You must log in or register to comment.

volci t1_jb9il5y wrote

>Besides being perfectly secure, the new algorithm showed up to 40 per cent higher encoding efficiency than previous steganography methods, they said.

Sorry, but extraordinary claims require extraordinary evidence

If you're altering a source file (by adding information, as in this example), it's detectable

Cryptographic hashes are a perfect test for this type of communication - the hash of the original will never match that of the altered copy

The only "perfectly secure" communication is a true one-time pad ...though, of course, the individuals using that system are subject to data extraction through less 'technical' means


Mr_Locke t1_jb9yj7e wrote

Nail on the head here. Where is their evidence. Also "perfectly secure" isn't a thing and if it's undetectable then the tool you use to pull the data out of your image wouldn't see it to pull it out.

Also to break stego down a bit here is an example. Let's say I have a picture called Ducky.jpg that is exactly 100Mb in size. If I use traditional stego and hide a message in that image it will change it's size to let's say 101Mbs. Now, if this new technique makes it undetectable by also altering the size by removing blank space like compression does but I only the exact amount then we could get our file down to 100Mb. However, if you hashed both images, our nor all ducky.jpg and our ducky.jpg with our stego message inside, even tho they are the same size their hashes will be different.

What am I missing here fellow nerds?


DoktoroKiu t1_jbats40 wrote

Nobody but you has access to the original, so unless you can detect the steganography without the original it is "perfectly secure".

I didn't read anything on this, but I'm guessing the only real advance is that the encoding is not discernable from noise.


zalgorithmic t1_jbb400v wrote

Isnt one of the main points of good cryptography to have the message already be indistinguishable from noise? Just build up enough entropy that it seems like noise unless you have the proper key.


Mechasteel t1_jbbh94i wrote

Cryptography is so when they see your message they can't understand it. Steganography is so they don't see your message. Shannon entropy is how much your message looks like noise, which is coincidentally the same as data density.


Mindless_Consumer t1_jbc3kej wrote

Most (all?) Steganogeaphy can be detected.

For example, one technique is to hide data in a jpeg. Open the file it looks like a regular image. Run the binary through a decryption process, get a secret message.

We may not be able to crack the message. But we can find out it is there. Then hit you until you decrypt it.


ImmoralityPet t1_jbckhzb wrote

That's what they're saying the advancement is here. The presence of the message is undetectable. The alterations that are done to the image are indistinguishable from other probabilistic filters that the file type is typically subjected to.


Mindless_Consumer t1_jbcnplo wrote

If true - its actually a big deal.

Consider a hostile universe and we need to send a signal across the galaxy, the presence of a signal alone is enough information to get you xenocided. Being about to mask the existence of a signal will be vital.


ImmoralityPet t1_jbcqx9l wrote

That's not what they're claiming though. The presence of a signal is known. The presence of a second message embedded in the signal is what is undetectable because the encoding process is embedded in probabilistic filters that the signal was subjected to anyway. And the output signal is indistinguishable from a signal that went through such a filter with no embedded message.


Mindless_Consumer t1_jbcs38u wrote

Yea. So match the signal to that of a local star or some other natural phenomenon.

The point is - if this is impossible which it may be. Long communication in a hostile galaxy may be impossible. If it is possible an explanation for not detecting signals is they are hidden and undetectable.


CrispyRussians t1_jbddq3v wrote

I love that you went right to space travel. I don't think this is applicable but I like where your mind is at


Mindless_Consumer t1_jbdfyzb wrote

Yea, like, I thought we were on futurology.


CrispyRussians t1_jbdg2sf wrote

I think the sun focuses more on the next 50-100 years not the next 1000


Mindless_Consumer t1_jbdggmu wrote

Like I said - its a big deal.

If it is actually hard undetectable, this is how we're going to do it. That's pretty cool.


green_meklar t1_jbcyjm2 wrote

The problem with encrypted data that looks like noise is that noise also looks like encrypted data. If someone sees you sending noise to suspicious recipients, they can guess that you're sending encrypted messages. Governments that want to ban encryption or some such can detect this and stop you.

