[tech] Zero-width characters and tracking via pasted text

nervuri nervuri at disroot.org
Mon Mar 15 12:24:54 GMT 2021


On Sun, Mar 14, 2021, Stephane Bortzmeyer wrote:
>This is technically interesting but do you suggest that Gemini be
>modified in one way or the other, to limit the risks? And, if so, how?
>
>As you note in <gemini://rawtext.club/~nervuri/stega.gmi>, it can
>perfectly be done without zero-width characters. A trivial way is to
>encode the hidden information in a number of ordinary spaces at the
>end of each line.

Zero-width characters are *by far* the most potent way to do this - you
can encode any number of bits between any two visible characters.  The
other methods are nowhere near as efficient.

As for ways to limit the risks... that's the hard part.  I don't think
it's a matter of changing Gemini.  The best place to put a solution to
this problem is the OS's clipboard utility.  However, browsers can help
insofar as they can interact with the clipboard, by letting users know
when copied text contains zero-width characters (and perhaps homoglyphs,
etc).  Another approach would be to replace zero-width chars with, say,
emojis (a browser extension actually does this), but it would need to
have an on/off toggle, because these characters can be used for good
reason.

The guiding principle is that users must be able to see what's going on
within the "plain" text that they're working with.  If developers pick
it up and figure out solutions, that would be great.


More information about the Gemini mailing list