This is a dramatic improvement over the 'dead-dropping' technique of communicating secretly by leaving emails in the draft box for others to receive without actually sending them.
The really notable thing about this extension is that the JPEGs it produces can handle recompression without the contained message being damaged. Simply strapping error correction onto Steganography doesn't work and this extension is based on a new algorithm for JPEG steganography which I explain in the paper linked from the article.
I'd love to get your feedback on the extension, let me know how you found it to use and let me know if there's anything I can do to make the experience easier!
I hope that's alright with you. If not, I'll happily take it down.
I considered a number of flows but eventually decided this was most discrete. Check out the paper I link to at the bottom of my post to read all about the options I considered and why I selected this one.
Edit: Found the linked paper. Thanks!
The article mentions government level detection software - but there is also open source software such as StegDetect (http://www.outguess.org/detection.php) which does a reasonable job of detecting steganography within images.
I think this claim is overly broad and not particularly true. The NSA surely knows about steganography too. It's been around for a while.
I'd suggest you read James Bamford's three books on the NSA for further insight. (The Puzzle Palace, Body of Secrets, and The Shadow Factory.) http://en.wikipedia.org/wiki/James_Bamford#Books
Hence steganography means that not only can your messages not be decoded, they can't be detected.
Specifically, this extension's innovation is allowing steganography on walled gardens such as Facebook which recompress images after uploading them.
It just seems really inefficient way of sending an encrypted message.
The message is encoded in the image by very slightly changing the values of pixels (or some similar method). The message is only revealed with the browser extension
Don't count on it.
It's not really a secret: http://www.youtube.com/watch?v=XDM3MqHln8U#t=3318s (note that Facebook was specifically mentioned @ 56:07)
In the future this tool could be extended to other sites which recompress images when they're uploaded although it would certainly be a more confusing user experience.
1) Consider the unquantised DCT coefficients. If the unquantised coefficient is 12, and the quantisation factor is 5, then the quantised value is round(12/5) = round(2.4) = 2. If you need to flip the LSB, then the F5 algorithm would change this to 1. My algorithm would have changed this to 3 instead as this was much closer to the unrounded 2.4.
2) Encode one bit into multiple quantised co-efficients. For example: If you only need to hide one bit in a block, xor together the LSB of all 64 quantised co-efficients and use that; if you need to flip it, then carefully choose the single co-efficient which produces the best result for your visual/statistical models. (I might have excluded the DC co-efficient, don't remember.) If you need to hide two bits, use half of the co-efficients for one bit, and half for the other, and so on. Conversely, this method could also be extended to so that one bit is encoded into multiple blocks.
Rather than a keyed shuffle, I simply required the secret message to be strongly encrypted. This appears to have the added advantage of a message with predictable statistical properties.
Note also that robustness was not one of my criteria at the time.
Hope this is of some value (or at least interest). And my apologies if I have some of the terminology wrong - this was nearly twenty years ago and I don't have the work in front of me right now!
2) This general idea is a good one and the way it is used in steganography is Wet Paper Codes. These effectively provide options for how to encode short messages so you can select that which best matches the coefficients which already exist. A simple example:
Encode 00 as either 0000, 0001, 0010 or 0011 Encode 01 as either 0100, 0101, 0110 or 0111 And so on
Hence when we wish to send a 2-bit message we often only need to change a single bit in the coefficients to get to a correct code word.
Hence Wet Paper Codes are able to achieve a high ratio of bits transferred to bits flipped.
I'm sure a keyed shuffle is the right way to go, certainly also encrypting is helpful but I see no downside of more evenly spreading changes across an image using a shuffle.
Could you perhaps include encrypted content in many more photographs to make the volume of encrypted content higher, thus increasing the work load of dealing with encrypted content?
I'm not sure how hard it is to detect this content. Try this experiment. Download a BBC tv programme (Horizon works) from a torrent. Edits out a short 3 minute clip. Upload the clip to Youtube. Youtube has very many videos uploaded every minute, yet they ban your clip almost instantly.
Either way, this is a marked improvement over sending private messages on the Facebook or unencrypted emails (and sending encrypted emails is a very fast way to get noticed).
Congrats Owen, I can imagine some brilliant use cases for this already - Like surprising your girlfriend on her birthday, etc. :)
Thank you for this wonderful extension :)
I'd like to use this from the command-line.
Thanks.
