407
Printers leave a watermark on each page indicating the exact printer that it came from. Are there any other examples of these privacy violations that aren't common knowledge? (ttrpg.network)
submitted 1 week ago by thepompe@ttrpg.network to c/privacy@lemmy.ml
145 comments fedilink hide all child comments

One thing I'm concerned about is recording equipment leaving identifiable information without us knowing about it.

top 50 comments
sorted by: hot top controversial new old
[-] Homme_Tanks@hexbear.net 1 points 1 day ago* (last edited 1 day ago)

There is a new web fingerprinting technique that uses your GPU's individual idiosyncratic performance characteristics to enable/boost efficacy of web fingerprinting: https://www.bleepingcomputer.com/news/security/researchers-use-gpu-fingerprinting-to-track-users-online/

A team of researchers from French, Israeli, and Australian universities has explored the possibility of using people's GPUs to create unique fingerprints and use them for persistent web tracking. The results of their large-scale experiment involving 2,550 devices with 1,605 distinct CPU configurations show that their technique, named 'DrawnApart,' can boost the median tracking duration to 67% compared to current state-of-the-art methods.

https://arxiv.org/pdf/2201.09956

[-] Charger8232@lemmy.ml 4 points 6 days ago

Are there any other examples of these privacy violations that aren't common knowledge?

Here you go :)

[-] markz@suppo.fi 122 points 1 week ago* (last edited 1 week ago)

Well just recently learned that some printers exfiltrate data from air gapped networks through ink cartridges.

https://lemmy.world/post/37486114

[-] atomicbocks@sh.itjust.works 118 points 1 week ago

If you don’t connect your Fire TV or other Amazon device to the internet it will talk to your next door neighbors Echo or whatever to send your data back to Amazon.

load more comments (4 replies)
[-] Dr_Vindaloo@lemmy.ml 105 points 1 week ago

Most modern cars are SIM-enabled and are constantly sending data back to the mothership. But even those that aren't will still collect data locally and that data will be collected when you send the car to an "official/licenced/authorized" repair shop.

[-] DarkFuture@lemmy.world 39 points 1 week ago

I hate this.

I'm still driving a '99 vehicle and the most advanced thing about it are the power windows. I dread upgrading to a vehicle that can break in so many new ways. I hate that everything has touch screens and the software on many is awful and if it breaks, surprise, you have no music in your car now.

[-] plantfanatic@sh.itjust.works 14 points 1 week ago* (last edited 1 week ago)

Those still have an ECU that stores most of the same data. It knows you speed, it knows how hard you brake, etc. anything with an OBD will store data. And that’s carssince the 70s

load more comments (4 replies)
[-] sonstwas@sh.itjust.works 23 points 1 week ago

Earlier this year during the CCC security conference it was revealed that the tracking info of 800k Volkswagen cars was publicly accessible...

The talk is available in English as well I believe: https://media.ccc.de/v/38c3-wir-wissen-wo-dein-auto-steht-volksdaten-von-volkswagen

load more comments (4 replies)
[-] HiddenLayer555@lemmy.ml 98 points 1 week ago* (last edited 1 week ago)

Tons of websites record your mouse, keyboard, and scroll activity, and can play back exactly what you saw on your browser window from its backend dashboard as a video. This is called session replay. There are pre-made libraries for this you can import so it's super common, I believe Mouseflow is one of the biggest providers.

When a mobile app, Windows app, or even website crashes nowadays, it automatically sends the crash dump to the app developer/OS vendor (the OS often does this whether the app requests it or not because the OS developer themselves are interested in what apps crash and in what ways). We're talking full memory dump, so whatever private data was in the app's memory when it crashed gets uploaded to a server somewhere without your consent, and almost certainly kept forever. God help you if the OS itself crashes because your entire computer's state is getting reported to the devs.

Your phone's gyroscope can record what you say by sensing vibrations in the air. It may or may not be something humans will recognize as speech if played back because the frequency range is too limited, but it's been shown that there's enough information for a speech recognition AI to decode. Good chance the accelerometer and other sensors can be used in the same way, and using them together will increase the fidelity making it easier to decode. Oh did I mention no device has ever implemented permission controls for sensors so any app or even website can access them without your consent or knowledge?

