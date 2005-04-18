from the digital-fingerprints dept.
Zero-width characters are invisible, ‘non-printing’ characters that are not displayed by the majority of applications. For example, I’ve inserted 10 zero-width spaces into this sentence, can you tell? (Hint: paste the sentence into Diff Checker to see the locations of the characters!). These characters can be used to ‘fingerprint’ text for certain users.
Well, the original reason isn’t too exciting. A few years ago I was a member of a team that participated in competitive tournaments across a variety of video games. This team had a private message board, used to post important announcements amongst other things. Eventually these announcements would appear elsewhere on the web, posted to mock the team and more significantly; ensuring the message board was redundant for sharing confidential information and tactics.
The security of the site seemed pretty tight so the theory was that a logged-in user was simply copying the announcement and posting it elsewhere. I created a script that allowed the team to invisibly fingerprint each announcement with the username of the user it is being displayed to.
I saw a lot of interest in zero-width characters from a recent post by Zach Aysan so I thought I’d publish this method here along with an interactive demo to share with everyone. The code examples have been updated to use modern JavaScript but the overall logic is the same.
(Score: 2) by NewNic on Thursday April 05, @08:39PM (2 children)
I tried using the webpage https://umpox.github.io/zero-width-detection/ [github.io] and it did not show my username. When I pasted it into Diff Checker, there were no zero width characters.
I tried using Firefox and Chrome under Linux.
(Score: 0) by Anonymous Coward on Thursday April 05, @08:51PM
You need to be wearing your captain crunch secret decoder ring.
(Score: 0) by Anonymous Coward on Thursday April 05, @09:35PM
Worked for me pasting into hexdump -C both in MSYS2/Windows and GNU/Linux.
(Score: 0) by Anonymous Coward on Thursday April 05, @08:40PM
Screen capture and paste. But does this give away what processor you are using?
(Score: 2) by tangomargarine on Thursday April 05, @08:51PM
Good grief, these links...first Medium.com, ew, and then this Zach Aysan guy has huge white stripes on the sides and like 22-point font. What the heck is the deal with blogs these days?
P.S: posting the example sentences into emacs works like a charm
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 3, Informative) by FakeBeldin on Thursday April 05, @09:02PM (2 children)
at BleepingComputers [bleepingcomputer.com]*, the article focused more on the potential to use this to identify whistle blowers.
The way this could work: there are at least two zero-width Unicode characters. So one zero-width character represents a 1, the other a 0. Hence, it's easy to encode any string as a sequence of zero-width characters, which can then be embedded into the document. To identify who leaked a classified file, the idea is to use this method to embed the username of the user who opened the document.
While on the one hand it is a cool way to watermark text documents (including plain text), on the other hand, the idea of "let's prevent whistle blowing" sounds less savory. Hence a plugin was created that changes zero-width characters to random emoji.
* feel free to add bleepingcomputer to the list of sites scraped by our faithful Arthur.
(Score: 2) by nobu_the_bard on Thursday April 05, @09:15PM (1 child)
Not all leaks are whistleblowers, though.
(Score: 0) by Anonymous Coward on Thursday April 05, @09:28PM
A person may take offense at perfectly legal behavior, leak, and think himself a whistleblower. Suppose you are in the Marines, and you find out that you're about to attack an enemy camp. Oh, that is killing! So you reveal the plans to the world and call yourself a whistleblower. Um, no.
Another person may be, in part, a whistleblower, but that is insignificant. For example, suppose the NSA is misbehaving, and so you indiscriminately leak out all the NSA documents you can get your hands on. To then claim to be a whistleblower is pretty damn dishonest.
(Score: 2) by bob_super on Thursday April 05, @09:31PM
Easy: Use monospace font like Arik
Problem: people know it's Arik
(no, nobody wants that much work, just to frame Arik)