Hi, I figure someone on this list might have done some research from a perspective sharing similar goals.
Does anyone have a recommendation for a reasonable printer? My rough objectives are as follows: 1. "Well-supported by linux." In practice I imagine this means speaking standard protocols, or needing some FOSS CUPS plugin packaged in the usual repos. Essentially, as long as it's not some windows/mac-only proprietary nonsense, or GUI-requiring linux blob, then it's probably good enough. 2. Does not persist printed pages in internal storage, intentionally or otherwise. No "re-print last page(s)" anti-feature, or similar. I think ultimately a deliberately "stateless" printer is really what I desire, but I'd be surprised if those exist beyond perhaps some very old simple ones with non-network (think parallel port) interfaces and non-updatable firmware that is somehow trustworthily write-protected. (Which sounds great, tbh, I'm just not aware of any like that nor where to get them besides maybe getting lucky in an auction.) 3. Has economical and shelf-stable consumable parts (ink, toner, etc.). Probably means laser printer? 4. Doesn't take forever to print things and jam every other page. Probably means laser printer? 5. Color would be nice, but optional. 6. Lack of "printer dots" [1], or similar (font-mutation steganography [2], if that's a thing now?) would be nice. Do any such machines even exist these days? (Besides firmware reversing & removal of said "feature" yourself, I suppose...) 7. Minimizing contribution to aggregate demand for production of eventual waste. DRM'd ink cartridges and similar are dumb, and as much as I'd welcome the challenge to defeat them, I don't want to spend my time doing that right now. An abundance of the actual printers on 2nd-hand markets would be nice, or, if new, something expected to be reliable and last a long time to amortize the cost of its production. I'd be perfectly happy with some model already 10 years old as long as they're available, reliable, and the consumables for it are still available and/or self-refillable. As for firmware security: I assume all printers are probably vulnerable (and/or backdoored?) beyond any hope of being reasonable, and would like to put a simple trusted device in front to force all incoming data to be printed to go through something like the Qubes trusted PDF converter, to sanitize whatever fun PDF / postscript / whatever exploits might otherwise reach the printer. A scanner would be nice too. I haven't thought through all the implications of whether having a discrete scanner & printer vs. combined unit has a meaningful impact on my threat model. There's the obvious implication that a compromise of one may steal data from or exfiltrate data via the other, but then, would such a mechanism need to be targeted to avoid obvious accidental detection? How might a likely targeting activation mechanism work? I'm sure it might be interesting from an attacker's perspective to have a built-in side-channel between them, but hopefully network (/usb) isolation and sanitizing input documents would break any likely print-job command & control vectors besides those which would rely on image processing (which feels less likely)? Unclear. Thoughts on this welcome too. Regards, Jean-Philippe [1]: https://en.wikipedia.org/wiki/Machine_Identification_Code [2]: http://www.cs.columbia.edu/~cxz/publications/fontcode.pdf -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_AETmn3gqFZV2mNPnjevdtb2wY2HdW9ho7KKe7nH8KGAA%40mail.gmail.com.