Bonum Certa Men Certa

EPO Whistleblowing: How (Not) to Use Machines at the Office

Control Risks and EPOSummary: What Control Risks and the EPO's management probably hope staff won't know and therefore, potentially, self-incriminate

STAFF of the EPO, as we noted here a few days ago, no longer trusts phones at the Office, but what about the PCs and the printers? Thankfully, having inquired for a while, we have been able to gather some information and now is a good time to share it, for the safety of EPO workers who are under the vigilant eyes of Team Battistelli and unaccountable goons like Control Risks.



"Anyone who uses an EPO computer to do anything at all is in danger," one reader told us.

“It is thus imperative that any file which is published isn't 100% identical to the original, even if it was widely distributed internally in the first place.”
      --Anonymous
"It is pretty much established that ALL user computers at the EPO are equipped with key logging software," said an anonymous person. This is apparently well understood by now. No wonder the atmosphere at work is so depressing. There have been studies conducted which explain the effect of never having any privacy, let alone a sense of privacy.

"I obviously couldn't study the currently installed machines myself," one reader told us, "but I trust my sources on this. The amount of data transmitted and stored is trivial, and putting myself in the skin of a spy, I would suppose that the logging includes the list of opened windows with the ID of the one in focus, with occasional screen captures. That's fairly easy to implement."

As some people put it, Windows is almost designed and even optimised for spying. There are many surveillance add-ons sold for it, and Vista 10 is spyware out of the box (for Microsoft to spy on every keypress and much more).

“There are commercial programs offered on the market that monitor and log any data traffic to and from attached USB ports.”
      --Anonymous
"Using hooks in the file system," a reader of ours hypothesised, "you could also check whether someone uploads a file in Chrome or Firefox for transmission, e.g. in a webmail window, so you don't even need to doctor and compromise the browsers.

"It would also be easy to scan EPO computers for an identical copy of any file which shows up on the Internet. Someone who would want to leak a document would have to store it on his/her local drive first, and that leaves traces. This wouldn't require excessive resources if you work with file signatures computed hash functions.

"It is thus imperative that any file which is published isn't 100% identical to the original, even if it was widely distributed internally in the first place."

Obviously it would be unwise to use a computer at work for subversive activities in the first place. It's safer to do so from home or some open network.

"I often work with bitmap conversions," a person once advised us, "which strips all original metadata and of any stuff which could be easily hidden in PDFs. The Adobe format is ugly and complex, and provides PLENTY of opportunities for introducing side channels, e.g. orphan objects, extra entries in character coding vectors, or even the ordering of objects within a page, which PDF linearization wouldn't defeat. Technically, you could still watermark a document using character kerning, which is harder to defeat with bitmap transformation, but this would require an infrastructure just for that, and that would require RATHER smart operators."

“One can only send a document to one's own e-mail address these days.”
      --Anonymous
Going back to the point about Windows, especially recent versions of it, it's probably not wise to use it because spying is often done by numerous parties (including Microsoft) at the same time. Personal data is later being passed around or even sold.

One reader reminds us: "There are commercial programs offered on the market that monitor and log any data traffic to and from attached USB ports. It would be slightly safer to obfuscate a file before saving it to an USB stick, but there are still traces. I know of places who use these, but I don't know if the EPO is among them. By the way, our beloved NSA files patents for "butt plugs" for insertion into USB ports."

Just to complete the picture, someone told us that if people use the machines at the Office, then "Xerox" may appear in the document producer metadata and "chances are," in such a case, "that the document was scanned on these high performance network printers which are widely used at the EPO. These used to be in open access, but current models require the user to present his ID badge in order to access the scan menu. One can only send a document to one's own e-mail address these days."

Our sources believe that computer keyboards are equipped with smart card readers, but we don't know whether the smart card must be left inserted in order to work. In any case, the screen lock delay is quite short, so one can hardly use the excuse "someone must have entered my office when I went out to take a leak".

Any public file produced by the Register or Espacenet is generated on the fly from internal bitmap images and contains metadata which could betray the IP of the requester, so sources would want to cleanse these too.

At Techrights we use various methods to eliminate or at least significantly reduce the risk of sources being found through metadata. Nevertheless, if during transmission there is identifying information and if Control Risks can observe the session, then there is risk of useful interception. We previously provided information on how to securely send data to us. Some of the above observations hopefully increase awareness of the traps and the weaknesses that are EPO-specific.