The advantage of steganography is that you can hide not only the message itself, but even the fact that any encryption is happening. Your container no longer looks like noise; it's legitimate, normal-looking data with a tiny amount of noisiness in its structure that your recipient knows how to extract and decrypt. It gives you plausible deniability that you were ever sending anything other than an innocent cat video or whatever; even people who want to ban encryption can't tell that you're doing it.


zalgorithmic t1_jbczvnb wrote

In my mind it’s best to do:


Not saying steg is bad and cryptography is good, just that I don’t quite see how encrypting the data properly in the first place such that it shows up as some random distribution before embedding it with steganography is a wildly new concept.

If the distribution of encrypted data is that of noise, the image would just appear slightly noisy, especially if doing least significant bit shenanigans


green_meklar t1_jc51rar wrote

>I don’t quite see how encrypting the data properly in the first place such that it shows up as some random distribution before embedding it with steganography is a wildly new concept.

It's not. I was getting at the converse idea: Given your encrypted data, steganography allows you to hide the fact that any encryption is even being used.

>If the distribution of encrypted data is that of noise, the image would just appear slightly noisy

Only by the broadest definitions of 'noise' and 'appear'. The image does not need to actually have visual static like a dead TV channel. That's a very simple way of embedding extraneous data into an image, but not the only way.


jobe_br t1_jbc7axo wrote

Exactly. Say, posting a selfie to Instagram. It’s on your phone and on Instagram, but if in that process a message has been encoded, nobody has anything else to hash against.


tomrlutong t1_jbcuwvj wrote

heres the paper. Anything is detectable if the adversary has the original. This technique claims to result in files that are statistically indistinguishable from unaltered files of the same type. E.g. you can't build a filter to examine all the videocalls going over a wire and find the one carrying stenography.


SatanLifeProTips t1_jbc10wq wrote

Take a new picture, encode info, destroy original picture so no one can compare it.

Or if the process requires comparison of the original you could simply use wily different methods of sending the original and the doctored image. Send both via sneaker net and thumb drives with self destruct buttons.

But the main one being don’t let the same people see the good and doctored image for comparison.


so_good_so_far t1_jbc1mp0 wrote

A lot of stego doesn't increase size at all. You might change the least significant bits of each pixel to your encoded value. The visual difference of the image is nearly undetectable, size is the same, but encoded data has replaced the least important parts of the image data.

Still would fail hash checks, and their claim is still patently false (haven't read it, but if that's actually their claim it's about on par with a perpetual motion machine so don't really need to).


nybble41 t1_jbdba8a wrote

Any steganography system will assume that the adversary doesn't have access to the original file to check the hash. Obviously if they do then the fact that the file was altered in some fashion can't be hidden, though you might be able to provide some other plausible excuse for the changes (e.g. compression).

The claim here is that it's impossible to distinguish the files containing messages from others of the same type. In other words given two images, one with a message and one without, there is no analysis which could say which one contained the message without the decoding key. There is nothing inherently impossible about this on par with perpetual motion machines; it's just extremely difficult to get right when you don't have control over the encoding you're trying to blend in with.

A simpler task would be to hide a message in a highly redundant format of your choosing. For example, any data can be encoded in 2x the original space as interleaved bits from two bitstreams A and B where A consists of strong (pseudo-)random bits and B is the original data XOR A. Both A and B will appear random, but A XOR B gives the original data. (One plausible reason to do this might be to avoid long runs of 0's or 1's in electronic signals or radio transmissions.) Given such an encoding you could replace the random bits (A) with the ciphertext of your hidden message, which should be indistinguishable from noise, and compute B as usual. For anyone without the key there is no way to tell whether the interleaving of A and B contains a hidden message, but someone with the key can simply apply it to the "random" bits.

Of course for this to function as steganography people would need to use this encoding when they weren't sending hidden messages, which is not very likely, or else the encoding itself would give it away. However, real data formats can have similar properties where there is an element of randomness in the encoding. The trick is to substitute random-seeming ciphertext in place of natural noise without leaving any traces. This is the same basic principle as replacing low-order bits in an image with ciphertext, except it's actually not that easy to blend in since natural low-order bits aren't completely devoid of patterns and bias.


so_good_so_far t1_jbdd5pu wrote

For one, steganography systems do not universally assume that. There are plenty of use cases for hiding data in plain sight, commonly used images, etc. Hiding data in a common image might be plenty to slip it past a censor or authority even if a later cryptanalysis might detect it.

