<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-text-html" lang="x-western"> Firstly, I don't think
anyone is suggesting that Facebook are actually trying to prevent
people sending secret messages. They just want to optimise
bandwidth away from meaningless chatter and towards advertising,
and compressing the images is purely incidentally preventing some
steganographic techniques from working. I am pretty sure you could
send quite long messages purely as variations in the use and
misspelling of non-words like Lollzr! and how many exclamation
marks are used.<br>
<br>
A technique which is hidden only from casual inspection is one
thing, and I don't think really qualifies as steganography, it's
more like a dead drop - if you look for it you will find it. Such
techniques can be erased simply by looking for the message and
then deleting it purposely. So the discussion is about techniques
which are not detectable even if you suspect they are there and if
you know the algorithm.<br>
<br>
<br>
<div class="moz-cite-prefix">On 14/04/2013 08:16, Ian Batten
wrote:<br>
</div>
<blockquote
cite="mid:AB45A613-3617-4334-AD8D-DF7ECB13F882@batten.eu.org"
type="cite"> <br>
<div>
<div>On 12 Apr 2013, at 00:01, Ben Liddicott <<a
moz-do-not-send="true" href="mailto:ben@liddicott.com">ben@liddicott.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<p dir="ltr">That isn't possible, up to a limit. Proof is
that any such transformation can carry only a limited
number of bits of data. Therefore any steganographic
message can be destroyed by a transformation using the
same stego technique</p>
<div><br>
</div>
</blockquote>
That would rely on Facebook knowing the stego technique and
any associated keys. <br>
</div>
</blockquote>
<br>
Indeed, it's assumed that Oscar knows the library of available
techniques.<br>
<blockquote
cite="mid:AB45A613-3617-4334-AD8D-DF7ECB13F882@batten.eu.org"
type="cite">
<div>If it's keyed (ie, Alice and Bob share a key from which
they can derive a small subset of the pixels in the image
which contain the message), then how can the attacker
overwrite that message? The key would denote some small
number of bits, drawn from potentially all the bits in the
image. The attacker can choose some random key and insert a
message using that, but if a key identifies some fraction F of
the image, adding another message with an independent key
would overwrite F of the first message. As F will typically
be small, simple error correction will suffice.</div>
</blockquote>
<br>
In the presence of a given level of redundancy, the number of bits
Oscar would have to store in any given image in order to erase the
message is left as an exercise to the reader.<br>
<br>
<blockquote
cite="mid:AB45A613-3617-4334-AD8D-DF7ECB13F882@batten.eu.org"
type="cite">
<div><br>
</div>
<div>Facebook could attack this technique by dithering the whole
image. But I suspect that you can perturb a small number of
pixels more than all the bits, so the degradation caused by
dithering all the bits sufficiently to extinguish information
encoded in any subset of those bits would be visually
unacceptable. </div>
<br>
</blockquote>
Do you think you can perturb a small number of pixels enough to
withstand an erasure attack, without those pixels becoming
detectable as a hidden message, and thereby defeating the purpose
of steganography?<br>
<br>
Oscar can perturb the image as much as he likes provided it isn't
noticeable to a human - and if it's noticeable to a human it isn't
steganography. <br>
</div>
</body>
</html>