At 06:22 PM 12/10/03 +0200, Anatoly Vorobey wrote:
On Tue, Dec 09, 2003 at 04:20:20PM -0600, Declan McCullagh wrote:
We have anonymity in Web browsing (more or less, thanks to Lance & co). It's not NSA-proof, but it's probably subpoena-proof.
We have anonymity in email thanks to remailers (to the extent they're
still around).
...
alt.anonymous.messages has a healthy amount of traffic.
One could count some fraction of all the *.binaries.* on usenet as anonymous communications (via stego), but then you'd have to know how many are stego'd, and that is the game after all. At 02:24 PM 12/8/03 -0500, Tyler Durden wrote:
Is it possible to determine that the photo 'originally' (ie, when it was sent to me) contained stegoed information, but that it was intercepted in transit and the real message overwritten with noise or whatever?
Now I know pretty much nothing about this subject, but I would suppose
de-stegoing a photo must like some kind of spatial spectral fingerprint
Yes. Trivially, If your correspondent told you, but that's out of band. Otherwise, If there *remains* info which was not washed out "in transit", then that would be an inband way. Maybe all the pictures with a red flower in them are carriers, and this content isn't washed out. Maybe its a more subtle crypto-watermark, independent of the stego'd message. that that
should be visible after the photo is FFT'd (is there freeware software out there?).
1. How do you know the signature of the unaltered carrier-medium? E.g., have you measured the LSBit noise from my camera recently? Under which lighting conditions? 2. Don't you think I can measure the properties of my carrier and shape the stego'd info to match? (This does get into an arms race over what properties to measure.)
Now I IMAGINE that a sophisticated interceptor could substitute 'believable' de-stego-ing noise so that it would look like the photo never had any stego in the first place. OR...is this actually 'impossible' to do perfectly?
And then, what if the interceptor tried to put an alternate message in
You don't just put your message in the LSBits or whatever. You compress, encrypt, and possibly redundantly code them. Then you shape the noise to match the bits you're replacing. there
instead? Is there a way to tell that there was originallya different message there?
My assumption first of all is that nothing was done to prepare the
Depends on the coding. photo
against these possibilities.
Just make sure you did the original analog recording and destroy the original after you stego it. Best also if you never post unstego'd messages so the Adversary can't measure your raw carrier. A simple stego message was placed without real
thought about whether it might be intercepted and altered.
You shouldn't stego life-critical messages without proper training in the use of your tools. (That training may vary with personality, see _Silk and Cyanide_. Some like "why", some like "do this".) ----- "You can have democracy when you vote for the people we approve of" King George to the Colony of Iraq