But please link me the mathematical proof that backs up their claim that this is "perfectly secure" (whatever that actually means). "Random seeming" is not random. Even tiny biases can tip off attackers that there may be encrypted data, no matter how many times you XOR it. Random is random, everything else has patterns. No matter how cleverly they intermingle it with other structured data, it is not random and I'm not buying it unless they have a peer reviewed proof that backs their claim up.


czl t1_jb9kzow wrote

You get images or video that you suspect may contain a message but not access to originals and you want a way to judge whether there is a message present and inside which images.

It is foolish to leave unaltered originals available if you are using stenography thus the comparison test you refer to can not be done in practice.

If you compress you message well the result is near noise and it is that noise that you then mix among the “natural noise” your media contains. Done right this is hard to decode or even detect unless you know the algorithm.

When claims are made about “encoding efficiency” that depends on (1) what you are hiding (2) inside what with (3) what chance of detection.


zortlord t1_jb9vqmd wrote

>It is foolish to leave unaltered originals available if you are using stenography thus the comparison test you refer to can not be done in practice.

This is just steganography using media files.


greenappletree t1_jb9rxv4 wrote

Wouldn’t it be even safer to encrypt the orinal anyway and then obfuscate it with stengraphy?


D_D t1_jb9x3dz wrote

But if you encrypt information everyone knows there's information to be uncovered. Not every image you come across on the internet has hidden messages.


TheSoup05 t1_jbc41ks wrote

That’s usually what you’d do. Typically steganography isn’t your only form of security. You’d encrypt it first, then encode it. And even if you can detect that there is a hidden message encoded in some file, that doesn’t mean you actually know how to extract it even if it’s not encrypted.

The steganography is really just there to try and avoid having people know you have something worth encrypting so that they aren’t trying to figure out what it is in the first place.


czl t1_jbbk1ar wrote

Originals are proof stenography was used. You destroy those since they are not needed for anything after you send the altered media.


green_meklar t1_jbcyt96 wrote

You don't need to keep the original at all. Just delete it. The version with the hidden message should be the only version anyone but you ever sees.


volci t1_jbbrlww wrote

> Done right this is hard to decode or even detect unless you know the algorithm.

And then you gett he problem of security by obscurity .. "as long as no one knows how we did it, it's secure!"


shponglespore t1_jbcffcx wrote

Obscurity should never be your only security measure, but it can still play an important role in your overall security strategy. You can and should encrypt anything you're hiding with steganography.

Also, steganography isn't really security through obscurity. That phrase generally refers to things like trying to keep a weak encryption algorithm secret because anyone who knows the algorithm has a huge head start on cracking it. Good crypto algorithms are designed to be secure even when an attacker knows exactly which algorithm was used.


czl t1_jbc3ne5 wrote

Is stenography used for security? No. It is used for plausible deniability. For security there is encryption. You understand the difference do you not? When you need both you use both of course.


volci t1_jbc9gjt wrote

Steganography is used for security

Maybe it shouldn't be ...but it is


czl t1_jbcli5n wrote

> Steganography is used for security

Steganography is confused for security.

Steganography can help security but it is not security. It increases the work needed for discovery and only that.

Analogous to the difference between cover and concealment: "Cover is protection from the fire of hostile weapons. Concealment is protection from observation."

Steganography is like "concealment" but not like "cover". To have "cover" you need encryption. You can have one or the other or both.


volci t1_jbcnorh wrote

Wikipedia disagrees with you ...

Steganography is a form of security

Via obscurity :)


czl t1_jbcs10i wrote

My words above are:

>> Steganography can help security but it is not security.

To that you reply

> Wikipedia disagrees with you… Steganography is a form of security … Via obscurity

Obscurity can help security but it is not security is it? You know better than that to believe that so why do you reply to me with ‘Wikipedia disagrees with you’?

Here is what the wikipedia link you shared says:

>> Whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent and its contents.

Concealment can help you avoid detection but concealment does not offer protection does it? If someone has a gun a pile of leaves may conceal you but will it protect you? What do you suppose happens to those who confuse concealment for cover (which does offer protection)?

Do you genuinely not understand the difference between stenography vs cryptography and the different purposes (as Wikipedia explains) they have? Are you being disagreable on purpose to act like a troll? Why then are you being disagreable? What is your purpose?


green_meklar t1_jbcyzzs wrote

With proper cryptography, even if they do know your algorithm, they still can't read your message without the decryption key. Ideally, with good steganography, knowing your algorithm can't even tell them the message is present without the decryption key.


volci t1_jbae8x8 wrote

You have to have the unaltered originals somewhere, or you won't know what you hid where


czl t1_jbbjlgv wrote

> You have to have the unaltered originals somewhere, or you won't know what you hid where

You do not need originals.

