Bonum Certa Men Certa

EPO Whistleblowing: How (Not) to Use Machines at the Office

Control Risks and EPOSummary: What Control Risks and the EPO's management probably hope staff won't know and therefore, potentially, self-incriminate

STAFF of the EPO, as we noted here a few days ago, no longer trusts phones at the Office, but what about the PCs and the printers? Thankfully, having inquired for a while, we have been able to gather some information and now is a good time to share it, for the safety of EPO workers who are under the vigilant eyes of Team Battistelli and unaccountable goons like Control Risks.



"Anyone who uses an EPO computer to do anything at all is in danger," one reader told us.

“It is thus imperative that any file which is published isn't 100% identical to the original, even if it was widely distributed internally in the first place.”
      --Anonymous
"It is pretty much established that ALL user computers at the EPO are equipped with key logging software," said an anonymous person. This is apparently well understood by now. No wonder the atmosphere at work is so depressing. There have been studies conducted which explain the effect of never having any privacy, let alone a sense of privacy.

"I obviously couldn't study the currently installed machines myself," one reader told us, "but I trust my sources on this. The amount of data transmitted and stored is trivial, and putting myself in the skin of a spy, I would suppose that the logging includes the list of opened windows with the ID of the one in focus, with occasional screen captures. That's fairly easy to implement."

As some people put it, Windows is almost designed and even optimised for spying. There are many surveillance add-ons sold for it, and Vista 10 is spyware out of the box (for Microsoft to spy on every keypress and much more).

“There are commercial programs offered on the market that monitor and log any data traffic to and from attached USB ports.”
      --Anonymous
"Using hooks in the file system," a reader of ours hypothesised, "you could also check whether someone uploads a file in Chrome or Firefox for transmission, e.g. in a webmail window, so you don't even need to doctor and compromise the browsers.

"It would also be easy to scan EPO computers for an identical copy of any file which shows up on the Internet. Someone who would want to leak a document would have to store it on his/her local drive first, and that leaves traces. This wouldn't require excessive resources if you work with file signatures computed hash functions.

"It is thus imperative that any file which is published isn't 100% identical to the original, even if it was widely distributed internally in the first place."

Obviously it would be unwise to use a computer at work for subversive activities in the first place. It's safer to do so from home or some open network.

"I often work with bitmap conversions," a person once advised us, "which strips all original metadata and of any stuff which could be easily hidden in PDFs. The Adobe format is ugly and complex, and provides PLENTY of opportunities for introducing side channels, e.g. orphan objects, extra entries in character coding vectors, or even the ordering of objects within a page, which PDF linearization wouldn't defeat. Technically, you could still watermark a document using character kerning, which is harder to defeat with bitmap transformation, but this would require an infrastructure just for that, and that would require RATHER smart operators."

“One can only send a document to one's own e-mail address these days.”
      --Anonymous
Going back to the point about Windows, especially recent versions of it, it's probably not wise to use it because spying is often done by numerous parties (including Microsoft) at the same time. Personal data is later being passed around or even sold.

One reader reminds us: "There are commercial programs offered on the market that monitor and log any data traffic to and from attached USB ports. It would be slightly safer to obfuscate a file before saving it to an USB stick, but there are still traces. I know of places who use these, but I don't know if the EPO is among them. By the way, our beloved NSA files patents for "butt plugs" for insertion into USB ports."

Just to complete the picture, someone told us that if people use the machines at the Office, then "Xerox" may appear in the document producer metadata and "chances are," in such a case, "that the document was scanned on these high performance network printers which are widely used at the EPO. These used to be in open access, but current models require the user to present his ID badge in order to access the scan menu. One can only send a document to one's own e-mail address these days."

Our sources believe that computer keyboards are equipped with smart card readers, but we don't know whether the smart card must be left inserted in order to work. In any case, the screen lock delay is quite short, so one can hardly use the excuse "someone must have entered my office when I went out to take a leak".

Any public file produced by the Register or Espacenet is generated on the fly from internal bitmap images and contains metadata which could betray the IP of the requester, so sources would want to cleanse these too.

