‘Secretbook’ Lets You Encode Hidden Messages in Your Facebook Pics

Ben Liddicott ben at liddicott.com
Wed Apr 17 21:44:57 BST 2013

Firstly, I don't think anyone is suggesting that Facebook are actually 
trying to prevent people sending secret messages. They just want to 
optimise bandwidth away from meaningless chatter and towards 
advertising, and compressing the images is purely incidentally 
preventing some steganographic techniques from working. I am pretty sure 
you could send quite long messages purely as variations in the use and 
misspelling of non-words like Lollzr! and how many exclamation marks are 

A technique which is hidden only from casual inspection is one thing, 
and I don't think really qualifies as steganography, it's more like a 
dead drop - if you look for it you will find it. Such techniques can be 
erased simply by looking for the message and then deleting it purposely. 
So the discussion is about techniques which are not detectable even if 
you suspect they are there and if you know the algorithm.

On 14/04/2013 08:16, Ian Batten wrote:
> On 12 Apr 2013, at 00:01, Ben Liddicott <ben at liddicott.com 
> <mailto:ben at liddicott.com>> wrote:
>> That isn't possible, up to a limit. Proof is that any such 
>> transformation can carry only a limited number of bits of data. 
>> Therefore any steganographic message can be destroyed by a 
>> transformation using the same stego technique
> That would rely on Facebook knowing the stego technique and any 
> associated keys.

Indeed, it's assumed that Oscar knows the library of available techniques.
> If it's keyed (ie, Alice and Bob share a key from which they can 
> derive a small subset of the pixels in the image which contain the 
> message), then how can the attacker overwrite that message?   The key 
> would denote some small number of bits, drawn from potentially all the 
> bits in the image.  The attacker can choose some random key and insert 
> a message using that, but if a key identifies some fraction F of the 
> image, adding another message with an independent key would overwrite 
> F of the first message.  As F will typically be small, simple error 
> correction will suffice.

In the presence of a given level of redundancy, the number of bits Oscar 
would have to store in any given image in order to erase the message is 
left as an exercise to the reader.

> Facebook could attack this technique by dithering the whole image. 
>  But I suspect that you can perturb a small number of pixels more than 
> all the bits, so the degradation caused by dithering all the bits 
> sufficiently to extinguish information encoded in any subset of those 
> bits would be visually unacceptable.
Do you think you can perturb a small number of pixels enough to 
withstand an erasure attack, without those pixels becoming detectable as 
a hidden message, and thereby defeating the purpose of steganography?

Oscar can perturb the image as much as he likes provided it isn't 
noticeable to a human - and if it's noticeable to a human it isn't 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20130417/82fb16c5/attachment.html>

More information about the ukcrypto mailing list