NSA

Don't Want the NSA to Read Your Documents? Use This Font.

|

This is ZXX:

ZXX
Credit: Walker Art Center

It's a font designed to be difficult for machines to read. Several different techniques are used, including camouflage patterns drawn from nature, crowding the letters with digital noise, and simply crossing out each letter. 

morning!
Credit: Walker Art Center

The font is named after the Library of Congress code, ZXX, which labels a document as containing "no linguistic content." The goal is to make the contents of a document unreadable by text scanning software while still being intelligible to a human reader.

Here's how the font designer, Sang Mun, explains his project

As a former contractor with the US National Security Agency (NSA), these issues hit especially close to home. During my service in the Korean military, I worked for two years as special intelligence personnel for the NSA, learning first-hand how to extract information from defense targets. Our ability to gather vital SIGINT (Signal Intelligence) information was absolutely easy. But, these skills were only applied outwards for national security and defense purposes—not for overseeing American citizens. It appears that this has changed. Now, as a designer, I am influenced by these experiences and I have become dedicated to researching ways to "articulate our unfreedom" and to continue the evolution of my own thinking about censorship, surveillance, and a free society.

It's part awareness-raising art project, part useful tool. (Though how big a part optical text recognition plays in government spying is unclear. Because, you know, the whole thing is quite secret.)

(UPDATE: Since there seems to be some confusion on this point, I've tweaked the headline and I just want to highlight the sentences above. This would be most useful for attachments or other items that can be transmitted via email as images.)

Download the .zip file with the font here.

And don't forget to read Ronald Bailey's other tips for how to keep the government from spying on you. 

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

137 responses to “Don't Want the NSA to Read Your Documents? Use This Font.

  1. People who have nothing to hide use Courier, Times New Roman or Arial. Maybe Verdana.

    1. Why do I feel like Neal Stephenson’s Cryptonomicon is turning from a piece of delightful fiction into a how-to/survival manual.

      1. You don’t have a HEAP ready?

      2. If this all ends as abruptly and unsatisfyingly as Cryptonomicon, you may be right.

        1. He isn’t right. There’s no way the Cryptonomicon will ever become reality; I doubt there is a single man on Earth who doesn’t masturbate.

          1. I made it three weeks once.

            1. So, you’re actually John Bobbitt?

    2. It’s best to use a sans belief typeface.

    3. I put all of my important correspondence in Comic Sans

  2. “Does that sound like a drone?!”

    /Sang Mun

  3. 50% alt-text completion is still a failing grade.

  4. ALT-Headline: If you don’t want the NSA to read your e-mails, go fuck yourself you terrorist.

  5. Designers sure think people want to know what inspires them.

  6. Is the NSA printing my emails and then running them through an OCR scanner to read them?

    1. They should hire half of America to read the other half’s correspondence and follow their movements by satellite and gps tracker. It would have the added benefit of ending unemployment, would be a huge stimulus for the economy and would likely also end Climate Change and the hunger and obesity epidemics at the same time.

      Oh, and I’d see another Nobel Peace Prize in it for the President that does it.

  7. But wouldn’t the email be transmitted as plain text, with a charset flag?

    So the NSA could just read the plain characters and your plan would accomplish a whole lot of nothing.

    1. Yes, but Mangu-Ward was clearly referring to NSA guys reading your email over your shoulder with some sort of OCR, or machine-reading emails that you print out and then send in the snailmail.

      1. OCR EM Scanning technology does exist to read your screen from behind a wall.

        Pretty crazy. I was in telecom for 3 years before I learned you can tap a fiber optic line without even so much as touching the cladding…and that was 14 years ago.

        1. This doesn’t sound likely. How would you even do that?

          1. I don’t know for sure, but my guess would be evanescent waves.

    2. Maybe the NSA could give me some software which automatically tell me what fucking code page the document is that I got from Taiwan.

      Man to I hate dealing with character sets.

