Bonum Certa Men Certa

EPO Whistleblowing: How (Not) to Use Machines at the Office

Control Risks and EPOSummary: What Control Risks and the EPO's management probably hope staff won't know and therefore, potentially, self-incriminate

STAFF of the EPO, as we noted here a few days ago, no longer trusts phones at the Office, but what about the PCs and the printers? Thankfully, having inquired for a while, we have been able to gather some information and now is a good time to share it, for the safety of EPO workers who are under the vigilant eyes of Team Battistelli and unaccountable goons like Control Risks.



"Anyone who uses an EPO computer to do anything at all is in danger," one reader told us.

“It is thus imperative that any file which is published isn't 100% identical to the original, even if it was widely distributed internally in the first place.”
      --Anonymous
"It is pretty much established that ALL user computers at the EPO are equipped with key logging software," said an anonymous person. This is apparently well understood by now. No wonder the atmosphere at work is so depressing. There have been studies conducted which explain the effect of never having any privacy, let alone a sense of privacy.

"I obviously couldn't study the currently installed machines myself," one reader told us, "but I trust my sources on this. The amount of data transmitted and stored is trivial, and putting myself in the skin of a spy, I would suppose that the logging includes the list of opened windows with the ID of the one in focus, with occasional screen captures. That's fairly easy to implement."

As some people put it, Windows is almost designed and even optimised for spying. There are many surveillance add-ons sold for it, and Vista 10 is spyware out of the box (for Microsoft to spy on every keypress and much more).

“There are commercial programs offered on the market that monitor and log any data traffic to and from attached USB ports.”
      --Anonymous
"Using hooks in the file system," a reader of ours hypothesised, "you could also check whether someone uploads a file in Chrome or Firefox for transmission, e.g. in a webmail window, so you don't even need to doctor and compromise the browsers.

"It would also be easy to scan EPO computers for an identical copy of any file which shows up on the Internet. Someone who would want to leak a document would have to store it on his/her local drive first, and that leaves traces. This wouldn't require excessive resources if you work with file signatures computed hash functions.

"It is thus imperative that any file which is published isn't 100% identical to the original, even if it was widely distributed internally in the first place."

Obviously it would be unwise to use a computer at work for subversive activities in the first place. It's safer to do so from home or some open network.

"I often work with bitmap conversions," a person once advised us, "which strips all original metadata and of any stuff which could be easily hidden in PDFs. The Adobe format is ugly and complex, and provides PLENTY of opportunities for introducing side channels, e.g. orphan objects, extra entries in character coding vectors, or even the ordering of objects within a page, which PDF linearization wouldn't defeat. Technically, you could still watermark a document using character kerning, which is harder to defeat with bitmap transformation, but this would require an infrastructure just for that, and that would require RATHER smart operators."

“One can only send a document to one's own e-mail address these days.”
      --Anonymous
Going back to the point about Windows, especially recent versions of it, it's probably not wise to use it because spying is often done by numerous parties (including Microsoft) at the same time. Personal data is later being passed around or even sold.

One reader reminds us: "There are commercial programs offered on the market that monitor and log any data traffic to and from attached USB ports. It would be slightly safer to obfuscate a file before saving it to an USB stick, but there are still traces. I know of places who use these, but I don't know if the EPO is among them. By the way, our beloved NSA files patents for "butt plugs" for insertion into USB ports."

Just to complete the picture, someone told us that if people use the machines at the Office, then "Xerox" may appear in the document producer metadata and "chances are," in such a case, "that the document was scanned on these high performance network printers which are widely used at the EPO. These used to be in open access, but current models require the user to present his ID badge in order to access the scan menu. One can only send a document to one's own e-mail address these days."

Our sources believe that computer keyboards are equipped with smart card readers, but we don't know whether the smart card must be left inserted in order to work. In any case, the screen lock delay is quite short, so one can hardly use the excuse "someone must have entered my office when I went out to take a leak".

Any public file produced by the Register or Espacenet is generated on the fly from internal bitmap images and contains metadata which could betray the IP of the requester, so sources would want to cleanse these too.

At Techrights we use various methods to eliminate or at least significantly reduce the risk of sources being found through metadata. Nevertheless, if during transmission there is identifying information and if Control Risks can observe the session, then there is risk of useful interception. We previously provided information on how to securely send data to us. Some of the above observations hopefully increase awareness of the traps and the weaknesses that are EPO-specific.

