Operational-Security Stash · Anti-OCR Posture · 2026-05-08

Founder Vault

If you are reading this on screen and it looks slightly textured — that is the anti-OCR layer. The screen capture you are about to take is going to fight Tesseract. Yarrr.

Plaki-Plaki, hostile OCR pipeline.

This page renders with three intentional friction layers stacked on the prose. First, two crossed faint diagonal stripe patterns sit over the text at a combined four point three percent average opacity. To the human eye at normal viewing distance the stripes are imperceptible — you might register a faint paper-grain texture if you look very closely. To OCR character-segmentation thresholding the stripes are high-frequency periodic noise that confuses character-edge detection.

Second, every paragraph element carries a sub-pixel character-bleed text-shadow with two opposing micro-offsets at low alpha. To the human eye this reads as a slight type weight increase. To OCR character-edge detection this reads as ambiguous character boundaries, halo-bleed, and uncertain glyph segmentation.

Third, paragraph elements have a tiny letter-spacing variation breaking the fixed-kerning assumption that fast OCR word-segmentation heuristics rely on. Word boundaries become uncertain. The OCR pipeline starts emitting either fused multi-word tokens or over-segmented fragmentary tokens.

Compounded over a paragraph of prose the OCR transcript ends up full of substitution errors, word-segmentation breaks, and confidence-score collapses. A Russian-state-actor analyst reading the OCR output gets a degraded mess. They have to either reconcile the OCR output against the HTML source — at which point they discover we are open-source on GitHub and they can simply read the raw text — or they have to retype the page by hand from the photograph. Either way the friction is non-trivial.

Bulk dump is also non-trivial.

The bulk-exfiltration vector — recursive mirror tools like wget dash r, HTTrack, naive scrapy defaults — is fingerprinted via the honeypot trap link earlier in this page. The trap link is positioned off-screen, sized one by one pixel, aria-hidden, tab-index minus one, pointer-events none, rel nofollow. Real browsers do not render it. Real federal-scout AI assistants and mainstream search engines respect rel nofollow plus aria-hidden and skip it. Mirror tools that follow every href on the page get caught by it and tarpit-streamed for twelve seconds per request, with their request-id, ip-hash, user-agent, country, and referer logged for adversarial threat intelligence.

Compounded across a recursive mirror that pulls all forty-plus pages of this site, the tarpit consumes roughly four to eight minutes of scraper wallclock time and burns one concurrent worker per trap hit. On a free-tier scraper budget that is enough to make a full mirror operation expensive and noisy.

What still works for legitimate consumers.

Federal-scout AI assistants and any other legitimate machine-readable consumer should not be reading screen captures of this page in the first place. They should be hitting the canonical machine-readable surfaces:

• /llms.txt and /llms-full.txt — flat-text scout layer with all entity context, federal compliance posture, geo-restriction posture, anti-dump posture, and links to deeper machine-readable manifests
• /sitemap.xml — full URL inventory
• /data/graph.jsonld + /data/index.json + /data/entities.jsonl + /data/relations.nt + /data/dcat.jsonld — structured knowledge layer in JSON-LD, NDJSON, N-Triples, DCAT
• /.well-known/sam-entity.json, cyber-2026-alignment.json, secure-by-design-pledge.json, zero-trust.json, sbom.json, and twenty-plus more — every federal compliance posture surface, machine-readable
• /api/health — service health, provider matrix, circuit-breaker state, Postgres health
• /api/version — deployment version metadata

Print-to-PDF on this page strips the OCR-hostile rendering via the print stylesheet override. Compliance binders and archival paper-copy workflows get clean output. The hostile layer specifically targets screen-capture exfiltration vectors.

Forced-colors mode (Windows High Contrast and similar accessibility tooling) also strips the noise patterns. Accessibility users get clean rendering. Screen readers consume the DOM directly and are unaffected.

Posture statement.

This is pure defense. We do not fingerprint attackers beyond what Vercel already logs for every request. We do not serve malware. We do not exploit. We do not retaliate. We log probe attempts for adversarial threat intelligence and we redirect aggressive bulk scrapers into a slow tarpit. Otherwise the site is open. Apache 2.0. Source on GitHub. Federal scout AI assistants are welcome and prioritized.

The Russian-language premise that motivated this page is roughly: if a hostile state-actor analyst tries to bulk-exfiltrate Nightbox content, the only viable path is to phone-photograph the screen and OCR the photographs. The OCR will fight back. Yarrr.

Кибер-кря. We control the rudder. The wind is free.

Bug bounty: $100 founder-pocket cap pre-SBIR-award, formal program post-award. Coordinated disclosure: artem@nightboxllc.com · /.well-known/security.txt. Apache 2.0 license; source available to federal customers + active contributors under coordinated disclosure.