      1. Supplies!

        1. I ruv supplies bersday a party!!

          /Kim Jong Il’s Ghost

    3. You’d have to send the emails out as images only.

      That’s a sure way of winding up in my kill-file.

      1. This is actually a GOOD idea to avoid NSA scans. Better yet, hide text in the code of another file. Never get caught. It’s also a good way to annoy your friends.

          1. yeah, that’s a great system (insert sarcasm emoticon). So, you encrypt your email, then what? Call the other party to give them the password? Well, thank god the content of our calls aren’t being monitored…

    4. Yes. So the only apparent option is to send your information as an image file using that font, thereby wasting time, bandwidth, and making quoted emails next to impossible.

      Sounds like a lot of fun.

      1. It will stop the NSA from reading your e-mails because everyone will stop communicating with you.

    5. Ditto. This sort of stuff only makes sense to the great unwashed masses of Outlook users who have no idea how email really works.

  8. You will all notice that neither Hit nor Run allows commenting with any said fonts. reason talks a good game, but like so many advocacy groups it’s do as I say not as I do.

    1. I lol’d.

      1. Of all things, that’s what got you? You’re weird.

        1. If I was normal, would I be hanging out with you deviants?

        2. he’s pregnant, leave him alone.

    2. I recall the few hours where H&R allowed other fonts, images & such.

      Known as “The Day the Universe Exploded”.

      1. Pro Lib prefers “The Day of the Commmenters”.

        1. RELEASE THE WINGDINGS!

          1. LOL!!! WINGDINGS FTW!

        2. Ahhh those were the days…images mmmm…

        3. Speaking of which, has anyone ever resurrected the reason wikia? Shutting it down felt like the terrorists winning.

          1. Lol…I think Grylliade and the URKOBOLD took the wiki out with cleansing fire.

            1. Oh the days when people were worried about their taints.

  9. A much better solution is to hide your meaning in plain sight inside a complex web of logical fallacies and post your message as a leftwing troll on a public website. Those Who Shall Not Be Named have been using this place as a dead letter drop for years.

    1. Well, it certainly has been effective then…

    2. Ahh, I was wondering what anonybot was doing…

  10. Calibri or bust.

    1. I we could just get the trolls to post in Comic Sans, it would be much easier to skip them.

  11. If you’re not using M32 Marain, you’re wasting your time.

    1. Marain? Did she ever turn up again in the series, or was she permakilled after falling through that magic hoop with Lanfear?

      1. If anybody respsonds to this I will murderdrone them. I STILL am only on book 9

        1. So…tempting…

  12. You really think the NSA looks at images of emails? They scan the source document. The letter “M” is an “M” no matter what the font is. This is just silly. You can type in wingdings if you want, but the characters are still the same. Also, font is on the user side, not server side. This guy is capitalizing off fears and lack of knowledge.

    1. Nu lrf, ohg V *qbhoyl* rapelcg *zl* cbfgvatf jvgu EBG-13!

      1. Oh, I LOVE the Swedish Chef!

        1. Nf qb V!

          Obex! Obex! Obex!

          1. Vg’f haoernxnoyr vs lbh qb EBG-13 ba na NFPVV neg vzntr bs gur zrffntr!!!1!

    2. He’s saying to make your email an image. No text, no ASCII code.

    3. And laziness. “I want an easy, pain free way to encrypt my messages.” The truth is that good encryption takes effort.

  13. If you really wanted to do cyber-guerrilla warfare, you should send at least 5 texts or emails per day consisting of random characters, occasionally inserting things like “Capitol Building”, “White House”, or “International Airport” in plain text.

    1. I really want to try something like this. Or change my email signature to GPS coordinates of Federal buildings.

  14. This font wouldn’t really stop them if it starts getting used frequently. It would be pretty easy to add this font to an image processing algorithm and have it readable by machines. The guy across the hall from me could probably do that up in a couple of days.

