I built this Steganography tool as a research project within Oxford University. The goal was for users to be able to communicate via Facebook without anybody being able to even detect the presence of a message, let alone the content.<p>This is a dramatic improvement over the 'dead-dropping' technique of communicating secretly by leaving emails in the draft box for others to receive without actually sending them.<p>The really notable thing about this extension is that the JPEGs it produces can handle recompression without the contained message being damaged. Simply strapping error correction onto Steganography doesn't work and this extension is based on a new algorithm for JPEG steganography which I explain in the paper linked from the article.<p>I'd love to get your feedback on the extension, let me know how you found it to use and let me know if there's anything I can do to make the experience easier!
I remember reading an article where Al Qaeda is using the same practices for sending messages to hidden members via eBay (and other sites). Here is an article (not the same one I read, but the same topic): <a href="http://www.nytimes.com/2001/10/30/science/physical/30STEG.html?pagewanted=all" rel="nofollow">http://www.nytimes.com/2001/10/30/science/physical/30STEG.ht...</a><p>The article mentions government level detection software - but there is also open source software such as StegDetect (<a href="http://www.outguess.org/detection.php" rel="nofollow">http://www.outguess.org/detection.php</a>) which does a reasonable job of detecting steganography within images.
the presence of steganography has long been detectable in images and audio. whether it can be decoded depends on the cipher (if any) that's used for the actual message, but this is a pretty poor way to hide your intent from anyone but the casual onlooker.
I did my own undergrad project on JPEG steganography, and I was surprised that section 2.6 accurately represents popular algorithms being implemented today. At the time it seemed to me that you got significantly better results than the naive algorithm when measuring visible differences and statistical anomalies in two ways...<p>1) Consider the <i>unquantised</i> DCT coefficients. If the unquantised coefficient is 12, and the quantisation factor is 5, then the quantised value is round(12/5) = round(2.4) = 2. If you need to flip the LSB, then the F5 algorithm would change this to 1. My algorithm would have changed this to 3 instead as this was much closer to the unrounded 2.4.<p>2) Encode one bit into multiple quantised co-efficients. For example: If you only need to hide one bit in a block, xor together the LSB of all 64 quantised co-efficients and use that; if you need to flip it, then carefully choose the single co-efficient which produces the best result for your visual/statistical models. (I might have excluded the DC co-efficient, don't remember.) If you need to hide two bits, use half of the co-efficients for one bit, and half for the other, and so on. Conversely, this method could also be extended to so that one bit is encoded into multiple blocks.<p>Rather than a keyed shuffle, I simply required the secret message to be strongly encrypted. This appears to have the added advantage of a message with predictable statistical properties.<p>Note also that robustness was not one of my criteria at the time.<p>Hope this is of some value (or at least interest). And my apologies if I have some of the terminology wrong - this was nearly twenty years ago and I don't have the work in front of me right now!
RE: "These messages are hidden in photos so they cannot be detected by Facebook, Governments or prying friends."<p>I think this claim is overly broad and not particularly true. The NSA surely knows about steganography too. It's been around for a while.
You're relying on volume of photographic posts to hide encrypted content?<p>Could you perhaps include encrypted content in many more photographs to make the volume of encrypted content higher, thus increasing the work load of dealing with encrypted content?<p>I'm not sure how hard it is to detect this content. Try this experiment. Download a BBC tv programme (Horizon works) from a torrent. Edits out a short 3 minute clip. Upload the clip to Youtube. Youtube has very many videos uploaded every minute, yet they ban your clip almost instantly.
Owen, I love your concept. And readers, forget being detected by ant-terrorist organizations, as long as you're not into that stuff! Worse=case scenario, even if some govt. agency inquires you, I'm sure you will pass their lie detector tests with ease since you're not really a terrorist :)<p>Congrats Owen, I can imagine some brilliant use cases for this already - Like surprising your girlfriend on her birthday, etc. :)<p>Thank you for this wonderful extension :)
Very cool, I'm surprised this hasn't had more upvotes. Many years ago I wrote a CLI image steganography tool (with a PHP web interface at <a href="http://incoherency.co.uk/tools/hideimage.php" rel="nofollow">http://incoherency.co.uk/tools/hideimage.php</a> ) but it didn't support JPEG re-compression and isn't nearly as awesome as yours.
That's awesome! I had this idea for a while and I'm glad someone implemented it. Initially I thought about it being used for teens wanting to share secret messages among closed nit friends.
Anyone else getting a 'Package is invalid. Details: 'Could not decode image: '128.png''.' when trying to install the extension from the Chrome Web Store?