Data can be encoded to look like noise yet still be decoded if you know the algorithm despite not having unaltered originals.

This is commonly done when secret messages are EM transmitted for example with turbo codes:

With stenography instead of encoding messages in the EM spectrum you encode in the media (sound, images, video, ...) you are using.

If you have data treated to look random (compressed / encrypted) you can for example encode it using the "least significant bits" of your media which are mostly sensor noise anyways.

A more sophisticated approach can spread this out across pseudo random offset pixels. Your algorithm knowing the pseudo random sequence can decode your data analogous to techniques for secret messages transmission and applications like:


green_meklar t1_jbcz5sf wrote

No, the idea is that you leave data in the file itself that tells the recipient how to find what's hidden in it. The recipient doesn't need to see the original, all they need is the right decryption algorithm and key.


Schrecht t1_jb9jssl wrote

>If you're altering a source file (by adding information, as in this example), it's detectable

Technically true. For steganography, detection requires a copy of the original. If you create your own content and keep no copy after inserting the message, the bad guys don't have the original.


LummoxJR t1_jbbdp5l wrote

There are forms of steganography you can detect without the original, if you have an idea what patterns to look for. Ultimately the data is there somewhere.


Schrecht t1_jbbowfd wrote

Interesting. But it sounds like you're saying that the vulnerability is limited to some forms. Are there forms of steganography which lack that vulnerability?


TheSoup05 t1_jbbz3v3 wrote

Well, allegedly whatever type of steganography the article about doesn’t, but they don’t go into detail so I have my doubts.

The extent of my experience with steganography was a grad course a few years back with a professor who was a big name in the field. So I’m not an expert or anything, but I am somewhat familiar with this. And in my experience the answer is no. It’s an arms race. Someone comes up with a way to hide data, someone else comes up with a way to find it, so someone else comes up with a new way to hide it, so someone comes up with a new way to find it, etc. That’s not to say it’s perfectly accurate and that you can always tell with 100% certainty if a file has data encoded in it, but every method I’ve seen creates some artifact that is generally detectable with with a high degree of accuracy using the right kind of statistical analysis.


Schrecht t1_jbccdli wrote

Interesting. I feel like there must be a way to inject what looks like normal noise and perturb it in ways that look look natural but carry a signal. But you sound like your professor knew his shit. Thanks, it's something to think about.


LummoxJR t1_jbc1n6n wrote

If the data is there, it can be extracted, because the intended recipient was bound to have some way of extracting it. The question is how to know it's there and what to look for. For instance if you know the data is encoded in the LSB of a certain set of pixels in a lossless image, you can pull that data without the original. If you know roughly what to look for, like the data being in the LSB but aren't sure where, it's possible to run various types of pattern recognition on it. Plaintext encoded in the LSBs would be super obvious, for instance. But so would "noise" in an area of the image where LSB noise was expected to be low.

I have no idea what the state of the art is in steganographic detection, but I'm sure it involves the use of statistical tools to identify unexpected patterns in the data. Even if you used cryptography to encode a small piece of text so it became bitwise gibberish and then introduced it into a file through steganography, analytics could probably determine that the entropy of a particular part of the file shot way up. Once the data is found, the problem is no different than deciphering the intercepted message. Although steganography adds a layer of difficulty to the problem, it's just one layer. And if the trick is ever discovered, it stops being useful (to you) forever; you just have to find a new way of hiding data.


warlock415 t1_jbau2wr wrote

> Cryptographic hashes are a perfect test for this type of communication - the hash of the original will never match that of the altered copy

You're assuming you can access the original.


volci t1_jbb8val wrote

someone can

The sender, for example


warlock415 t1_jbbcbvr wrote

Not necessarily. Consider the following: I take a picture of my cat using a digital camera. I open up a laptop without a hard drive, boot to a Linux thumbdrive, copy over the picture from the camera's SD card. I make the picture smaller by some percentage amount and then make the picture bigger by the reciprocal. Save the output of that process and use that as the base for the steganography.

