Bonum Certa Men Certa

EPO Whistleblowing: How (Not) to Use Machines at the Office

Control Risks and EPOSummary: What Control Risks and the EPO's management probably hope staff won't know and therefore, potentially, self-incriminate

STAFF of the EPO, as we noted here a few days ago, no longer trusts phones at the Office, but what about the PCs and the printers? Thankfully, having inquired for a while, we have been able to gather some information and now is a good time to share it, for the safety of EPO workers who are under the vigilant eyes of Team Battistelli and unaccountable goons like Control Risks.



"Anyone who uses an EPO computer to do anything at all is in danger," one reader told us.

“It is thus imperative that any file which is published isn't 100% identical to the original, even if it was widely distributed internally in the first place.”
      --Anonymous
"It is pretty much established that ALL user computers at the EPO are equipped with key logging software," said an anonymous person. This is apparently well understood by now. No wonder the atmosphere at work is so depressing. There have been studies conducted which explain the effect of never having any privacy, let alone a sense of privacy.

"I obviously couldn't study the currently installed machines myself," one reader told us, "but I trust my sources on this. The amount of data transmitted and stored is trivial, and putting myself in the skin of a spy, I would suppose that the logging includes the list of opened windows with the ID of the one in focus, with occasional screen captures. That's fairly easy to implement."

As some people put it, Windows is almost designed and even optimised for spying. There are many surveillance add-ons sold for it, and Vista 10 is spyware out of the box (for Microsoft to spy on every keypress and much more).

“There are commercial programs offered on the market that monitor and log any data traffic to and from attached USB ports.”
      --Anonymous
"Using hooks in the file system," a reader of ours hypothesised, "you could also check whether someone uploads a file in Chrome or Firefox for transmission, e.g. in a webmail window, so you don't even need to doctor and compromise the browsers.

"It would also be easy to scan EPO computers for an identical copy of any file which shows up on the Internet. Someone who would want to leak a document would have to store it on his/her local drive first, and that leaves traces. This wouldn't require excessive resources if you work with file signatures computed hash functions.

"It is thus imperative that any file which is published isn't 100% identical to the original, even if it was widely distributed internally in the first place."

Obviously it would be unwise to use a computer at work for subversive activities in the first place. It's safer to do so from home or some open network.

"I often work with bitmap conversions," a person once advised us, "which strips all original metadata and of any stuff which could be easily hidden in PDFs. The Adobe format is ugly and complex, and provides PLENTY of opportunities for introducing side channels, e.g. orphan objects, extra entries in character coding vectors, or even the ordering of objects within a page, which PDF linearization wouldn't defeat. Technically, you could still watermark a document using character kerning, which is harder to defeat with bitmap transformation, but this would require an infrastructure just for that, and that would require RATHER smart operators."

“One can only send a document to one's own e-mail address these days.”
      --Anonymous
Going back to the point about Windows, especially recent versions of it, it's probably not wise to use it because spying is often done by numerous parties (including Microsoft) at the same time. Personal data is later being passed around or even sold.

One reader reminds us: "There are commercial programs offered on the market that monitor and log any data traffic to and from attached USB ports. It would be slightly safer to obfuscate a file before saving it to an USB stick, but there are still traces. I know of places who use these, but I don't know if the EPO is among them. By the way, our beloved NSA files patents for "butt plugs" for insertion into USB ports."

Just to complete the picture, someone told us that if people use the machines at the Office, then "Xerox" may appear in the document producer metadata and "chances are," in such a case, "that the document was scanned on these high performance network printers which are widely used at the EPO. These used to be in open access, but current models require the user to present his ID badge in order to access the scan menu. One can only send a document to one's own e-mail address these days."

Our sources believe that computer keyboards are equipped with smart card readers, but we don't know whether the smart card must be left inserted in order to work. In any case, the screen lock delay is quite short, so one can hardly use the excuse "someone must have entered my office when I went out to take a leak".

Any public file produced by the Register or Espacenet is generated on the fly from internal bitmap images and contains metadata which could betray the IP of the requester, so sources would want to cleanse these too.

At Techrights we use various methods to eliminate or at least significantly reduce the risk of sources being found through metadata. Nevertheless, if during transmission there is identifying information and if Control Risks can observe the session, then there is risk of useful interception. We previously provided information on how to securely send data to us. Some of the above observations hopefully increase awareness of the traps and the weaknesses that are EPO-specific.

