SoylentNews is people
SoylentNews
Zero-width characters are invisible, ‘non-printing’ characters that are not displayed by the majority of applications. For example, I’ve inserted 10 zero-width spaces into this sentence, can you tell? (Hint: paste the sentence into Diff Checker to see the locations of the characters!). These characters can be used to ‘fingerprint’ text for certain users.
Well, the original reason isn’t too exciting. A few years ago I was a member of a team that participated in competitive tournaments across a variety of video games. This team had a private message board, used to post important announcements amongst other things. Eventually these announcements would appear elsewhere on the web, posted to mock the team and more significantly; ensuring the message board was redundant for sharing confidential information and tactics.
The security of the site seemed pretty tight so the theory was that a logged-in user was simply copying the announcement and posting it elsewhere. I created a script that allowed the team to invisibly fingerprint each announcement with the username of the user it is being displayed to.
I saw a lot of interest in zero-width characters from a recent post by Zach Aysan so I thought I’d publish this method here along with an interactive demo to share with everyone. The code examples have been updated to use modern JavaScript but the overall logic is the same.
(Score: 5, Informative) by FakeBeldin on Thursday April 05 2018, @09:02PM (10 children)
at BleepingComputers [bleepingcomputer.com]*, the article focused more on the potential to use this to identify whistle blowers.
The way this could work: there are at least two zero-width Unicode characters. So one zero-width character represents a 1, the other a 0. Hence, it's easy to encode any string as a sequence of zero-width characters, which can then be embedded into the document. To identify who leaked a classified file, the idea is to use this method to embed the username of the user who opened the document.
While on the one hand it is a cool way to watermark text documents (including plain text), on the other hand, the idea of "let's prevent whistle blowing" sounds less savory. Hence a plugin was created that changes zero-width characters to random emoji.
* feel free to add bleepingcomputer to the list of sites scraped by our faithful Arthur.
(Score: 2) by nobu_the_bard on Thursday April 05 2018, @09:15PM (6 children)
Not all leaks are whistleblowers, though.
(Score: 0) by Anonymous Coward on Thursday April 05 2018, @09:28PM (5 children)
A person may take offense at perfectly legal behavior, leak, and think himself a whistleblower. Suppose you are in the Marines, and you find out that you're about to attack an enemy camp. Oh, that is killing! So you reveal the plans to the world and call yourself a whistleblower. Um, no.
Another person may be, in part, a whistleblower, but that is insignificant. For example, suppose the NSA is misbehaving, and so you indiscriminately leak out all the NSA documents you can get your hands on. To then claim to be a whistleblower is pretty damn dishonest.
(Score: 4, Touché) by takyon on Thursday April 05 2018, @10:02PM (3 children)
Not a whistleblower, merely a hero for damaging the system.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2, Troll) by realDonaldTrump on Friday April 06 2018, @01:56AM (2 children)
Call it any way you like, but Snowden is just another wiseguy traitor -- and a DISGRACE. He gave serious information to China and Russia -- believe me, he's President Putin's best buddy -- and should be executed. Make no mistake, he is no hero. In fact he is a coward who should come back & face justice. When our country was great do you know what we did to traitors?
(Score: 3, Informative) by Anonymous Coward on Friday April 06 2018, @02:30AM (1 child)
> When our country was great do you know what we did to traitors?
Started calling them "the Founding Fathers"?
(Score: 0) by Anonymous Coward on Friday April 06 2018, @06:13AM
I thought the term was "The Honorable", cause we had to try to guilt-trip them into not doing too much damage with the authority we were vesting in them.... as we can never seem to get the idea "none of the above" is an acceptable answer to a poll.
(Score: 0) by Anonymous Coward on Thursday April 05 2018, @10:48PM
Much like how governments want to compromise encryption and hence everyone for the sake of the "children" and because "terrorists"?
Yea, pretty damn dishonest, but its the fucking status quo.
(Score: 1, Interesting) by Anonymous Coward on Thursday April 05 2018, @10:07PM (1 child)
Using zero width spaces seems like a really unreliable watermark, though. It is trivial to remove, and does not survive basic transformations like, say, printing. And if you are trying to hide the fact that the document has tracking information it fails at that too because the presence of zero-width spaces is weird in and of itself.
You could do the same thing by introducing extra real spaces or alternate spellings of words. For example, you could encode 1 bit of information every time a word like "honour" appears in a document by sometimes spelling it as "honor". This kind of thing is much more likely to be maintained from one document generation to the next.
(Score: 0) by Anonymous Coward on Thursday April 05 2018, @10:59PM
Indeed, it might catch a few people early on, but this is the sort of thing that's trivially defeated using find and replace.
Also, have we learned nothing about sanitizing our outputs? Nothing should appear in text that isn't visible to the reader for various reasons.
(Score: 0) by Anonymous Coward on Thursday April 05 2018, @10:45PM
A forum could use this by secretly inserting "This text was copied by $USERNAME" into every post. Which could lead to hilarity.