Now, even if someone gets their hands on that SD card and somehow defeats deleting the picture / destroying the card, they still don't have the "original" image that went into the steganography process.


slayemin t1_jbaxl31 wrote

What if they have a system which just runs an app that takes a picture with a phone and encodes the data in the least significant bits of the photo? If they can keep the LSB order random using an crytographically secure PRNG, it would be somewhat secure. The problem is, if an adversary believes a photo contains stego info, then it just becomes a crypto problem. Stego is just a form of security through obscurity, which generally isnt a good security policy.


ControlledSingular t1_jbbs43f wrote

Stego is usefull in a very different way from crypto. With crypto shure i might not know what you are sending between yourselves, but i can know that you are sending stuff. Thus if i catch one of you doing a crime for example, i will be very very interested in investigating your crypto communication buddies, even tho i do not know the messages themselves. Stego aims to fix this by hiding the fact you ever comunicated in the first place. This type of security is ONLY achievable by obscurity.


TheSoup05 t1_jbc7q7x wrote

LSB encoding using a PRNG order is a common way to do steganography, but it’s usually pretty easy to detect. Statistically, an image with LSB encoding will look different than one without it if you’re looking at the distribution of bits across the image.

The goal of the steganography isn’t to replace encryption though. For example, if Alice and Bob are criminals and Alice gets busted, it would definitely look suspicious if someone saw Alice sent Bob a bunch of encrypted messages. They might not be able to figure out what the messages contained, but they don’t need to know in order to start investigating Bob anyway.

Instead though, what if Alice just posted a picture to social media. Nothing about it looks weird, it’s just a regular social media post. Maybe the steganography is detectable if you’re already looking, but it isn’t weird enough to get someone to start looking at it on its own. But…Bob knows there’s a message encoded in that image and how to extract it. So Alice still gets caught eventually for some other reason, but there’s nothing actually connecting her to Bob. She didn’t send anything directly to him, it’s just an image that’s out there where anyone can see it. But Bob still got the message, and was the only one who did. Maybe the police go back now and analyze Alice’s pictures and see exactly which ones had a message encoded onto them, but they still can’t tell what the message was or who it was for.


zapitron t1_jbcd0nh wrote

You don't have to send them the original file or its hash.


ajmartin527 t1_jbdgl4p wrote

That one time pad wiki link led me down a rabbit hole about the history of TLS and SSL. I was reading historic protocol documents for hours. Thank you for that.


hxckrt t1_jbcam1y wrote

Perfectly secure here means someone who knows the exact distribution of the covertext. It's not about cryptography.

I believe this is the paper:


volci t1_jbcb4fa wrote can't know who all has gotten copies


hxckrt t1_jbcj6ly wrote

That's like saying one time pads are not secure because you don't know who has the key. It's about how you model it.


ImmoralityPet t1_jbck1cn wrote

>If you're altering a source file (by adding information, as in this example), it's detectable

Only if you have access to the original, unaltered file. And it's not the alteration that's undetectable, it's the fact that information was encoded using the alteration. That's why they describe using probabilistic filters to do the encoding.


CrispyRussians t1_jbddl20 wrote

The one time pad thing reminds me of privnote. Ive used that in conjunction with signal to send messages. Feels pretty safe


Odd_Mathematician_80 t1_jbedvjh wrote

This is only true if you have the original file to compare the altered file against. It is possible to determine a file has been altered but it now much more difficult to do so. M/L algorithms on known file types should be able to discover these modifications, identifying that there is probably a needle in this haystack, but as the paper explains it is harder to detect the presence of a secret and the secret is still protected even if you find it.


AaronElsewhere t1_jbefzz1 wrote

It's not exceptionally revolutionary technology. It's a technique that has been described before.

Yes, if-and-only-if you had the source file before and after information had been embedded, then absolutely you can tell some encrypted data must have been added(but not necessarily what it was).

However, as a third party(say an oppressive government) looking at maybe images published from IPs within your country and trying to determine if any contain encrypted messages, it is conceivably impossible because you don't have the original file. Since compression already introduces a level of noise, if your encrypted message doesn't introduce more noise than is present then a third party can't distinguish an innocuous image with normal artifacts from compression versus those that have artifacts resulting from embedding encrypted information.

If I generate semi original images such as a meme and embed data in those, then third parties don't have any original files to generate hashes of for comparison against. This is where you're misunderstanding how these techniques are applied.


thesolarcode t1_jbij3rc wrote

This is from the linked article:
To overcome this, the research team used recent advances that allow different sets of data to be sent without the corruption.