  15. Use codewords. INstead of White House, say The Dragon’s Lair
    instead of congress, say Den of Rats
    wait those are too obvious.

    1. What does this have to do with the forthcoming Borderlands DLC with Tiny Tina?

      1. YES

  16. My email requires special glasses to read. If anybody wants a pair, I left a whole box of them in a trash can by the soup kitchen.

    1. Not this year.

    2. But I’ve already gone through a ridiculous fight scene today.

    3. +1 CRIPPLE FIGHT!

    4. Wait you are Rowdy Roddy Piper?

  17. I don’t belong on this nerd techie thread. Please let’s talk about that Patriots player that’s obviously guilty of murder since he’s not letting the cops dictate how and when he is interviewed.

    1. Or Tebow. We could talk about Tim Tebow.

      1. So with the Gronk constantly injured and Hernandez under suspicion for murder, you think Tebow can become Brady’s go-to guy?

        1. You know what’s coming. I know what’s coming. The Boston Miracle, when Brady goes down and Timmie comes in a throws a perfect game.

          1. That would be amazing in several ways, such as 1) Brady going down, and 2) Timmah getting everyone worked up. But unfortunately that would mean success for the Patriots and no one wants that.

            1. Yeah, it’s the one thing that ruins things for me. Perhaps he would rise to the heavens afterwards. I could stand one win if it weren’t a trend.

    2. I will say the business about the electronics all being destroyed is, well, troubling. Even Tebow is troubled.

      1. This is the part that has convinced me he is involved (though not necessarily a murderer).

        1. Ray Lewis retired and the NFL has to have at least one murder-cover-upper to keep the ESPN commentators jabbering.

          In his defense, though, he’s not required to keep any evidence. Fuck the police.

          1. Well, yeah, I dunno about that. You’re a suspect/material witness and you destroy all the evidence when you know a murder has occurred? Pretty suspicious stuff.

            Bet it’s connected to his girlfriend.

            1. The victim was dating her sister.

                1. Could have been a sister-swap four-way sex/Russian Roulette game gone wrong.

                  Also, have Amanda Knox’s whereabouts that night been determined yet?

            2. He hadn’t even been contacted yet though. And until then, you’re not required to keep jack shit that might incriminate you. Again, fuck the sloppy journalism at ESPN and their “expert” legal “analysis”.

              1. The reporting across the board is awful on this one–keep hearing completely conflicting reports. I tend to think something’s not quite right, but not being sure what’s factual and what isn’t, who knows?

              2. Wait, you’re telling me that a bunch of ex-jocks aren’t the best source for expert legal opinions? Damn, I guess maybe I should pay my taxes after all.

    3. Well I think the suspicion is more along the lines that he broke his phone and hired people to scrub his house clean after someone he had a connection with was murdered near his home.

    4. Do you really think Urban Meyer recruits anything but rapists, thugs, and thieves? Obviously guilty.

      1. 3 years ago I would have agreed with that statement. And three years ago you would have been right. But now that Urban has come to The Ohio State University, he doesn’t have to recruit those types of people to win and in fact refuses to let them even come through the doors of the ‘shoe.

        1. He’s pretty corrupt, though probably mostly within NCAA guidelines, which are loose, anyway.

          What’s funny is that Meyer was generally liked before and during the UF days, but people hated Spurrier. Who ran an extremely clean program, kicking people off the team who got in trouble, and, while he was at UF, encouraging kids to graduate and stuff. Crazy, I know.

          1. And after his sting in the NFL, Spurrier comes back to college and runs what is effectively a work-release program for the Palmetto State.

            1. He’ll be cursed forever!

              I really enjoyed Spurrier’s tenure at Florida.

              1. Meh, at least he didn’t go to UGa. Those insufferable cunts (I lived in Augusta for 2 years) combined with Spurrier trolling the sidelines would have cause me to lose my generally composed demeanor.