Recent Techrights' Posts

Gemini Links 16/07/2025: Tmux and OCC25 Working TLS
Links for the day
Reboots Should Never be Necessary
"BUT WHAT ABOUT SECURITY!!"
There's Still Hope for the World Wide Web
Let's hope that the trajectory of the Web won't be leading us to over-reliance on Google, nor will it reward worthless slopfarms
Gemini Links 15/07/2025: Smolweb and Alhena 5.1.7
Links for the day
 
Recognition of Women's Contributions to Free Software
Being passive is not an option when bad things are happening
Slopfarms Are Going to Perish Because Public Opinion is Changing
Many slopfarms will simply go offline
19 Years of Standing Up for Justice, Equality, and Truth
This week we shall take it up a notch
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 15, 2025
IRC logs for Tuesday, July 15, 2025
Links 15/07/2025: LLM Pollution and Pushback in Ukraine
Links for the day
Gemini Links 15/07/2025: xkcd, New Cert, and Alhena Gemlog
Links for the day
Links 15/07/2025: Press Freedom at Risk and New Facebook Blunders
Links for the day
The Danes Want GNU/Linux
David Heinemeier Hansson recently moved to GNU/Linux
Cory Doctorow Explains Why Software Freedom Matters, Whereas "Open Source" Misses the Point and Helps Monopolies
It's a very long article
BillPR (EpsteinGate-Bribed NPR) is Turning Into a Partial Slopfarm that Promotes Slop
"I went on a date with a chatbot!"
Two Weeks Passed Since Latest Large Wave of Microsoft Layoffs, More Expected Next Month
Blaming the debt on "AI" is just self-serving storytelling
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, July 14, 2025
IRC logs for Monday, July 14, 2025
Gemini Links 15/07/2025: Gemini "Style Sheets" and Switching From Microsoft GitHub to Codeberg
Links for the day
Coming Soon: Another OSI Scandal, This One Implicating Molly de Blanc
OSI has been fairly quiet lately
Outreachy & Debian pregnancy cluster, Meike Reichle evidence
Reprinted with permission from Daniel Pocock
Again, "Lunduke is Actually Sending His Audience to Attack People"
Microsoft Lunduke is not trying to "protect" Linux
XBox is Rapidly Turned Into a Slopfarm by Microsoft
Slop isn't about efficiency and saving money
One of the Most Hilarious Things About the Microsoft SLAPPs
It's so ridiculous
Financial Support for the Free Software Foundation or the GNU Project
The FSF has extended until Friday its fund-raising campaign
Illegally Hiding (or Demanding Secrecy Around) Illegal Requests or Attempts at Extortion
unlawful communications like threats
Microsoft's Halloween Documents and systemd, Wayland, Etc.
Maybe one day Wayland will be widespread. Or maybe not.
Gemini Links 14/07/2025: BOFH Archive, Updating Old Palm PDAS, and Nginx vs Slop Bots
Links for the day
Ubuntu is Becoming GAFAM-Like
What does that say about Canonical and Ubuntu?
Slopfarms Which Take Real Articles About GNU/Linux and Turn Them Into Copycats Which Are False
Even before the LLM hype those were quite common
The Firm That Picks on Techrights is Accustomed to Working With Criminals
Techrights never did anything illegal. So why is it being picked on by people who work with criminals?
Microsoft Said the Mass Layoffs Were for "Investment" in "AI", But It's Also Laying Off the "AI" and "Copilot" Staff
Months ago we showed many so-called "AI" people were getting the boot and this time it's the same
DryDeadFish is Dead, Long Live DryDeadFish
We kept checking, hoping it can recover from some temporary technical issue
For Quite Some Time Already Microsoft Attracts Crackpots, Scams, and More
Occasionally we talk about the situation at IBM as there are many parallels
Links 14/07/2025: Chatbots Broken Again, McHire LLM Shows Limits of the Hype
Links for the day
Changing One's Name Won't Change One's Past
People who have earned a bad reputation are not magically "entitled" to reset
People Who Assault Women Are Not Victims of "Distress"
It seems like an American tradition. In a country with almost 50 presidents, not even one was a female.
Slashdot Media Turned Linux Journal Into a Slopfarm and Now Slashdot Actively Promotes Anti-Linux Slopfarms
Yes, "no-nonsense" apparently means actual nonsense
Adoption of Gemini Protocol Still Growing
Gemini Protocol is being obscured by the media - it doesn't help that Google 'hijacked' the word "Gemini" - but people still manage to find out about it, download a client, and use it
Links 14/07/2025: Arresting Photographers, Threats to Revoke US Citizenship Over Criticism
Links for the day
More EPO Leaks on the Way
We hope that Mr. Rowan will actually try to refute what we say and show, not merely point the finger at the messengers
Decommodification is a Corporate Strategy Against Communities
systemd is led by Microsoft and hosted by Microsoft
copyleft.org 'Hijacked' by the People Who Attack the Person Who Created Copyleft
So far there's nothing "tasteless" in copyleft.org, but that can change at any time in the future
Asking People to Take Down Articles and Videos Only Makes These More Popular and "Viral"
If you do something bad, one of the worst things you can possibly do it try to silence those who speak about it
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 13, 2025
IRC logs for Sunday, July 13, 2025
Two-Thirds Towards FSF Goal, Richard Stallman to Give Talks in Europe
There are 67 left before reaching the target
Brett Wilson LLP "Takes it Personal" (Character Assassination, Not Professionalism). Everybody Can See That.
On behalf of violent men
Gemini Links 14/07/2025: Politicised Tech and "Leaving GitHub"
Links for the day