This article shows a couple of interesting zero-width characters techniques for the invisible fingeprinting of text.
In early 2016 I realized that it was possible to use zero-width characters, like zero-width non-joiner or other zero-width characters like the zero-width space to fingerprint text. Even with just a single type of zero-width character the presence or non-presence of the non-visible character is enough bits to fingerprint even the shortest text.
I also realized that it is possible to use homoglyph substitution (e.g., replacing the letter “a” with its Cyrillic counterpart, “а”), but I dismissed this as too easy to detect due to the differences in character rendering across fonts and systems. However, differences in dashes (en, em, and hyphens), quotes (straight vs curly), word spelling (color vs colour), and the number of spaces after sentence endings could probably go undetected due to their frequent use in real text.
The reason I’m writing about this now is that it appears both homoglyph substitution and zero-width fingerprintinghave been discovered by others, so journalists should be informed of the existence of these techniques.
World Wide Web Consortium (W3C) has recently voted in favor the DRM standard. Electronic Frontier Foundation (EFF) has been fighting against it, now lost, and resigned from the W3C. Read more:
It is a tragedy that we will be doing that without our friends at the W3C, and with the world believing that the pioneers and creators of the web no longer care about these matters.
Effective today, EFF is resigning from the W3C.
Advisory Committee Representative to the W3C for the Electronic Frontier Foundation
Wow! This is big. And bad. Like breaking bad.
DRM will die one day. But it looks like it will take a few more years, court cases, and such to help it go into the ground. We could haven spent all this effort on something much more useful and productive.
AbuseIO is an Open Source software for management of abuse reports. It’s like a specialized ticketing/support system, which can automatically parse a variety of abuse notifications, file them, notify the team, and provide the tools to respond and close the incident. In a nutshell:
- 100% Free & Open Source
- Works with IPv4 and IPv6 addresses
- Automatically parse events into abuse tickets and add a classification
- Integrate with existing IPAM systems
- Set automatic (re)notifications per case or customer with configurable intervals
- Allow abuse desks and end users to reply, close or add notes to cases
- Link end users to a self help portal in case they need help to resolve the issue
If that sounds interesting, have a look at the Features page. You might also want to read the blog post covering a last year’s release of AbuseIO version 4.0.
The system is written in PHP, with Laravel framework, so making changes and adding features should be quite easy.
Digital Millennium Copyright Act (DMCA) has caused a lot of grief over the years. AutoBlog reports that now car manufacturers are trying to use it to stop people from repairing and tuning their cars:
Allowing them to continue to fix their cars has become “legally problematic,” according to a written statement from the Auto Alliance, the main lobbying arm of automakers.
The dispute arises from a section of the Digital Millennium Copyright Act that no one thought could apply to vehicles when it was signed into law in 1998. But now, in an era where cars are rolling computing platforms, the U.S. Copyright Office is examining whether provisions of the law that protect intellectual property should prohibit people from modifying and tuning their cars.
Ridiculous, is the word that describes this best, I think.