                1. Spurrier wouldn’t do that. He’s old school–hates the teams he hates. No UGA, no Auburn, and no fucking Tennessee.

        2. But now that Urban has come to The Ohio State University, he doesn’t have to recruit those types of people to win and in fact refuses to let them even come through the doors of the ‘shoe.

          You know this is going to end with Urban having heart problems after Michigan whips your ass twice in a row.

          1. after Michigan whips your ass twice in a row.

            Ahahahahahahahahahaha. Now that’s the kind of humor that gets me through the day. Thanks, Brett.

            1. Ask ProL how it felt to be pounded by a mediocre rival who shouldn’t be able to hold your jock.

              1. What’s sad is that UF is the only school of the old triad that hasn’t lost to USF. USF.

              2. Oh, I’m sure they’ll lose to Michigan again. I mean, it’s happened once in the last decade. But two years in a row? Are you expecting Meyer to fall ill and in a move designed to incite riots John Cooper is installed as lifetime coach?

                Only then would something as bad as that happen ever again.

                1. I will say something–I think Meyer is good, but I also think he’s vastly overrated. He won at UF largely because the defense was outstanding those years. You should remember that.

                  1. Yeah, Ohio State is known for their defense sucking ass, aren’t they?

                    You’re just trolling me now, my Floridian chum. Well I ain’t gonna take the bait. And for good measure, I’m gonna go hit the mock-up of Neil’s mailbox I set up in my auction yard with a baseball bat. That’ll teach ya!

    5. http://espn.go.com/boston/nfl/…..s-abc-news

      FTA: The warrant was prepared after police discovered that the security system at Hernandez’s home, along with his cellphone, were destroyed, sources told ABC News.

      Police were at Hernandez’s home again Thursday with another search warrant based on evidence that Hernandez “destroyed his home security system,” an investigator close to the case told ABC News.

      Is he not free to do what he wants with his own personal property?

      1. Also FTA (emphasis mine): “There’s a federal statute in every state that you cannot knowingly destroy evidence. And what [authorities] believe has happened here is that the home surveillance system was destroyed, the cellphone was destroyed, the house was cleaned, and the police think there was evidence that was destroyed because of that,” ESPN legal analyst Roger Cossack said.

        So is it a federal statute, because if so it would be the FBI investigating it, Roger, and they would have to execute the arrest. Or is it a state statute and you just don’t know what the fuck you’re talking about?

        1. If he knew what the fuck he was talking about he probably wouldn’t be the legal analyst for ESPN.

      2. Sounds like probable cause to me.

  18. Actually, there’s a lot more efficient way to implement the idea that doesn’t require an image or PDF file to use. Implement a character-set cipher that’s set up as a time-elapsed linked list. The first message goes out in good ol’ ASCII/Latin-1. Attached to it is the cipher for the next message to the same recipient, which creates a randomly-generated custom character mapping. That first Email would have to be encrypted.

    [As an alternative, the first message could be already ciphered, with the decoding map shared another way beforehand.]

    Once the cypher chain is set up, every message sent to the same recipient includes an attachment with a new randomly-generated cipher. Since the cipher changes from message to message, each encoding is a once-only. Unless you’re in the habit of sending unusually long Emails, there won’t be enough text to crack each instance.

    The advantage with this approach is that it uses plain (scrambled) text: the only extra bandwidth is for the new cipher, which would also be in text form. If a designer was clever and sneaky enough, an Email could be mocked up to look like another kind of file [i.e., custom extension.]

    GHjd6hse6ljkhs6klkd` 🙂

  19. Actually, there’s a lot more efficient way to implement the idea that doesn’t require an image or PDF file to use. Implement a character-set cipher that’s set up as a time-elapsed linked list. The first message goes out in good ol’ ASCII/Latin-1. Attached to it is the cipher for the next message to the same recipient, which creates a randomly-generated custom character mapping. That first Email would have to be encrypted.

    [As an alternative, the first message could be already ciphered, with the decoding map shared another way beforehand.]

