It's something that people who deal with highly sensitive information and sources should know, absolutely. But it's still not a big deal for anyone who's not going up against a well resourced government.
Maybe you just want to go about your life without every innocuous aspect of it being secretly interfered with? You might be able to ignore it for a long time because it doesn't harm you, but it only takes one shitty change in the wider system for it to be turned entirely against you.
That's already happened. License plate trackers, cell sites logs, phone and car location data tracks everywhere you go. Google analytics inside a google browser running on google's OS on google hardware, all to gather data on you to make slightly more money selling ads. Not to mention other data aggregators who will sell that data to anyone with a credit card. Every aspect of our lives are already being overtly interfered with, but no I really should care a lot about some stupid printer dots.
What a reasonable and not-at-all unhinged threat model. I should be kept up at night worried that currency counterfeiters will break into my house, steal my printer, use it to print fake money, the cops will find that money, use these dots to get metadata to find me, then what no-knock raid me?
idk I think I'll just accept that risk, it's a lot more likely that my ex will stab me after all
These types of threat models require a bit of creative flair:
0315 am, a drone flies over your house and hovers just long enough to upload firmware to your WiFi-enabled printer. Having not memorized your printers serial number, and certainly not checking it every day, you don’t notice the new firmware or orientation of dots.
Your printer, along with an identical model bought later and cloned to yours, are now forensically indistinguishable. Your printer driver phones TonerCo for a refill. It arrives with the fanfare of fast shipping.
11 months later, your address and credit card purchase are enough to convince the right judge to grant a no-knock warrant. Your printer has embroiled you, or someone just as innocent as you, in a very bad time.
We don't know what all the data is, but it at least used to be Date-Time-Serial. For governments and corporations with asset controls that record the serial of devices sent around, this is actually useful and can be used to sniff out moles like in the example. For individuals, you either need a massive amount of background data like purchase history (which is what you all should actually care about instead of these stupid dots), or you need to physically raid the place and get the serial off the printer.
And anyways in your example, there are far easier ways for the government to figure out that stuff that doesn't involve chasing down printers.
I figure the serial number could be enough if it was linked to a credit card purchase. However, it might only link to a lot number that a store purchased.
I don't think stores are tracking the serial numbers of the printers they sell, so yeah at best you're gonna get a big list of everyone who bought that SKU in the approximate time. And if you buy it with cash, or secondhand, then they're screwed.
Now, it probably phones home and that's probably how they catch people but there are ways around that.