At Techrights we use various methods to eliminate or at least significantly reduce the risk of sources being found through metadata. Nevertheless, if during transmission there is identifying information and if Control Risks can observe the session, then there is risk of useful interception. We previously provided information on how to securely send data to us. Some of the above observations hopefully increase awareness of the traps and the weaknesses that are EPO-specific.

Recent Techrights' Posts

In Malawi, Windows Down to 10%, GNU/Linux Growing
it's not a small country
[Meme] Featuritis
Newer is not always better
Ireland Last to Report Election Results
Daniel Pocock's involvement in Australian politics goes back to his university days
Never Sleeps, Never Slumbers
We're going to try to improve not just in quantity but also in quality
EPO Has Gotten So Bad That Workers Need to Ask to be Allocated a Desk (at Work)
Wow!!!! An “allocated workplace”!!
 
The Corruption of Open Source Initiative (OSI), a Front Group of Microsoft and GAFAM, Openwashing Proprietary Things and Even Plagiarism, GPL Violations
Stefano Maffulli (and Microsoft's staff that works with him) basically profits from anti-FOSS
"AI" Tech Bubble
How much "hype quotient" does this whole "hey hi" (AI) thing have left in it?
Links 13/06/2024: Science, Politics, and Gemini
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, June 12, 2024
IRC logs for Wednesday, June 12, 2024
Gemini Links 12/06/2024: The Rodent Revolution and Adding Twisty Puzzles
Links for the day
Links 12/06/2024: Ukraine War Updates and Many Patents Being Subjected to Squashing Bounties
Links for the day
[Meme] The Purpose of Life is to Find a Desk
dogs have desks
Tux Machines Parties Going Well Do Far
Cross-posted from Tux Machines
In Many Countries, Both Large and Small, Vista 11 is Losing Market Share (Despite New PCs Coming Preloaded With It)
One need not even consider large nations in isolation
By "Going Public" the Raspberry Pi Ensures It'll No Longer Serve the Public
It'll be owned and controlled by whatever people wish to control it
Dave Wreski Also Plays the Bot Game (Chatbot) at LinuxSecurity to Fake 'Articles' About "Linux"
How much longer can they fool search engines (SEO) and readers?
[Meme] Indisputable Success
MICROSOFT buys shares of MICROSOFT
Links 12/06/2024: 'Hey Hi' (AI) Bubble Imploding Already, Danish Media Threatens to Sue OpenAI
Links for the day
Links 11/06/2024: Floods in Germany and Brazil, Political Violence
Links for the day
Gemini Links 12/06/2024: Sketching Plants, OpenBSD Pubnix
Links for the day
"2025 the year of Linux on the Desktop"
Charlie Stross quote
In Bahrain, Historically Low on GNU/Linux Adoption, Things Change for the Better
They have some people who understand Free software
Daniel Pocock Received Twice as Many Votes as Andreas Tille (Debian Project Leader After 2024 Election)
From the media yesterday...
Debian is Built by Hundreds of Volunteers and 524 Irish People Voted for Daniel Pocock
524 in that area went to the polling station to vote Daniel Pocock (Ind)
[Meme] RMS is 'Too Old', Says Company Run by a Person 5 Years His Junior (Ginni Rometty) and 10 Years His Junior (Arvind Krishna)
Never again?
[Meme] Women in Computer Science
Grace Hopper, Ada Lovelace etc.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 11, 2024
IRC logs for Tuesday, June 11, 2024
Togo: GNU/Linux Growing Fast This Year, Now Measured at 6%
Sending Bill Gates with a suitcase to bribe African officials isn't enough anymore
Free Software Projects Need to Chase Away Men Who Attack Women Rather Than The Women Who Complain
A just society holds people accountable rather than covers up such blunders
Improving the Image of Women in Free Software by Hiring and Promoting the Proficient Ones
Million's shaman background isn't the problem, or even the superstitious ghost-chasing. The problem is that she has absolutely no background in Free software.
They Say Cash is King
People who value their freedom will pay with cash any time they can
'Team Microsoft' Wants to Leverage Our Popularity as a Weapon Against Us
In the past 2 days we published 64 articles and served over a million HTTP/S requests
