome only people. It's also cheaper. Have two printers.
ReplyDeleteThat's why, when Greenpeace leaked the TTIP documents, they first manually re-typed a copy of the original document that was then released.
ReplyDeleteEspecially The Intercept should had have known better.
A terrible professional error that not only destroyed the life of one of the rare courageous citizens, but also shows that The Intercept cannot be considered as safe “whistle blower” platform anymore.
This is sad and very dangerous, as we need independent human rights defending journalism more than ever - and this can only work if these journalists are able to protect their sources.
I consider it highly illegal that people are trackable that way in general.
ReplyDeleteThat this is possible shows that the goverments do not work for the people but for other interest groups.
I don't think anti-counterfeiting measures mean the government is being evil to me.
ReplyDeleteWrong amendment! No Constitutional violation. What you expose to public even unknowingly is not protected. Government has to protect itself from saboteurs. Writer has head screwed on wrong if he thinks this is evil.
ReplyDeleteThis comment has been removed by the author.
Delete(that comment was directed to KiTA--the interface I was using had a reply-to-comment button and I wasn't sure how obvious it would be that I was replying to them)
ReplyDeleteChristian Vogel, black and white means indexed (1-bit color palette). Every pixel is either pure black or pure white. There are no gray pixels. I believe this does defeat printer dots. The leaker should have done this themselves rather than trusting the journalist.
ReplyDeleteNice work. How could The Intercept be so naive by seeking contact with the NSA? I don’t get it, Glenn Greenwald, you know better. Do you?
ReplyDeletethey had one successful leaker - one who did reveal himself publicly because journalist were conspiring with him to create this (TI) medium and provide him with money for life. otherwise he would leak it on cryptome which had long tradition of sucessful leaking
Deletealso dont forget wikileaks
DeleteIs there any chance people would realize the Amendment comment was a joke and stop failing to be pedantic with their "corrections."
ReplyDeleteAmendment comments should be mandatory so they have more clicks and shares😋
Delete#JWICs is a thing. Winner outed herself.
ReplyDeleteGreat article, but there is no such built in program called Paintbrush on macOS.
ReplyDeleteThis was not a courageous citizen! She was a deranged anti American communist like 90% of the journalist today. This leak does nothing but alert foreign gov't of our capabilities. Claiming to be helping when your actually sabotaging our country is Straight out of the Alinsky playbook acuse others of what your actually doing
ReplyDeleteThis comment has been removed by the author.
DeletePlease read Alinsky's work. His "playbook" is all about how to give powerless people organizing tools to stand up to authority to protect their rights. If that is evil, or communist in some way, then I'm also guilty - as are many others.
DeleteBut when these people attain power and continue to use Alinskyite tactics - that's a problem as we found out during the Obama administration.
DeleteHaithabu could you explain what you mean there. I'm unsure of whom you are referring to.
DeleteAssume that anything outed on the general Internet has already been detected by ISIL and similar entities who aim to do us harm.
DeleteSpell check. Try it.
ReplyDeleteShe may have assumed that secrecy laws are a dead letter with all the consequence-free leaking going on.
ReplyDeleteNot if she's working at NSA...
DeleteNothing wrong with microdots - especially when run on government hardware to protect government property from criminal intent.
ReplyDeleteSomeone was definitely either careless or maliciously trying to out Winner, but I'm not sure we can jump to blaming The Intercept just yet. A WashPo article said the FBI questioned Winner -- who admitted everything -- on June 3rd, two days before the Intercept story went live.
ReplyDeletethis is because TI shared documents on 5/30 with the NSA who notified the FBI. winner was already in custody when the article was finally run
Deleteexactly, so intercept can not be sued or shutdown
DeleteThe specific constitutional rights violation is not of consumers, it is of private companies who manufacture printers being compelled to add this technology. Familiar to many following the case with Apple and encryption recently.
