CDR: Re: stego for the censored

Ralf-Philipp Weinmann weinmann at rbg.informatik.tu-darmstadt.de
Thu Oct 5 06:34:35 PDT 2000


On Thu, 5 Oct 2000, Tom Vogt wrote:

> 
> I'm currently looking for a way to get encrypted data via stego to
> people who live in countries where crypto is illegal, and who may be
> watched. so just sending them a large graphic would likely arouse
> suspicion.
> 
> the 2 best solutions I've come up with so far are porn and spam. both
> are readily believable, even in large quantities.
> the problem with porn is that it may be illegal in itself in the same
> countries. the problem with spam is that ascii text just doesn't offer
> much to hide stego in (whitespacing, etc. is both easy to find and can
> store very little data).

There are at least two more ideas that come to mind here.
The first would be to embed links in your spam messages which take you
sites that you have previously set up which contain a high amount of graphics.
You could then hide the data steganographically in those images. Of course
an automated tool of retrieval for those sites would be handy then as well
(say a browser plugin which scans images tries to extract data out of each
image and only accepts the extracted information if it has been signed with
a previously agreed on key -- i favour a browse plugin over a commandline
tool cause it would maybe look a little bit suss if somebody mirrored a
'become-a-millionaire-in-two-weeks'-website with wget or similar tools).
You might also want to have a look at MP3Stego, a tool which allows hiding
of information in MP3 files.
URL: http://www.cl.cam.ac.uk/~fapp2/steganography/mp3stego/
Sending someone a couple of megs of non-copyrighted mp3s (say bolivian
folklore) should not raise too much suspicion, or better yet, just mail him
links to some geocities account where he can download them instead of sending
them directly.
Any method for data transfer can be used for steganography -- just be creative.

Cheers,
-Ralf

--
Ralf-P. Weinmann <rpw at uni.de>
PGP fingerprint: 2048/46C772078ACB58DEF6EBF8030CBF1724





More information about the cypherpunks-legacy mailing list