How I understand this: for example if the method is used on text, that encoding is done by using different words with the same meaning. So if you don't know the original message, there is no way to figure out there is something hidden in the text message. Because the meaning itself is completely unchanged.


green_meklar t1_jbcy2qk wrote

Of course if you have both a source file and a modified version, you can detect the differences.

But with steganography there's no need for a 'source file'. You can just send some brand-new innocuous-looking file with the hidden message encoded in it. With good algorithms and a high ratio of decoy data to message data, detecting that a message even exists becomes ridiculously hard.


[deleted] t1_jbbirow wrote



banksy_h8r t1_jbbt5m2 wrote

This is the naive approach and will be detectable as a cumulative noise floor higher than expected, based on a corpus of that media type.


BernieEcclestoned t1_jb9l1nw wrote

It still has to be displayed on a screen though, and with something like Pegasus that's all they need


HastyBasher t1_jbacqc1 wrote

How does Pegasus work?


D1rtyH1ppy t1_jbb44q6 wrote

It's probably developed by the Israeli government and sanctioned by the phone manufacturers. Pegasus 2 doesn't need you to click on anything or download a package, the sender just needs your phone number. It cleans itself up nicely also so you can't tell that it was ran on your device. This is most likely the back door that congress was asking for about ten years ago when Apple refused to unlock the phone if the Riverside, CA shooters. Apple gets to claim it doesn't violate the users privacy and the government get access to every smartphone in the world.


kropkiide t1_jbbb4wh wrote

I always wondered why the government would want access to people's personal shit. I mean, they're people too...


Long_Educational t1_jbbeuaw wrote

You ever wonder why they stopped making such a big deal about obtaining access anymore? Because they already got the access they wanted.


burnnottice88 t1_jbbj8c8 wrote

Human behaviour is studied at great length and you can get one hell of a lot of info from a person's smartphone what they watch, for how long, what they watch afterwards, what they upvotes, downvote. Tie that in with smart watches that measure your bpm and blood pressure etc. That info is worth billions to the right people.


Dryandrough t1_jbcm3yo wrote

It's so you can fight terrorists before they commit the crime. They should make a movie about this concept, and call it "Vision Cop."


tofubl t1_jbdm6cd wrote

No, they should call it 'Majority Prediction'


Real-Problem6805 t1_jbd5wjq wrote

That's why everything online should be a lie. Play a character not a person


tRONzoid1 t1_jbe2973 wrote

Until it comes across a guy who drinks coffee and runs a lot


burnnottice88 t1_jbe30no wrote

Then that guy will have ads for coffee machines, running gear and similar things shoved in his face. And because of all the additional info gathered from that guy the ad companies know when, and how often to show the ads to maximize the probability that he will buy something.

They're are no winners here except the people who have all this information.


tRONzoid1 t1_jbimv9w wrote

No I mean you can’t rule out that they’re suspicious just based on internet data


Vineee2000 t1_jbbv38k wrote

Well, Pegasus specifically had been seemingly mostly used to target high-profile, valuable individuals:

Diplomats, activists, etc

Modern day spy stuff, frankly


NewAccount_WhoIsDis t1_jbcmgu4 wrote

One example is that Pegasus has been used against whistleblowers many times by corrupt governments.


shponglespore t1_jbce5e3 wrote

They're people who are effectively above the law, so they don't have to worry about consequences for themselves.


k_plusone t1_jbblpah wrote

That was only 7 years ago. Is time not passing fast enough for you already?


Surfing_magic_carpet t1_jbckdgz wrote

I'd love for someone to get ahold of the Pegasus source code and alter it to get ahold of government officials' data. They want to spy on us, why shouldn't we return the favor?


CrispyRussians t1_jbddhxq wrote

I mean if we can crack Harry Potter someone can crack this right? I really like your idea.


GoodKangaroo7446 t1_jbc69v1 wrote

What is the current status of investigations into the use of Pegasus 2 and its potential impact on user privacy and security?


NewAccount_WhoIsDis t1_jbcm2aq wrote

> It’s probably developed by the Israeli government

It was developed by NSO.

