New Program Makes It Even Easier To Hide & Access Information In Flickr Photos

from the ban-flickr! dept

The practice of hiding data in images — known as steganography — is nothing new. People have talked about it for ages, and we’ve long heard reports of how nefarious organizations used it all the time. But, of course, it can also be used for perfectly good reasons as well — and now it may have just become a lot easier to use. Glyn Moody points us to the news of a new steganography program that is designed to work easily via Flickr, with the goal of getting news reports to various countries that try to censor the internet. The program, called Collage, supposed makes it quite easy to both encrypt and decrypt information in Flickr photos, knowing that Flickr — unlike many news sites — isn’t often blocked in countries that censor the internet.

Of course, once word of this program gets out, that could possibly change, but the programmers behind it say they can easily expand it to work with other photo sharing sites as well.

None of this is that surprising, really. In fact, my first reaction on hearing it was to think that this can’t be new, as I’m pretty sure other offerings have already allowed such functionality with Flickr. However, it is a nice reminder that every time you try to censor the internet, there will be ways through, and that includes just masking the traffic you want blocked as legitimate traffic, such as Flickr photos.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “New Program Makes It Even Easier To Hide & Access Information In Flickr Photos”

Subscribe: RSS Leave a comment
12 Comments

The Weakness of Steganography.

Well, I don’t know. Suppose the censor sets up a system to automatically degrade every image file by a substantial amount, say the equivalent of fifty or seventy-five percent lossy compression.

What the censorship in England during the Second World War did was to paraphrase telegram messages, across the board, in order to mess up codes. “Uncle Jim is sick” might become “Uncle James is ill.” Of course the censorship could do this because various wartime restrictions were in effect. The government had taken over foreign trade, with a view to economizing on the limited supply of foreign exchange. A business in London was not allowed to buy things from New York, but had to go through a government agency. The result was that things like price lists, which have to be exact, were no longer being transmitted between businesses in different countries. The British government put together a single big order, and decided who got what out of it.

The way to hide messages in and out of a country is to bundle them in with the business communications. That way, the censor is at risk of messing up the country’s export business.

Blatant Cowardsays:

Re: The Weakness of Steganography.

HAM radio operators have had programs to send video via sound information for years. The makers of Portal used such a concept to hide ads as “information leaks” for their new product in a recent update to their current game.

Lossy signal is nothing new for communications, the only thing to do is either repeat the information in a number of places, such as a hidden hash in a ‘free to download’ program such as a flash game or repeat the signal in a number of pictures in a ‘personal’ or ‘business’ website.

The difficult trick, is getting the decryption information to the receivers on the other end, including ‘where are the things to be decrypted found at.’ Any method routinely used could be discovered, blocked or used to set traps for the end users with substituted information.

AJsays:

Could still be dangerous if the steganography is detectable

If a regime decides to continue to allow Flickr despite this, it sounds like they could use Collage themselves to detect and decode the hidden material. Once they know which pictures contain censored information they log any downloads of those images against the user’s IP address and use that as information about who in their own population is reading it. I would want the program to need the right key to even be able to detect that there is hidden material present before I used something like this.

Re: Could still be dangerous if the steganography is detectable

If a regime decides to continue to allow Flickr despite this, it sounds like they could use Collage themselves to detect and decode the hidden material.

stego can be detected, all you have to do is look for extraneous data in an image file. the problem isn’t that it’s detectable, it’s that services like flickr host billions of files that would have to be checked:

http://www.citi.umich.edu/u/provos/stego/

Once they know which pictures contain censored information they log any downloads of those images against the user’s IP address and use that as information about who in their own population is reading it.

the thing with steganography is that you have to know where to look and then apply a method for extraction. if you have the target and extraction method ahead of time it’s just a layer of inconvenience, like crypto. if you are an outsider sweeping for steganographic data, you are looking for a needle in a haystack which is potentially sitting in a stack of haystacks.

if you were to pair this tool with a bunch of compromised/colluding accounts, it would be very difficult to locate the party that is making these materials available. if these accounts are popular, it might also be difficult to locate the parties who are downloading these materials as well. a popular photographer may get thousands of hits per day on his/her photos, and if he/she has thousands of posted photos, it may not be apparent that a photo has been modified.