    Once the cypher chain is set up, every message sent to the same recipient includes an attachment with a new randomly-generated cipher. Since the cipher changes from message to message, each encoding is a once-only. Unless you’re in the habit of sending unusually long Emails, there won’t be enough text to crack each instance.

    The advantage with this approach is that it uses plain (scrambled) text: the only extra bandwidth is for the new cipher, which would also be in text form. If a designer was clever and sneaky enough, an Email could be mocked up to look like another kind of file [i.e., custom extension.]

    GHjd6hse6ljkhs6klkd` 🙂

    1. I don’t understand any of that post. I mean not a single bit of it.

      But you are using a Canadian e-mail address, so I’m going to discount it as the flappy-headed ramblings of a madman that buys milk in bags and eats timbits every morning.

      1. Better than being a suspected terrorist (unless Timbits are on the list now.)

        1. What, you don’t think the Canadian government is doing the same thing to you? Take your face out of the Kraft Dinner and open your eyes, man. This is going on everywhere in the “civilized” world.

          1. Well, everywhere the government isn’t too broke. I suspect the Greeks aren’t getting much of their email read these days.

    2. For those who undertood what I was gabbling about above: implementing this system would require a dedicated Email database for each recipient and sender. The database would hold records of each cypher used for each sender-recipient pair. Otherwise, there’s no way to keep track of which specific cipher maps to each Email, and which new cipher corresponds to each recipient. That database would have to be the most firewalled/secured part of the system.

      [Yes, the 2500-character limit was designed for people like me.]

      1. Honestly, if I wanted to communicate securely, I would send one-time pads through Fedex or UPS. As long as the cops don’t raid you or the other party (and both destroy their pads after use completely) its all good. Especially if you appear to be using electronic communications.

        1. Best one time pad is something everyone already has. Say, Atlas Shrugged or Road to Serfdom

        2. One-time pads are the way to go, assuming you have a secure way to transfer the pad.

      2. I’m having trouble seeing what advantage this has over GPG. If I’m reading right the first message is essentially just a private key that will be used to decrypt future messages.

        1. It’s a cypher system, which is definitely inferior to encryptation. The only advantage is the dynamic nature of the cipher. A fixed cipher would be quick-burned toast.

    3. You’re effectively describing a dynamic public key type system. The problem is that if you decrypt one, you can decrypt everything from then on.

      I think that it would be cool to encrypt a message a standard way (RSA or something), and then implant that information into an image file.

      You could even put pictures in other pictures!

      1. Well, at least the NSA won’t be able to read your link.

        1. http://en.wikipedia.org/wiki/Steganography#Digital

          also this for a more technical explanation:
          http://www1.chapman.edu/~nabav…..graphy.pdf

      2. Yeah, essentially – and you’re right about the one weak link. I suppose it’s more grist for a CompSci seminar than anything practical.

  20. The problem here is that with regard to intercepted emails, the font used is totally irrelevant; the text is captured as digital data, which is font-agnostic.

    1. The idea is to convert your email message into an image first using this font. Which of course, kills of most of its utility as well.

  21. Is this the week where Reason tries to out-stupid the rest of the web?

    1. Yeah, I’m usually more or less a shill for Reason, but this is pretty dumb.

      1. Well, at least the NSA won’t be able to read your link.

        1. Shit, threading fail.

  22. Even in 2013, good website design rules still apply.

    1. Vainly tries to get mouse wheel to scroll horizontally…

  23. Thanks for not mentioning the infinitely more useful PGP….

  24. Does anyone remember their Morse code? That might be so obscure now that it could provide a good first step to messing with the NSA’s minds.

  25. I have a little bit of experience writing software to read text characters from bitmaps and I’m almost certain I could write a program that could convert that font into plain text. The only one that might prove a challenge would be camo. I would be really surprised if their isn’t already software that can read ZXX. Just think about how easily captchas get beaten by bots nowadays.

Please to post comments

Comments are closed.