[-] Truscape@lemmy.blahaj.zone 35 points 1 week ago

Correction: GrapheneOS has implemented permission controls for sensors. It also has sandboxing and permission scopes to prevent many of those leaks.

However, Graphene is not available to everyone, and it's still problematic due to bystanders/passerby.

[-] bountygiver@lemmy.ml 29 points 1 week ago

nah only the minidump is reported back which only contains the memory the crashing stack is using. Sending the full dump would requires uploading gigabytes of data which would cripple any home internet as they mostly have very limited upstream bandwidth.

load more comments (4 replies)
[-] mukt@lemmy.ml 81 points 1 week ago

Photos taken by digital cameras are also trackable in a similar way as prints taken from a printer. I recall reading they were trying to identify the device after a Harry Potter book was leaked by someone taking digital photographs.

[-] space_comrade@hexbear.net 27 points 1 week ago

Was it just EXIF information or was it something embedded in the pixels? If it's just EXIF that's something you can scrub from the file easily.

[-] chgxvjh@hexbear.net 32 points 1 week ago

The Harry Potter thing was EXIF https://www.eff.org/deeplinks/2007/07/harry-potter-and-digital-fingerprints

But pictures can also be traced back to a camera based on irregularities in the camera sensor https://www.scientificamerican.com/article/tracing-photos-back-to-the-camera-that-snapped-them/

Unlike with the printers, there is probably no database of the CMOS sensor irregularities of all cameras ever made. But if you upload pictures under your government name and the take pictures with the same camera and share them anonymously, this could be traced back to you in theory.

load more comments (2 replies)
[-] oscardejarjayes@hexbear.net 13 points 1 week ago

Cameras generally have barely noticeable, but uniquely identifiable, defects that will consistently affect pictures. So if you post a photo on your personal Social Media, and then you post a photo from the same camera on Hexbear, those two things could be connected. Just because it can happen doesn't mean it's practical, though.

I have no idea if this is what's been used with the Harry Potter thing.

[-] belated_frog_pants@beehaw.org 16 points 1 week ago

Exif data. It can be removed with various apps but its in photos by default on most devices

[-] ReversalHatchery@beehaw.org 10 points 1 week ago

or just the individual characteristics and flaws of the lens/sensor/postprocessing software, some of which can be unique per device, and potentially comparable to other photos made with it.

load more comments (2 replies)
[-] who@feddit.org 12 points 1 week ago* (last edited 1 week ago)

To be clear, this is not about EXIF data (which is its own problem).

Digital cameras can be fingerprinted from the images they produce, due to variations between pixels in any given sensor. If you're concerned about an image being traced back to your camera, you might consider some post-processing before distributing it.

[-] mapleseedfall@lemmy.world 10 points 1 week ago

Youre talking about img metadata right? With the right tool you can strip images out of them

[-] thevoidzero@lemmy.world 12 points 1 week ago* (last edited 1 week ago)

That's the obvious one. But you can also add data to images by adding tiny values to the pixels, it'll still look the same to us (same as printer tiny dots).

I don't know if phones actually do this. Just saying it's possible.

But many uploading sites optimize the images, so it'll be gone on reshare, but they could get it on first upload.

load more comments (1 replies)
load more comments (1 replies)
[-] whats_a_lemmy@midwest.social 58 points 1 week ago

https://www.technologyreview.com/2024/02/27/1088154/wifi-sensing-tracking-movements/

WiFi-based human motion detection through barriers

[-] cypherpunks@lemmy.ml 53 points 1 week ago

Social graph connections can be automatically inferred from location data. This has been done by governments (example) for a long time and is also done by private companies (sorry I can't find a link at the moment).

[-] JustVik@lemmy.ml 45 points 1 week ago* (last edited 1 week ago)

Maybe this. Most smartphones have a modem inside, this modem has a separate closed-sourced operating system and it usually has the main priority in controlling the smartphone relative to the processor running the main operating system, such as Android. Sometimes the modem has access to the microphone or memory, even bypassing the CPU. Although maybe everyone already knows that.

load more comments (19 replies)
[-] nimpnin@sopuli.xyz 40 points 1 week ago

That ATM cash tracking thing comes to mind

[-] user_found@lemmy.dbzer0.com 17 points 1 week ago

What is it?

