[qb45]

Another lesson not to trust people/organizations ignorant enough to keep confidential data in plain text on anonymous FTP.

It seems that the 21st century responsible disclosure procedure goes like that:

0. use tor for the research itself

1. report problems anonymously

2. if they don't care - report them to law enforcement for breach of confidentiality

3. if these don't care either or don't accept anonymous tips - make noise in the media

Of course, this is for dealing with idiots who keep their data on public FTP. If the attack takes some clever hacking, go check if they don't offer bug bounties. Funny times we are living in.

[Retric]

Step 1: Anonymously report them to law inforcement.

There is no step 2.

[hackney]

Nonsense. It could be as a easy as printing fliers at home and dropping them in an appropriate space, or mailing letters with the return address the same as the mailing address, or using Tails 2.x to email hippa and the police using a throwaway address. But contacting them in person? NFW

[tombrossman]

Yes, print flyers on your home printer that you purchased with a credit card in your own name and had shipped to your home address. Handle all the pieces of paper with your bare hands, too. What could possibly go wrong?*

*https://www.eff.org/issues/printers

[hackney]

Gee, let's find out. First off it applies to "some color laser printers". Don't have one. Second, printer was bought in person with cash and was a gift. Third, gee that's super hard, wear latex gloves. I sure hope the police are more intelligent than you are. No offense.

[tajen]

Never print anything for anonymous purpose. All printers have a watermark.

[logfromblammo]

This is not strictly true. So many color printers have a yellow-dot identifier pattern now that you should just assume that anything you print with one can be forensically linked with the printer's serial number, unless you definitively know otherwise. Monochrome printers are much less likely to add a nearly-invisible identifier pattern to every page. Check your printed pages under a microscope with different colors of light.

Nevertheless, if you want to print something and wish to remain anonymous, it isn't a bad idea to assume that every document that a particular printer ever prints can be linked using the printer's serial number, even if you think that specific printer is safe. Never print anything on it that can be linked to your public identity. Don't connect it to the internet.

You may never know whether there's some sort of steganographic encoding mechanism that targets certain print geometries in ways that you can't detect. There probably isn't. But if you're a dissident or troublemaker, can you take even a tiny risk?

[hackney]

Speaking of which, since we are talking flyers. Type once, print once at low res in b/w, and then copy that at a lower res, using that to make fliers. Done and done.