I would want the program to need the right key to even be able to detect that there is hidden material present before I used something like this.

stego isn’t undetectable, nor is it unbreakable, but it does do a lot to obscure your activities. the point of stego is to put your payload out in the open. you are hiding your message in plain sight.

stego also pairs up nicely with crypto: you can embed encrypted data inside an file using steganography, so even if you can find the suspicious image(s), you may not necessarily get the payload.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop ┬╗

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
13:40 It's Great That Winnie The Pooh Is In The Public Domain; But He Should Have Been Free In 1982 (Or Earlier) (35)
12:06 Norton 360 Now Comes With Crypto Mining Capabilities And Sketchy Removal Process (28)
10:45 Chinese Government Dragnet Now Folding In American Social Media Platforms To Silence Dissent (14)
10:40 Daily Deal: The 2022 Ultimate Cybersecurity Analyst Preparation Bundle (0)
09:29 A Fight Between Facebook And The British Medical Journal Highlights The Difficulty Of Moderating 'Medical Misinformation' (9)
06:29 Court Ruling Paves The Way For Better, More Reliable Wi-Fi (4)
20:12 Eighth Circuit (Again) Says There's Nothing Wrong With Detaining Innocent Minors At Gunpoint (15)
15:48 China's Regulatory War On Its Gaming Industry Racks Up 14k Casualties (10)
13:31 Chinese Government Fines Local Car Dealerships For Surveilling While Not Being The Government (5)
12:08 Eric Clapton Pretends To Regret The Decision To Sue Random German Woman Who Listed A Bootleg Of One Of His CDs On Ebay (29)
10:44 ICE Is So Toxic That The DHS's Investigative Wing Is Asking To Be Completely Separated From It (29)
10:39 Daily Deal: The 2022 Complete Raspberry Pi And Arduino Developer Bundle (0)
09:31 Google Blocked An Article About Police From The Intercept... Because The Title Included A Phrase That Was Also A Movie Title (24)
06:22 Wireless Carriers Balk At FAA Demand For 5G Deployment Delays Amid Shaky Safety Concerns (16)
19:53 Tenth Circuit Denies Qualified Immunity To Social Worker Who Fabricated A Mother's Confession Of Child Abuse (35)
15:39 Sci-Hub's Creator Thinks Academic Publishers, Not Her Site, Are The Real Threat To Science, And Says: 'Any Law Against Knowledge Is Fundamentally Unjust' (34)
13:32 Federal Court Tells Proud Boys Defendants That Raiding The Capitol Building Isn't Covered By The First Amendment (25)
12:14 US Courts Realizing They Have A Judge Alan Albright Sized Problem In Waco (17)
10:44 Boston Police Department Used Forfeiture Funds To Hide Purchase Of Surveillance Tech From City Reps (16)
10:39 Daily Deal: The Ultimate Microsoft Excel Training Bundle (0)
09:20 NY Senator Proposes Ridiculously Unconstitutional Social Media Law That Is The Mirror Opposite Of Equally Unconstitutional Laws In Florida & Texas (25)
06:12 Telecom Monopolies Are Exploiting Crappy U.S. Broadband Maps To Block Community Broadband Grant Requests (7)
12:00 Funniest/Most Insightful Comments Of 2021 At Techdirt (17)
10:00 Gaming Like It's 1926: Join The Fourth Annual Public Domain Game Jam (6)
09:00 New Year's Message: The Arc Of The Moral Universe Is A Twisty Path (33)
19:39 DHS, ICE Begin Body Camera Pilot Program With Surprisingly Good Policies In Place (7)
15:29 Remembering Techdirt Contributors Sherwin And Elliot (1)
13:32 DC Metro PD's Powerful Review Panel Keeps Giving Bad Cops Their Jobs Back (6)
12:11 Missouri Governor Still Expects Journalists To Be Prosecuted For Showing How His Admin Leaked Teacher Social Security Numbers (39)
10:48 Oversight Board Overturning Instagram Takedown Of Ayahuasca Post Demonstrates The Impossibility Of Content Moderation (10)
More arrow
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it