[-] null_dot@lemmy.dbzer0.com 50 points 1 week ago

It's like a machine that behaves as a bank teller, kind of automatically.

[-] Klear@quokk.au 24 points 1 week ago

You're kidding, Shirley.

[-] sqgl@sh.itjust.works 25 points 1 week ago

Don't call me surely.

[-] e8d79@discuss.tchncs.de 40 points 1 week ago* (last edited 1 week ago)

Banks can track each banknotes serial number when you receive them from the ATM and when they are returned from the store you spent them at. This data could then be used to create a complete profile of your spending habits.

https://www.heise.de/en/news/Bill-tracking-Increasing-cash-tracking-worries-data-protectionists-10481696.html

[-] Peppycito@sh.itjust.works 30 points 1 week ago

Doesn't work very well if you buy something directly from someone. Or if your cash is given out as change. Seems like it would make a wildly inaccurate profile.

[-] SchmidtGenetics@lemmy.world 28 points 1 week ago

Lots of stores also gives bills back out, the system makes zero sense, it can’t track anything at all. Like maybe 5% of bills are used once and then returned to the bank.

load more comments (5 replies)
load more comments (20 replies)
[-] oscardejarjayes@hexbear.net 39 points 1 week ago

The worst thing about that printer tracking is that we only learned about it around 20 years after they started implementing it. It's been another 20 years, imagine what they're doing now.

[-] Core_of_Arden@lemmy.ml 30 points 1 week ago* (last edited 1 week ago)

Isn't it common knowledge? I've known about it for at least two decades...

BTW - you can easily work around it. Get someone else to buy your printer for you, or trade with someone who has the same printer... Now, they will still be able to match it to the printer, if they find it at your home, but other that that, you are free...

PS. Don't use your printer to blackmail FBI or CIA. ;-)

[-] TranquilTurbulence@lemmy.zip 24 points 1 week ago

Pro tip: If you use a pen and paper to blackmail the FBI and CIA, they can’t trace it back to you using invisible yellow dots.

[-] mukt@lemmy.ml 30 points 1 week ago

They'll still identify you by your wax seals. /s

[-] pogmommy@lemmy.ml 18 points 1 week ago

It'd be uncouth to send blackmail without your family's seal

load more comments (1 replies)
[-] Eheran@lemmy.world 13 points 1 week ago

There is no connection from a random printer you buy somewhere anonymous to you. They can "only" verify something was (not) printed with that printer.

load more comments (9 replies)
load more comments (2 replies)
[-] 7bicycles@hexbear.net 26 points 1 week ago

A lot of stores track your movement through the store with the WiFi or bluetooth your phone sends out, unless you have that turned off. Since it's "anonymous" not even stuff like the GDPR requires to notify anyone of this.

Also that's going to get way worse

[-] chillpanzee@lemmy.ml 10 points 1 week ago

They also use a heap of cameras with facial recognition to track you.

load more comments (2 replies)
load more comments (6 replies)
[-] infuziSporg@hexbear.net 25 points 1 week ago

For audio recordings, there is usually a trace of electric hum in the background that has enough randomness to yield info on when (and sometimes where) the recording took place.

It's not as much of a privacy violation as a privacy vulnerability, but it's still relevant.

[-] Ohh@lemmy.ml 17 points 1 week ago

No... But i've thought about how easy it would be to implement in ebooks and pdfs (e.g. my daily newspaper i can download as pdf). I've thought about this when sailing the high seas.

Is it a thing?

[-] Akrenion@slrpnk.net 10 points 1 week ago

Watermarking is definitely a thing. Whistle-blower have to think about that as well.

load more comments (1 replies)
load more comments (3 replies)
load more comments
view more: next ›
this post was submitted on 20 Oct 2025
407 points (99.3% liked)

Privacy

42766 readers
1302 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz