12.26.15

EPO Whistleblowing: How (Not) to Use Machines at the Office

Posted in Europe, Patents at 8:11 pm by Dr. Roy Schestowitz

Control Risks and EPOSummary: What Control Risks and the EPO’s management probably hope staff won’t know and therefore, potentially, self-incriminate

STAFF of the EPO, as we noted here a few days ago, no longer trusts phones at the Office, but what about the PCs and the printers? Thankfully, having inquired for a while, we have been able to gather some information and now is a good time to share it, for the safety of EPO workers who are under the vigilant eyes of Team Battistelli and unaccountable goons like Control Risks.

“Anyone who uses an EPO computer to do anything at all is in danger,” one reader told us.

“It is thus imperative that any file which is published isn’t 100% identical to the original, even if it was widely distributed internally in the first place.”
      –Anonymous
“It is pretty much established that ALL user computers at the EPO are equipped with key logging software,” said an anonymous person. This is apparently well understood by now. No wonder the atmosphere at work is so depressing. There have been studies conducted which explain the effect of never having any privacy, let alone a sense of privacy.

“I obviously couldn’t study the currently installed machines myself,” one reader told us, “but I trust my sources on this. The amount of data transmitted and stored is trivial, and putting myself in the skin of a spy, I would suppose that the logging includes the list of opened windows with the ID of the one in focus, with occasional screen captures. That’s fairly easy to implement.”

As some people put it, Windows is almost designed and even optimised for spying. There are many surveillance add-ons sold for it, and Vista 10 is spyware out of the box (for Microsoft to spy on every keypress and much more).

“There are commercial programs offered on the market that monitor and log any data traffic to and from attached USB ports.”
      –Anonymous
“Using hooks in the file system,” a reader of ours hypothesised, “you could also check whether someone uploads a file in Chrome or Firefox for transmission, e.g. in a webmail window, so you don’t even need to doctor and compromise the browsers.

“It would also be easy to scan EPO computers for an identical copy of any file which shows up on the Internet. Someone who would want to leak a document would have to store it on his/her local drive first, and that leaves traces. This wouldn’t require excessive resources if you work with file signatures computed hash functions.

“It is thus imperative that any file which is published isn’t 100% identical to the original, even if it was widely distributed internally in the first place.”

Obviously it would be unwise to use a computer at work for subversive activities in the first place. It’s safer to do so from home or some open network.

“I often work with bitmap conversions,” a person once advised us, “which strips all original metadata and of any stuff which could be easily hidden in PDFs. The Adobe format is ugly and complex, and provides PLENTY of opportunities for introducing side channels, e.g. orphan objects, extra entries in character coding vectors, or even the ordering of objects within a page, which PDF linearization wouldn’t defeat. Technically, you could still watermark a document using character kerning, which is harder to defeat with bitmap transformation, but this would require an infrastructure just for that, and that would require RATHER smart operators.”

“One can only send a document to one’s own e-mail address these days.”
      –Anonymous
Going back to the point about Windows, especially recent versions of it, it’s probably not wise to use it because spying is often done by numerous parties (including Microsoft) at the same time. Personal data is later being passed around or even sold.

One reader reminds us: “There are commercial programs offered on the market that monitor and log any data traffic to and from attached USB ports. It would be slightly safer to obfuscate a file before saving it to an USB stick, but there are still traces. I know of places who use these, but I don’t know if the EPO is among them. By the way, our beloved NSA files patents for “butt plugs” for insertion into USB ports.”

Just to complete the picture, someone told us that if people use the machines at the Office, then “Xerox” may appear in the document producer metadata and “chances are,” in such a case, “that the document was scanned on these high performance network printers which are widely used at the EPO. These used to be in open access, but current models require the user to present his ID badge in order to access the scan menu. One can only send a document to one’s own e-mail address these days.”

Our sources believe that computer keyboards are equipped with smart card readers, but we don’t know whether the smart card must be left inserted in order to work. In any case, the screen lock delay is quite short, so one can hardly use the excuse “someone must have entered my office when I went out to take a leak”.

Any public file produced by the Register or Espacenet is generated on the fly from internal bitmap images and contains metadata which could betray the IP of the requester, so sources would want to cleanse these too.

At Techrights we use various methods to eliminate or at least significantly reduce the risk of sources being found through metadata. Nevertheless, if during transmission there is identifying information and if Control Risks can observe the session, then there is risk of useful interception. We previously provided information on how to securely send data to us. Some of the above observations hopefully increase awareness of the traps and the weaknesses that are EPO-specific.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2015/12/26/epo-whistleblowing/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Destroying Freenode Was Not the Objective, But That's Just What Happened

    Killing Freenode was certainly not what Andrew Lee wanted, but Lee will be remembered as the person whose takeover basically led to the end of Freenode; it's in disarray



  2. GNU/Linux Users, Developers and Advocates Being Painted as Unruly and Rude by Corporate Media Looking to Undermine Software Freedom

    Corporate media, funded by companies that nonchalantly oppress people, would have us believe there's something wrong with people who reject corporate masters in their computing; reality, however, suggests that it is a wholly false narrative induced or cemented by endless repetition, so this framing ought to be rejected outright



  3. IRC Proceedings: Tuesday, August 03, 2021

    IRC logs for Tuesday, August 03, 2021



  4. The Free Software Community Needs Solidarity and Stronger Resistance Against Corporate Oligopolies With Their Overlapping Interests

    Linus Torvalds and Richard Stallman (RMS) do not have to be idolised ("cult of personalities") but they definitely need to be defended from a longstanding and ongoing corporate coup, which the corporations seek to justify using nicer-sounding terms like "security" (that's how they justify added complexity such as Rust) or "safe space" (they're collectively insulting the community as if only employees of monopolies can help combat bigotry)



  5. Links 4/8/2021: More IBM Downtimes and Firefox Losing Many Users

    Links for the day



  6. Links 3/8/2021: DeaDBeeF 1.8.8, CrossOver 21, AMD and Valve Hook Up for GNU/Linux Work

    Links for the day



  7. Links 3/8/2021: LibreOffice Autoupdater and Vulkan in X-Plane

    Links for the day



  8. How the News About 'Linux' Gets Manipulated to Spread FUD and Promote the Competition of GNU/Linux

    We quickly examine the sorts of news one gets from Google 'News' when searching for “Linux” and we conclude that real news is occluded or missing



  9. The EPO is Europe's Largest Scale Scam (by Far the Largest)

    In another fine instance of deja vu, the biggest scammers are warning everybody else about lesser “scammers”; one might be tempted to call this “projection tactics” or deflection (staring at the mirror) which helps churn/flood the "news" section with tons of recycled old fluff (they could certainly use a distraction right now)



  10. Links 3/8/2021: Raspberry Pi ‘WeatherClock’ and IPFire 2.27 - Core Update 159

    Links for the day



  11. IBM's Attack on the Community and on GPL/FSF is an Attack on Red Hat's Greatest Asset

    Ever since IBM bought Red Hat it has repeatedly attacked the FSF (in a malicious and personified fashion), looking for its own ‘copyright grab’ whilst outsourcing loads of code to proprietary software monopolisers who attack the GPL; by doing so, IBM is destroying the value of what it paid more than 30 billion dollars for (IBM is governed by pretentious fools, according to IBM insiders; they’ve already lost Red Hat’s longtime CEO and IBM’s new President), so it’s falling back on openwashing of IBM's proprietary software with help from the so-called ‘Linux’ Foundation



  12. Four Weeks of Non-Compliance: EPO Only Accepts Courts That It Rigs and Controls

    Compliance is for suckers, believes the “Mafia” which runs the EPO; it is not even responding (for three weeks!) to letters from the victims who won the cases; this is bad for Europe's image and it sets a dangerous precedent



  13. Seven Eleven: 11 is to 10 What 7 Was to Vista

    Microsoft is, as usual, aggressively manipulating/bribing the media (hyping up a shallow version inflation along with paid-for vapourware advertising) while strong-arming the market; there’s no other way they can compete anymore



  14. IRC Proceedings: Monday, August 02, 2021

    IRC logs for Monday, August 02, 2021



  15. Links 3/8/2021: Nitrux 1.5.1 and Gerbera Media Server 1.9.0

    Links for the day



  16. Links 2/8/2021: XEyes 1.2 and Fwupd 1.6.2 Released

    Links for the day



  17. Freenode is IRC... in Collapse

    Freenode is now down to just 13,194 online users, which makes it the 6th biggest IRC network. Months ago it was #1 with almost 6 times as many users as those below it. The graph above shows what the latest blunder has done (another massive drop in less than a week, with a poem and the all-time chart at the very bottom).



  18. Barrier and Synergy Can Work Together, Connecting Lots of Different Machines

    Barrier and Synergy can be configured to work properly in conjunction, though only provided different port numbers (non-default) are specified; in my current setup I have two computers to my right, working over Barrier, and two older ones on the left, working over Synergy; the video explains the setup and the underlying concepts



  19. Links 2/8/2021: Open Science in France and Zoom Pays to Settle Privacy Violations

    Links for the day



  20. It Almost Feels Like Battistelli Still Runs the EPO (by Extension/Proxy)

    The "Mafia" that destroyed the EPO is still being put in charge and is using the EPO for shameless self-promotion; it is never being held accountable, not even when courts demand remediatory action and staff seeks reparations



  21. [Meme] Vichyite Battistelli Committed Crimes and His Buddy António Snubs Courts That Confirm These Are Crimes

    Staff of the EPO is coming to realise (or reaching acceptance of the fact) that the spirit of Battistelli — not just people he left in charge of the EPO — dooms the Office and there’s no way out of this mess



  22. Links 2/8/2021: Linux 5.14 RC4 and 20% Growth in Steam

    Links for the day



  23. IRC Proceedings: Sunday, August 01, 2021

    IRC logs for Sunday, August 01, 2021



  24. Links 1/8/2021: LibreOffice 7.2 RC2 and Lakka 3.3

    Links for the day



  25. Was Microsoft Ever First in the Market?

    Confronting the false belief that Microsoft ever innovates anything of significance or is "first" in some market/s



  26. Links 1/8/2021: 4MLinux 37.0, IBM Fluff, and USMCA Update

    Links for the day



  27. Microsoft Knows That When Shareholders Realise Azure Has Failed the Whole Boat Will Sink

    The paranoia at Microsoft is well justified; they've been lying to shareholders to inflate share prices and they don't really deliver the goods, just false hopes and unfulfilled promises



  28. [Meme] Nobody and Nothing Harms Europe's Reputation Like the EPO Does

    Europe’s second-largest institution, the EPO, has caused severe harm/damage to Europe’s economy and reputation; its attacks on the courts and on justice itself (even on constitutions in the case of UPC — another attempt to override the law and introduce European software patents) won’t be easily forgotten; SUEPO has meanwhile (on Saturday, link at the bottom in German) reminded people that Benoît Battistelli and António Campinos have driven away the EPO’s most valuable workers or moral compass



  29. IRC Proceedings: Saturday, July 31, 2021

    IRC logs for Saturday, July 31, 2021



  30. [Meme] When it Comes to Server Share, Microsoft Azure is Minuscule (But Faking It)

    Don't believe the lies told by Microsoft's charlatans and frauds; Azure has been a total failure and that's why there are layoffs as well


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts