Actions

Printing and Scanning

Printing and Scanning[edit]

Printing is a risky endeavor. This risk is unrelated to Whonix and is a general issue with printers.

The Electronic Frontier Foundation (EFF) notes: [1]

Imagine that every time you printed a document it automatically included a secret code that could be used to identify the printer - and potentially the person who used it. Sounds like something from an episode of "Alias" right?

Unfortunately the scenario is not fictional.

The EFF has confirmed that some color laser printer manufacturers encode identifying information on each page, in an effort to identify counterfeiters. Identifying information contained within forensic tracking codes can include the date, time and printer serial numbers attached to the printout. For instance, a sample script is provided by the EFF which deciphers these forensic dot patterns for the Xerox DocuColor laser printer. [2] The downside for privacy advocates is immediately apparent: this same technique can be used as a common tool for government surveillance.

Workarounds exist for printing materials such as political leaflets safely:

  • This page has compiled a list of printers and whether or not they include forensic watermarking.
  • According to MIT, forensic markers are not present in black-and-white print-outs, so long as no color cartridge is present. [3]
  • Using a USB-Printer bought at a garage sale might be a good option to help maintain anonymity.


Note that these factors only apply to printers under a person's control. If a printer is used that is controlled by an adversary and they want to track down the source printer for particular documents, then color printing can be enforced at all times for this purpose.

Modern printers and scanners are embedded computers with their own dedicated internal storage. It has been discovered that scanned documents are saved by these devices, leaking the handling of sensitive documents. [4] One workaround is to use a cell phone that is only used for dedicated anonymous activities to take photos of the material, however this recommendation comes with its own caveats.

Finally, persons wanting to print anonymously must also consider non-technical issues, such as forensic traces related to physical fingerprints, DNA traces left on materials and so on.

Mitigating Printing Risk[edit]





Bearing in mind the risk of printing in general, the risks posed by printer driver plugins can be mitigated via several methods outlined below.

Install Printer Drivers in a TemplateBasedVM[edit]

There is no reason to avoid installing software in TemplateBasedVMs. Therefore, users can opt to install the printer drivers in an AppVM which is based on the whonix-ws-14 template.

1. Create an AppVM based on whonix-ws-14. The untrusted AppVM should be named so it is not confused with a more trusted VM - for instance, anon-printer.

2. Install the printer drivers in the anon-printer VM. This will likely involve using Tor Browser or konsole to download the drivers (see install software and secure downloads).

3. Once the drivers are installed, use the anon-printer VM for printing purposes only. Do not use this VM for any other sensitive activity!

4. Optional: Minimize the risk of user mistakes persisting to the next printing session. Once printing is complete, shutdown the anon-printer VM and remove it from the system. If/when further printing is required, repeat steps 1-3 to recreate another anon-printer VM.

Install Printer Drivers in a TemplateBasedVM and Use bind-dirs Selective Persistence[edit]

  • Using selective bind-dirs persistence is currently undocumented. Further research is required to ascertain which files require persistence across VM reboots.
  • This task would also be difficult.

Install Printer Drivers in a StandaloneVM[edit]

1. Create a Standalone Whonix-Workstation VM. The untrusted AppVM should be named so it is not confused with a more trusted VM - for instance, anon-printer.

2. Install the printer drivers as per normal procedures. This will likely involve using Tor Browser or konsole to download the drivers.

3. Once the drivers are installed, use the Standalone anon-printer VM for printing purposes only. Do not use this VM for any other sensitive activity! [7]

Footnotes[edit]

License[edit]

Whonix Printing and Scanning wiki page Copyright (C) Amnesia <amnesia at boum dot org>
Whonix Printing and Scanning wiki page Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>

This program comes with ABSOLUTELY NO WARRANTY; for details see the wiki source code.
This is free software, and you are welcome to redistribute it under certain conditions; see the wiki source code for details.


Random News:

We are looking for maintainers and developers.


https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)