Recent Techrights' Posts

Rust People: Drain the Swap, You're Holding It Wrong
Does Rust make sense?
Slopwatch: LinuxSecurity, linuxconfig.org, and Plagiarised Phoronix
Many articles out there are nowadays fake
European Patent Office Illegally Gutting and Outsourcing Its Functions, Acting Like an Above-the-Law Commercial Business (It Won't Stop at Formalities Officers (FOs) and Classification Slop at the EPO)
breaking/violating laws and conventions
Links 19/09/2025: Lobbyist of American GAFAM Becomes Data Protection Commissioner in Europe
Links for the day
 
Links 20/09/2025: Retrocomputer, Antique Phone Experience, and More
Links for the day
Links 20/09/2025: Internet Shutdowns, Media Censorship, and Climate Worries
Links for the day
About 700 New Gemini Capsules in 13 Months (or 54 Per Month)
4.8K would represent a 20% increase
Techrights the Name Turns 15
About 6 weeks from now we turn 19
Microsoft is Running Out of Time and Floating Fake Figures, Fake Projects, Fake Narratives, Fake Excuses
Also, a lot of Microsoft's "revenue" claims are circular financing (i.e. Microsoft buying from itself, which means Ponzi-like fraud)
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, September 19, 2025
IRC logs for Friday, September 19, 2025
Gemini Links 20/09/2025: Navigating the Pressures of Modern Life and SpellBinding Accidentally Wrote Another Gemini Server
Links for the day
Links 19/09/2025: Press Freedom Dying in US, Anti-Austerity Strikes in France, and Alan Rusbridger to Leave 'Prospect'
Links for the day
Offloading to the Sister Site
In the interest of not overwhelming readers
Links 19/09/2025: Coffee Club and "SpellBinding is Now Absurdly Fast"
Links for the day
Links 19/09/2025: Media Freedom Ceases to Exist in US, "Consider Dropping Twitter/X"
Links for the day
Gemini Links 19/09/2025: Thinking and Insect Bites
Links for the day
Microsoft E.E.E.: Git Will Now (or Very Soon) Fully Depend on Rust, Which is Controlled by Microsoft
Microsoft now makes Git dependent on Rust, or making Git dependent on GitHub, which is proprietary
The Right to Punch People (Apparently)
At Brett Wilson, Brett's job title is "Head of Crime" and Wilson normalises calls for violence
Slop or Fake Articles Have Turned Linux Journal From a Pioneering/Trailblazing "Linux" Magazine Into a Nuisance
some sites with former reputation - good reputation - turn into cesspools
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, September 18, 2025
IRC logs for Thursday, September 18, 2025
Brett Wilson LLP Seem to Have Had Only One Litigation Client in 2025, He Was Previously Charged, Just Like the Serial Strangler From Microsoft (Whom They Now Represent)
Karma is superstition, regulators are not
Project 2030 to Cover How "Project 2025"-Styled Anti-Media Zealots From America Targeted Techrights and Tux Machines
The common denominator is also their attacks on women
Brett Wilson LLP Failed to Meet Deadlines Set by Judge 7 Months Earlier, Tried to Ruin Our Holiday, Then Had the Audacity to Ask Us for Over 3,000 Pounds for Its Own Lateness
As a matter of principle we will never respond to assassin while we are on holiday
On Claims That After Bluewashing Red Hat Will Increasingly Become an Indian Company
Discussed this week (long and detailed)
Americans Attacking British Sites Only Months After They Leave America
We find it kind of funny if not ironic that this site, originally an American site, got legal harassment only from Americans and only months after it had moved to the UK
Despite Losing Over a Quarter Million Dollars a Year Software in the Public Interest (SPI) Gives Helping Hand to Libreboot
SPI's financial state depends a lot on its public image or its reputation
Slopwatch: Google Helps Plagiarism and Sends Traffic to Ripoff Artists
That Google as a company helps spamfarms is noteworthy
If You Want to Know the Future, Listen to the Free Software Foundation (FSF) and Andy Farnell
We're sure the FSF will have plenty of its own output
Links 18/09/2025: A Taliban Ban on Internet Access and Troubled US Job Market
Links for the day
Gemini Links 18/09/2025: Computer Literacy and Accessing Alhena's Database
Links for the day
Links 18/09/2025: US War on Media (Truth Banned, Cancel Culture by the Hard Right), NYT Chief Executive Warns Cheeto is Deploying ‘Anti-press Playbook'
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, September 17, 2025
IRC logs for Wednesday, September 17, 2025