Tactical Tailor

Liberty Week – Privacy

Yesterday I said that I wanted to take this 4th of July week to address the concept of Liberty. I got several excellent suggestions for topics but some of them were more focused on the roots of the Independence movement. Today, we face different threats to our Liberty that are an outgrowth of how we communicate.

Some have taken on the invasive and ubiquitous governmental data collections and begun to develop new means to counter those efforts. One of these innovations is a disruptive typeface called ZXX after the Library of Congress trigraph for “No linguistic content; Not applicable.”

20130701-111635.jpg

While I don’t agree with the sentiment (there are more appropriate ways to raise awareness of criminal acts than compromising loads of classified information) of the example in the image above, it does give a good idea of what ZXX looks like in use.

In a recent post on Walker Art Center’s Gradient Blog, Developer Sang Mun (himself a former NSA contractor) said, “I drew six different cuts (Sans, Bold, Camo, False, Noise and Xed) to generate endless permutations, each font designed to thwart machine intelligences in a different way. I offered the typeface as a free download in hopes that as many people as possible would use it.”

I’d call this a practical design project. While it can be a pain to read, it would seem to fool OCR systems. Given the scope of ZXX’s applicability, it’s worth considering whether its use is practical. But ultimately, the question is, would an early adopter flag himself through its use? Interestingly, there was a time in the not so recent past when only criminals would feel the need to conceal their communications so. Now, more and more, the average citizen is asking himself whether the Government is reading his mail.

For more info on ZXX visit z-x-x.org

13 Responses to “Liberty Week – Privacy”

  1. Brackett says:

    This is an interesting project; however I think it is intended to simply ‘make a statement’ concerning internet privacy. The only way this font would protect your data is if documents using the font were filmed with CCT or other surveillance systems. Any other method of processing the document would be able to read it just fine. Text is text to a computer; they don’t ‘see’ the font at all.

    • Mick says:

      I kind of agree. It’s an interesting idea… but isn’t it just a matter of some programmer pointing his snooping software at that font set and telling it to learn it? Admittedly, I don’t know much about OCR, but I see this as no different from computer virus vs. anti-virus software. The new font will buy someone maybe six months of security before it gets cracked.

      Now, the idea that it can assemble a bunch of different permutations… that’s a fascinating bugger right there, and might be the thing that makes it REALLY hard to crack.

  2. bulldog76 says:

    my only question how do i download it ….

  3. endwahl says:

    This is dumb. If anyone is snooping you’re digital docs they’re going to do it before they go to any printer. You download the doc and change the font. Presto. Plus now the font book is published anyway.

  4. bob says:

    I wouldn’t even bother. You can just assume that any document can be read, period. Even l33t sp3@k is easily cracked by a simple algorithm. It is a matter of inputting the possible characters into the key, and letting the program run. If you don’t want a (emphasize A, are we naïve enough to believe the USG are the only ones doing this?) government reading something your e-mails, don’t put it into an e-mail.

    Snail mail and one time pads work great however.

    • bob says:

      Watch the video at the link. Unless the disruptions are randomized at every instance, this technique is already likely cracked. So, not trying to be a Debbie-downer, and I think it’s a remarkably cool project with noble intentions. Just please don’t download it thinking you can cease practicing OPSEC and PERSEC on the web.

