On 01/31/2015 06:59 AM, John Young wrote:
Swell initiatives by all the Snowden distributors. Except most fall prey to PDF manipulation of tagging, implanting, tracking, by willful intent or by technical ignorance.
<much cool stuff snipped> I don't see this as an issue for processors and distributors, as long as their OPSEC is adequate. We may prudently assume that Snowden's originals were tagged, watermarked, implanted, and so on. Given that, I trust that everyone working with the documents has behaved accordingly. If they haven't, it's all too likely that identities and relationships have been inadvertently been revealed. Son las cosas de la vida. But for casual enthusiasts and the general public, this could be a serious issue. Even if documents were obtained securely, they could phone home. Scans by anti-malware apps could be uploaded to servers. Cloud-backup providers might look for them. ... How might one prevent that? What comes to mind is a Tor hidden-service site that serves scrubbed images, and doesn't readily permit downloads. While OCR would be essential in processing documents, serving text arguably puts users at risk. Maybe that's obvious.