Doh, some of these options seem horrible: eg, allowing the data to be extracted automatically using standard tools. If you can automatically detect hidden data, it's only hidden from people who aren't looking. If your data is worth hiding, it's worth hiding from people who know how to use "find -exec" (or had someone else set up an automated sweep program for them).
That's worrisome; they should be using a purpose-built key derivation function, like PBKDF2, bcrypt or scrypt. Using only SHA3 means it is easy to brute-force the key by searching for likely passwords.
Props for using social media share nag images that do not load from Twitter/Facebook/Google until click. :) Better speed and better privacy for end users.
is there any evidence that the steganography here is undetectable? i would have thought that uniformly random data in the low bits of an image's data (pixels or fourier coefficients or whatever) was a clear signature for anyone trying to find these things. aren't they naturally correlated in various ways?
also, something like tineye can be used to retrieve web-sourced images for comparison, which would make any hidden data really obvious (and a smooth gradient would be even more suspicious if the lowest bits weren't smooth).
what is the state of the art in steganography? is it feasible for reasonable bandwidth? what are the best carrier data to use? do phone cameras provide raw images or are they always jpegs? i guess a webcam video uploaded to youtube has the advantages of large data volume, unique content, and wide visibility. but do they reformat?
Off course before you even get to all that, I'd be concerned about the steganographic problem where they go to your ISP's logs and see you've visited the site.
also, something like tineye can be used to retrieve web-sourced images for comparison, which would make any hidden data really obvious (and a smooth gradient would be even more suspicious if the lowest bits weren't smooth).
Smooth gradients are only smooth if you add noise to the lower bits, due to having only 256 color levels per channel. A comparison: http://imgur.com/0cJWm8t
Those color bands are indeed only one color value apart per channel; the first visible band is rgb(50, 120, 50), while the second is rgb(51, 119, 51).
> Supported container types: [...] rand, which downloads a random image from Wikimedia;
I honestly don't see the point of that container type. How much useful is steganography if the original JPEG is publicly available for comparison? How could anyone ever plausibly deny that?
"You were emailing this image from Wikimedia, but made subtle modifications to the file. Can you explain this?" - "Umm ... I guess I downloaded it via a noisy internet connection." ?!
Comrade Smith, you have emailing picture wikimedia's, but you altering it. Why it resized when you having fast internet connection? We know you hiding message with steganography and requesting key. You will remaining in solitary confinement until key given.
26 comments
[ 4.4 ms ] story [ 58.5 ms ] threadhttps://github.com/darkjpeg/darkjpeg.github.io/blob/07171bd0...
also, something like tineye can be used to retrieve web-sourced images for comparison, which would make any hidden data really obvious (and a smooth gradient would be even more suspicious if the lowest bits weren't smooth).
what is the state of the art in steganography? is it feasible for reasonable bandwidth? what are the best carrier data to use? do phone cameras provide raw images or are they always jpegs? i guess a webcam video uploaded to youtube has the advantages of large data volume, unique content, and wide visibility. but do they reformat?
Unless it runs on your computer and you can trust that, it's useless.
Smooth gradients are only smooth if you add noise to the lower bits, due to having only 256 color levels per channel. A comparison: http://imgur.com/0cJWm8t
Those color bands are indeed only one color value apart per channel; the first visible band is rgb(50, 120, 50), while the second is rgb(51, 119, 51).
As has been shown before, open and closed source products people use (including security software) has been time and time again proven to be insecure.
I still would be somewhat wary to use this site for actual stuff I care about, but its a cool site and a cool little idea.
I honestly don't see the point of that container type. How much useful is steganography if the original JPEG is publicly available for comparison? How could anyone ever plausibly deny that?
"You were emailing this image from Wikimedia, but made subtle modifications to the file. Can you explain this?" - "Umm ... I guess I downloaded it via a noisy internet connection." ?!