Recent Techrights' Posts

Microsoft Shares Collapse Again (Down $101), Fifth Round of Microsoft Mass Layoffs in Less Than 100 Days in 2025
disaster
Windows Has Fallen to All-Time Lows in Switzerland Since GNU Celebrated 40th Anniversary (GNU’s 40th Birthday in Biel, Switzerland)
GNU/Linux has been doing well in Switzerland
One Person's Take on Jef Spaleta, the New Fedora Project Leader
"With a little searching, I wonder what else may be found regarding Microsoft."
 
Links 07/04/2025: More Cuts to Science Funding, Snail-speed Internet in Germany
Links for the day
Gemini Links 07/04/2025: Leasehold and Safe Gifts
Links for the day
In Some Countries, Laptops and Desktops Become a Dying Breed (Even Before Tariffs), Windows Has Nowhere to Go
expect more GNU/Linux on new and existing laptops
When the Credibility or 'Quality' of Clients Ceases to Matter, It's About Helping Rich Companies Like Microsoft Censor Critics (No Matter the Risks)
Bad ideas typically result in undesirable outcomes
UAE: GNU/Linux and Android at Record Levels, Windows at New Lows and Falling Below Apple
Even iOS is measured as bigger than Windows this month
Links 07/04/2025: Reddit Occupied (Social Control Media Controlled by Oligarchy), Demise of Globalisation Ongoing
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, April 06, 2025
IRC logs for Sunday, April 06, 2025
Links 07/04/2025: Leaving Gemini/smolweb and Mastodon Migrations
Links for the day
In Iraq, Windows 3.1 (Percent)
There's also zero
Links 06/04/2025: Flood, Cool Gemini Capsule, and Long Form
Links for the day
Links 06/04/2025: Science, Politics, and Pricier Goods
Links for the day
LLM Slop Has Virtually Killed unixmen.com and Many Other Sites
There's no longer any incentive to write real articles in there
Sharp Declines for Microsoft Windows in Bangladesh (Pop. ~175,000,000), Big Gains for GNU/Linux
Microsoft Windows has been having a really hard time in poor countries
Links 06/04/2025: Fake Reviews, Privatisation Heists, and "AI" as Smokescreen for Impoverishing Humans
Links for the day
Taking a Moral Stand Against Strategic Lawsuits Against Public Participation (SLAPPs) and the Worst Offenders/Facilitators
Any other stance would sidle with moral depravity or moral hazard
Links 06/04/2025: Many New Acts of Repression and Elements of Financial Depression
Links for the day
In Qatar GNU/Linux Rose From Under 1% to Over 4% in Two Years (or Over 5% If Counting ChromeOS)
It's a big improvement compared to what we saw last year
LLM Scrapers Are a Nuisance, But They're Also a Reminder It's Time to Make Your Site Static
Perhaps the best protection is the ability to endure surges
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, April 05, 2025
IRC logs for Saturday, April 05, 2025
Links 06/04/2025: Attacks on Education, Fake Patents, and Fake (Illegal) Patent Courts
Links for the day
France: Apple and Microsoft Down, GNU/Linux Up to New Record Levels
How will tariffs against France impact things in the coming months?
Open Source Initiative (OSI) Privacy Fiasco in Detail: What Was Reported to the California Privacy Protection Agency (CPPA)
We hope to finish this whole lot within a week, then move on to election, lobbying etc.
Links 05/04/2025: Tariffs Backfiring, YouTuber Arrested, X/Twitter Set to be Fined
Links for the day
Gemini Links 05/04/2025: Offline is For Everyone, Copyright Colonialism, and More
Links for the day
Links 05/04/2025: TikTok Unsold (Still), Royal Society is Dead
Links for the day
Techrights Will Spend the Next Few Years Writing a Lot About Strategic Lawsuits Against Public Participation (SLAPPs)
It's a growing problem
The State of EPO Staff's Health in Rijswijk or The Hague
We're going to cover the EPO some more later in the month
NVIDIA Corp Lost 36% of Its "Value" Since Cheeto Inauguration, But "Gen Hey Hi" (GenAI) is Totally Not a Bubble
Selling loads of unneeded hardware based on hysterical hype; like selling shovels during a Gold Rush
GNU/Linux Growing in East Asia, Windows by Default No More?
GNU/Linux is now on the shelf
Slopwatch: Anti-Linux 'Articles' From Linux-Hostile LLMs
It is almost always negative things and nobody can be held responsible for it except the charlatans prompting the LLMs
Links 05/04/2025: Fentanylware (TikTok) "Sale Looks Highly Imminent" (US), Stock Market Drowning in Panic
Links for the day
Gemini Links 05/04/2025: Moving Plants, No to Smartwatches, RAID Hygiene
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, April 04, 2025
IRC logs for Friday, April 04, 2025