[Meme] Microsoft Has Enough of Its Own Problems (Layoffs Abundant), It Won't Rescue IBM or Canonical
"It's OK, we're partners"
Know Your Allies, Know Your Enemies
The answer to censorship attempts is more speech, not less speech
Debian is Back to Taking Money From Microsoft, the Company That's Attacking Linux From the Inside
If Debian fails to understand what's wrong with it, that's a problem
Ghana: Windows Down From 97% to Just 15%
The doors are closing on Windows
Links 11/06/2024: Practice of Retaliatory Layoffs at Microsoft
Links for the day
Gemini Links 11/06/2024: GMID 2.0.5 and More
Links for the day
The United States Will Cut Off or Cull Firefox
It is only a matter of time
[Meme] Firefox Is Not an Alternative to Google, Only to Chrome (and It Has Become Proprietary or OSPS Like Chromium)
The illusion of remaining "choice" on the Web
No, the World Wide Web Isn't Open (and Hasn't Been for Years)
It's proprietary all the way now
The War on Free Software Reporters - Part VII - Groupthink, Censorship Demands, and Ultimatums
There's a lot of groupthink in the Free software community
Microsoft Told Us That LLMs Were a Boon for Azure and 'Clown Computing', But the Thousands of Layoffs This Month Prove That It Was a Lie All Along
Azure is collapsing
Why We Post Statistics About the Usage of Operating Systems Worldwide
We're hoping to see GNU/Linux at over 10% (on desktops/laptops) some time in the coming years
Winning Defamation Cases is Incredibly Difficult (for Plaintiffs), Even in the United States and the United Kingdom
SLAPP should always backfire
In Kuwait, Microsoft's Windows Fell From 97% to Just 15%
According to statCounter
GNU/Linux in Philippines Climbs to New Levels
This is an all-time high
Links 11/06/2024: Windows Outcry and Climate News
Links for the day
Tux Machines Was Always a Women-Run Site (the Real Voices of GNU/Linux, Not Political Props in Corporate Events)
Corporate "diversity" is more of a marketing/PR gimmick than real, genuine diversity
Macao: GNU/Linux Desktop/Laptop Operating System Market Share Rising Close to 7%
GNU/Linux Rises to Record High in Macao
FSF is Now 50% Female, Unlike Red Hat (Which Moaned About Lack of "Diversity" at FSF)
Isn't the hypocrisy just astounding?
Since COVID-19 Lockdowns Windows Fell From Almost 50% to Just 10% in Loas
According to statCounter
[Meme] Quantity Says Nothing About Worth, Value, or Quality
People will generally gravitate towards things of quality and reputation
Microsoft's Windows in Gabon: From 20% 'Market Share' Down to Around 10% in a Few Months
Gabon is not a small country
Meanwhile at canonical.com
Canonical knows exactly what Ubuntu users want
[Meme] Microsoft (and the NSA) Will Never Forget
The user trying to permanently disable 'recall'
Windows Falls Below 20% in United Arab Emirates This Month
According to statCounter
"Windows 11's Recall AI, known to take snapshots and recordings of user computers regularly, including key presses, was discovered to store all its information in an unencrypted local folder."
"You can copy the data from another user's "recall" folder as another user."
Fedora Week of Diversity (FWD) 2024 Outsourced to Proprietary Spyware of GAFAM
Need to use proprietary software to participate
IRC Proceedings: Monday, June 10, 2024
IRC logs for Monday, June 10, 2024
Over at Tux Machines...
GNU/Linux news for the past day
[Meme] Clown Computing is Better For...
Clown: they said clown computing enhances security
One in a Thousand Voters Chose to Vote Daniel Pocock (as First Preference)
He got about 4 times more votes than what had him win FSFE elections
Daniel Pocock on Good Performance in His EU Election Campaign: Thanking the voters of Midlands-North-West, Ireland
Reprinted with permission from Daniel Pocock
The 'IT Industry' is Already in Ruins
The "powers that be" do not want the "hoi polloi" to possess skills and systems
Microsoft's Windows is Sliding Away Into Minority Platform Territories, Even in Rich Countries With Affluent Computer Users
We seem to be striking a nerve at Microsoft every time we say this
Self-Hosting Should be Taught and Embraced, Outsourcing Creates More Problems (or Risks) Than It Solves
One can control one's destiny...