Per Wikipedia, the dots' "arrangement encodes the serial number of the device, date and time of the printing", so all you really need to spoof somebody else's printer is the serial number. Which can likely these days even be accessed remotely through printer settings.
No need to examine the printer. Just find a sheet of paper that printer printed, decode the dots, and then print your super illegal whatever with their printer's dots and a timestamp that makes sense for whatever you're framing them for doing. Nobody's ever gonna believe "the dots were a lie." They sound too much like fingerprints.
Or just go to a big box retailer, grab a couple of serial numbers off of the packaging, and then randomize per page.
Better than nothing, but you probably don't want to produce a document that purports to have been printed by three different printers that were likely only in the same place during a relatively short period surrounding when you went to see them. You'd be better off just making up serial numbers.
Nah, it's even better. "These messages were printed on a variety of different printers on three separate dates, but all of the printers were in an Office Depot during that time. Now we just need to go through the footage of those days to see who was in that store on all three days." Meanwhile, you're in another state on those days, doing crime.
> on all three
Except if you can manipulate the timestamps, then they aren't relevant anymore, so the search space is much bigger than the intersection of each set of days.
It's the intersection of all the people who visited each printer at least once any time.
Yeah, but the police (and then the prosecutors if they find someone who matches) are operating under the theory that the tracking dots are correct. They really want the dots to be correct. They don't want the dots to be wrong. This is why nonsense like "fiber matching" lasted so long: the people prosecuting the crimes want it to be right so badly that they're practically on your team.
Or post a thread on r/inkjetssuck or some such, and just have people from all over the world go into the big box stores to get serials to post as a reply
Why is the randomizing step needed?
why randomize a mac address?
If everything you print has the same fictitious serial number, it's still a stable identifier that can be triangulated.
Got it. Then why the first step of go to the effort of getting real serial numbers from the big box store. If the dots signature going to be randomized?
It depends on how it gets the serial number. If it reads it from internal memory then spoofing your own serial number on each document print is the obvious workaround.