ReplyDeleteAngelique is slightly right but mostly wrong. I agree that leaks can harm our ability to legitimately intercept nefarious foreign governments and foreign individuals seeking to harm our republic and citizens. On the other hand the fact that a foreign power has corrupted our election process in numerous ways and may very likely put in power an illegitimate president is a serious concern. When the only authority and oversight is the same president and his cronies then turning to the free press seems like a pretty good idea. This woman was very brave for bringing forth this information.
ReplyDeleteMichael, fyi, the reason they questioned the girl is because The Intercept contacted them to see if they wanted anything redacted before printing, they gave them a copy of the document so as to not release sensitive information. It is common in media these days.
ReplyDeleteyoure naive, if they wanted what you wrote, then they will sanitize leak then sent it to state and thats it. they didnt do it they sent documents with identificators so they wont be sued or shot down or living on ecuadorean embassy
DeleteThis comment has been removed by the author.
ReplyDeleteI don't know that this would be any more a violation of 3rd Amendment rights than, for example, the ability to trace typewriting to a specific old-school typewriter would be. Let's put aside this specific case for a moment, given that she printed the doc on an NSA/work printer. If, say, the FBI wanted to track a specific printed document to a specific printer, there would need to be one of the following: 1) a catalog of all dotmark patterns, presumably registered by the manufacturers, or b) a record maintained by each individual manufacturer which the FBI could access, possibly with a warrant, that would narrow the printer to the retail location but possibly no further, or c) the FBI would have to match the document to the exact printer-- in which case, they perhaps have narrowed the search down to a possible printer and this is used for confirmation. This is quite different from planting either a government agent or a form of bug (computer, audio, whatever) in a private residence.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteDESTROY THIS BEAST
ReplyDeleteA point of consideration is that the the Intercept knows this because of Snowden and they purposefully outed Winner as a message to leakers.
ReplyDeleteyes if leaker sends them materials its problem for them bcs they have to deal with government instead of cashing hundreds of thousands dollar checks every month from fearmongering
Deletehttp://observer.com/2017/06/reality-winner-intercept-nsa-leak-explained/
ReplyDeleteyou have truly american mind
DeleteThis document is a PDF.. there is no scanner that can acctually capture those dotes even in 1600P.. so HOW was that scanned?
ReplyDeleteIs it because it was OUR election and Trump won that has all you people so upset, or is the general principle of thing — in which case, were all of you equally upset about Obama's 2015 attempts to influence Israeli elections (using US taxpayer dollars), and all the other US attempts to influence foreign elections between 1947 and 2000?
ReplyDeletehttps://townhall.com/tipsheet/mattvespa/2016/12/16/flashback-that-time-the-obama-administration-spent-hundreds-of-thousands-of-dollars-to-defeat-benjamin-netanyahu-n2260711
http://www.latimes.com/nation/la-na-us-intervention-foreign-elections-20161213-story.html
Just curious...........
ReplyDeleteThis could all be elaborate theater - cleverly designed to help the oligarchy/establishment achieve certain objectives. It's good to be open minded, but not too gullible. Just because 300 million people believe a pack of lies, does not change the matter.
To people who think this is a newer innovation: This has been going on since at least the late 1990s when consumer color laser printers became viable. I had a leadership role at a retail copy chain and one of my stores was involved in a counterfeit money situation; the US Secret Service came in to verify serial numbers of our color laser printers and sat down with me to explain the yellow dots. This was in 1998.
ReplyDeleteThanks, that's interesting
Deletehttps://en.wikipedia.org/wiki/Printer_steganography
ReplyDeleteAs long as you accept the fact that Hillary Clinton and the DNC are just as Corrupt and Evil as Donald Trump and the RNC you have an argument for returning our Nation to Civil, Honorable, Citizenship-based Rule. If you're still brainwashed by either Party - or ANY Party - than you need to have your brain deprogrammed ..
ReplyDeleteBrad Hartliep. America's Independent Candidate 2020
Things are different if you're working for the government with security clearance.