  5. Sal Palma says:

    This domestic surveillance whiplash has been blown out of proportion. Using different fonts does nothing because there is a fixed ASCII or EBCDIC. OCR comes into play only when there are hard copy documents collected from site exploitation.
    If a cell phone is collected during a raid whether foreign or domestic you get the following data: EIN (Equipment Identification Number, the phones phone number, serial number and network. You can also get numbers called and calls received. You need to process that against CDR (call detail records) to develop a map of that phone’s activities. The CDR is produced by the carriers equipment or a local PBX for billing purposes. It is usually a comma delimited record that contains the time, date, duration and number dialed. So, let’s say the captured during the raid has a 555-555-5555 number. By running that number against a CDR database the analyst can see all of the numbers called. They will then run the same analysis for each of the dialed numbers to see who they called. You can then begin to map the cells. You can not contact the individual phone companies and ask for the individual detail. The process would take for ever and any possibility of being preemptive goes out the window. So, on a regular schedule, the various carriers would supply millions of records adding to the NSA’s database and thereby increasing the accuracy and speed in which we map the cells.
    NO ONE listens to phone calls until such time as its been determined, by a preponderance of evidence, that the party is a valid suspect.
    With regard to e-mail messages. The META date collected id the message header and that looks like this:
    x-store-info:J++/JTCzmObr++wNraA4PYLdVA1uHY9nr5zEktX9rhCyncU9DywclfFPx+QSl1sLWJkvK/m2cxQun/7DQOQzVLO/6TLxYAPLLYi7U1qXi/5RAYCi9SmFwMZLdlXSm2wU7swPgCVtEpU=
    Authentication-Results: hotmail.com; spf=pass (sender IP is 68.232.199.6) smtp.mailfrom=bounce-45742_HTML-12906783-6022292-1052159-0@bounce.email.zennioptical.com; dkim=none header.d=email.zennioptical.com; x-hmca=pass header.id=email@email.zennioptical.com
    X-SID-PRA: email@email.zennioptical.com
    X-AUTH-Result: PASS
    X-SID-Result: PASS
    X-Message-Status: n:n
    X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MTtHRD0xO1NDTD0y
    X-Message-Info: aKlYzGSc+LnZRlzw2K7wOPhuoAQuQV+SSWyiTCypo9/n7DUwOmdImohHxaRJo/Lu6e5YNCgW98SGH0Tkz+Dng6bRnO7ToCIsjQqBm70aTz1nHmmP8rh4qXyTFYprtnrKM1FZ2bwNxS1h40QtT35p8Zbn7Oih8/rFMaWgrNbIhFs=
    Received: from mta.email.zennioptical.com ([68.232.199.6]) by COL0-MC3-F33.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
    Mon, 1 Jul 2013 08:06:19 -0700
    DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=200608; d=email.zennioptical.com;
    b=viqU+c3UNHUZT6AwYGZRlC/d/X52YFlnW06k0jzSVWj0rrEGTHxDxgJ6pwckRjZGjsjrMulAa2m1
    HhQYC6T2mnVYdmF3npVCs7CjmbGF4QaqapgONURn6nCYShILElgG4gdWNtJSATjdCpqK4+GZTvIZ
    FO0XLx/X8MzFPhMvV/w=;
    Received: by mta.email.zennioptical.com id hq6dem163hsh for ; Mon, 1 Jul 2013 09:06:09 -0600 (envelope-from )
    From: “Zenni Optical”
    To:
    Subject: Free Sunglass Tint on any Zenni Frames! Expires Soon!
    Date: Mon, 01 Jul 2013 09:06:06 -0600
    List-Unsubscribe:
    MIME-Version: 1.0
    Reply-To: “Zenni Optical”
    x-job: 1052159_6022292
    Message-ID:
    Content-Type: multipart/alternative;
    boundary=”Ha93gHv81h3z=_?:”
    Return-Path: bounce-45742_HTML-12906783-6022292-1052159-0@bounce.email.zennioptical.com
    X-OriginalArrivalTime: 01 Jul 2013 15:06:19.0993 (UTC) FILETIME=[8AF12C90:01CE766C]

    By way of example. During a raid you grab e-mail addresses during analysis, you bounce them against a huge data base of message headers like the one above. From that you get an To/From IP, the ISP, the mail server’s IP address and once again you can map who is talking to whom. If it’s international traffic all bets are off. If it’s domestic you need the court’s authorization to proceed then CALEA kicks in.

    All of this neurosis about domestic spying, etc. etc. is precisely that neurosis.

    • Sam says:

      “All of this neurosis about domestic spying, etc. etc. is precisely that neurosis.”

      Its not neurosis, its called the implications of unintended consequences.

      “Guard with jealous attention the public liberty. Suspect everyone who approaches that jewel. Unfortunately, nothing will preserve it but downright force. Whenever you give up that force, you are inevitably ruined.” -Patrick Henry-

      Its despicable that someone would actually attempt to downplay this and think its acceptable.

  6. Bill says:

    Everyone seems to forget that the “Internet” was a .gov net long before it morphed into porn, online gambling and EBay.

    It’s cool typography, nothing more.

  7. Justin S. says:

    I don’t see any point in raising awareness. The church committee already solved this 40 years ago. Anyone who takes the time to read the FISA and its related documents can see that activities are already limited and being watched by all three branches of government. Even so, I think it’s a cool project, and an interesting mix between art, algorithms and graphic design.

  8. bloke_from_ohio says:

    This is not how computers work. Data is encoded in 0’s and 1’s regardless of how it is displayed on your screen. Unless you “print” you messages as images you are only making it slightly harder for the recipiant to read your message. Even if you do make it an image, you are just turning your messages into really long capta’s. Useful for fooling replicants and making your readers life harder. If somebody sends me a message with that font, I will just switch to plain text and read it in monospace.

  9. Lawrence says:

    Pretty interesting. I have to wonder what kind of algorithms are being used out there to operate the various OCRs. Thanks for posting.