Or you can simply do it using this follow-up prompt. No external tools are needed. Worked for me:

    Remove all non-visible whitespace characters such as 0x202F from the text.

Alternatively, if you have access to the original prompt, just append this:

    Your response should not contain any non-visible whitespace characters such as 0x202F or 0x0A (newlines are allowed).

I remember when $EMPLOYER was caught sending all-employee emails with individualized unicode homoglyph watermarks, to try to identify leaks.

These don't appear to be intended as watermarks. They're merely a valid use of non-breaking space for tightly coupled elements like "2.5 billion" and "Title I".

Sure, a human author would almost never do that, but they could. I could imagine a Markdown syntax that did that – it could be done similar to how `code` is marked up in most blogs.

All the examples of non-breaking spaces that they showed were arguably places where someone nicely typesetting might well do the same thing. For example, in "FY 2025", or "$8.7 billion". (I've even done this a lot myself in the past.)

I wouldn't call this a watermark, but more a sign of likely copy&paste, if students' word processors weren't currently doing that.

A "watermark" that invisibly identifies the text origin using Unicode tricks sounds possible.

And maybe you could do some things with statistical patterns.

Or you could, as some have done in the past, is to stego the identifying information in a way that's hard to spot but can't be denied later (e.g., the first letter of each word clearly spells out "john smith is a cheater who copied this from chatgpt").

Software engineers should know that source code can be encoded in a string of white spaces and then ran through a compiler function to produce undetectable functionality