ReplyDeleteyes but this article is about toxic culture in your media industry so you wont forget that its not only about "fakenews"
ReplyDeleteLook on the bright side... she didn't have to pay for the toner.
ReplyDeleteWho cares who the brave person who leaked this, the question remains, did the hackers change the outcome of the election, and if so what, should be done next.
ReplyDeleteEveryone is discussing Microdots on printers?
ReplyDeleteThat she printed a document on a secure printer and then snail mailed it is mind boggling to me. I am a Network Engineer and there is really nothing that she could have done to have not been discovered. They conveniently get admit to microdots on pdf's in this case. I am sure that the NSA is relieved that they do not need to own up to spyware built into firmware on pc's now. No electronic communication is secure at all period.
The bigger question for me is this: How does a radicalized 25 year old Anti-Trumper find out that a 4 day old document like this even exists in the first place? No one is talking about the DNC server breach any longer. She is obviously a patsy and was used by the Feds to release this information. This is a certainty. And it is unfortunate that her life is over and this might have been prevented. She was used and will be tossed aside.
I want to reiterate: THERE IS NO FORM OF ELECTRONIC COMMUNICATION THAT IS SECURE AT ALL. Believe this because it is the truth.
Printer dots save lives. Can you imagine the unscrupulous people who would steal government and industrial secrets if they could! She was a vindictive little bitch who gave out a Top Secret document--she has earned her jumpsuit and jail cell!
ReplyDeleteIt's [Command-Shift-4]. Also I'm only ever leaking anything to Cory Doctorow (hacker + journalist) or Bruce Schneier (straight up security expert and privacy advocate)--not that anyone trusts me with anything worth leaking.
ReplyDeleteThank you for sharing valuable information. Nice post. I enjoyed reading this post.
ReplyDeletegclub จีคลับ
gclub online
gclub online
Thank you for sharing
ReplyDeleteObat Penyakit Sipilis Raja Singa
Pengobatan Kencing Nanah Atau Gonore
Cara Mengobati Sipilis
Obat Sipilis Dan Kencing Nanah
Obat Kencing Nanah Dan Gonore
Obat Herbal Sipilis
Obat Kencing Nanah Denature
Obat Sipilis Denature
Obat Sipilis Kencing Nanah
Obat Herbal Kencing Nanah
If you print on an employers printer don't expect ANY right to privacy! They own the hardware you're using and can monitor how it is used as they wish, including the microdots and logging. Besides, I'm pretty confident every federal employee/contractor signs a legal contract stating they will keep confidential, secret and top secret documents as just that. If they don't want to then they shouldn't have access to those documents.
ReplyDeletehere's an obvious opportunity for a graphics developer:
ReplyDeletesalt-n-peppa! add random yeller dots of the same color and size all over the place,
expecially in the tagged area!
if the color is an exact match then the data goes poof!
In the old days, typewriters were identified because of slight differences in the alignment of the typebars and imperfections and wear on each letter. Microdots are an update for technology.
ReplyDeleteSociety's gravest danger is from non-public organizations, within the government or outside it. Tools like these to enable "us" to discover who did what are important for the continuance of our culture.
Really i like your site...
ReplyDeleteI enjoyed...
boom barriers
What happens if you print on yellow paper or use a yellow background of some kind?
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteIt's actually a violation not of the Third Amendment but of the Fourth Amendment to the U.S. Constitution: the right to be secure in your home. If downloaded the document to a flash drive and printed it on your home hardware, this tracking/spying device would violate your safety and privacy in your home.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThat's why, when Greenpeace leaked the TTIP documents, they first manually re-typed a copy of the original document that was then released.
ReplyDeleteEspecially The Intercept should have known better.
A terrible professional error that not only destroyed the life of one of the rare courageous citizens but also shows that The Intercept cannot be considered a safe “whistleblower” Tech nukti platform anymore.
This is sad and very dangerous, as we need independent human rights defending journalism more than ever - and this can only work if these journalists are able to protect their sources.