> and sanctioned by the phone manufacturers.



hxckrt t1_jbe0qp6 wrote

Doesn't work that way. A backdoor would indeed give access, but vulnerabilities are different. Exploits are valuable and used sparingly. It's not a key you can keep secret, if someone is recording the internet traffic with something like wireshark, they can steal the exploit or help the manufacturer fix it.


HastyBasher t1_jbah3qc wrote

Says the video is unavailable probay country restricted. I'll read up on it.


2good4hisowngood t1_jbd3gae wrote

It's Spyware, kinda outs your government if they don't want the people to know about it.


Groundbreaking_Rock9 t1_jbdteyh wrote

You can find it on PBS's YouTube channel. I think they did a 3-part series. It's really good.


[deleted] t1_jba6me9 wrote



Peanutbutter_Warrior t1_jbc8got wrote

If you read the article, it's clear that's its a new form of steganography, and that it's purpose is for hiding data. Sometimes the presence of encrypted data is just as dangerous as the data itself.


Frequent_Neck7680 t1_jb9ruvf wrote

I like the steganography code where Damp Panties and Ken Fuckallnight are flirting with each other in the “Husband Home Alone” aol chat room while exchanging coded messages. Sometimes my life feels like I am being used as a steganographic element in a data stream between two aliens. Explains a lot.


ForbiddenJello t1_jbaaf7l wrote

>Sometimes my life feels like I am being used as a steganographic element in a data stream between two aliens.

That's the coolest thing I've read on Reddit in a while :)


xeallos t1_jba5z0x wrote

>Sometimes my life feels like I am being used as a steganographic element in a data stream between two aliens.

Why only two? Maybe it's a party line!


Ponk_Bonk t1_jbaxbne wrote


Back to being alone I guess


Explorer335 t1_jbaobb3 wrote

It's quite likely that tools like this are already in use by intelligence agencies. The concept of steganography is not new, and the advantages are obvious.


filthmrchristian t1_jbb6un1 wrote

Meanwhile over at the nsa a bunch of people are looking at each other with a wry smile 😏


donrhummy t1_jbbxrq0 wrote

impossible. perfectly secure.

LMAO. People who knows nothing about how security works.

Humans have never created anything that's "perfectly secure". We might someday (probably not), but haven't yet.


[deleted] t1_jbe0pw2 wrote



donrhummy t1_jbey87d wrote

It's not. You can steal the pad (and you have to get each person that pad which is a time of vulnerability) or socially engineer the person, and it also depends on the entropy and the algorithm used. You need a very long one time pad to be safe from brute force, and the algorithm needs to not have a backdoor (which isn't as easy as it seems). And even that's not forever safe one we get quantum computers.


[deleted] t1_jbf2vic wrote



bobshmurdt t1_jba7cmd wrote

If its so good at hiding information, then how do they know the information is there? Cuz if they know the information is there then its not good at hiding


Trevor_GoodchiId t1_jbc74m1 wrote

The algorithm arranges the data so that it stands incredibly still.


lunar2solar t1_jbbtfwb wrote

I'm not buying.

This just seems like a gov't honey pot to me. Of course, I could be completely wrong and maybe they did discover "perfectly secure" communication algo, but I doubt it.


cas-san-dra t1_jbbe9a0 wrote

In order to count as non-broken, an encryption algorithm must already be secure against a distinguishing attack. All you need to do is grab a non-broken algorithm, and stick your cyphertext in a place where you can expect to find random junk anyway. Like the least significant bit of an image or frame of a video. This is the standard obvious thing that everybody has known about since forever.

I fail to see why you would need to improve upon this way.


wordub t1_jbbyj4x wrote

If you do things right no one will be sure you've done anything at all.


Ericrobertson1978 t1_jbc77zl wrote

They'll probably outlaw this technology in the near-future, unfortunately.

I never thought I'd see the day that one of the major US political parties started blatantly pushing fascism. They are openly following the fascist playbook at this point.


BenZed t1_jbcliou wrote

“Impossible” sounds like a buzzword used by journalists, and not a word used by actual researchers.

Mind you, I didn’t read the article.


Brieble t1_jbdlu2e wrote

And when it was ready, they where like: "So, is it hidden now ?"


FalseTebibyte t1_jbdwxwu wrote

It's based on the Zero Trust Model.

That is to say, we're in a mindscape and they've realized that secrecy is really quite stupid.


FuturologyBot t1_jb9laed wrote

The following submission statement was provided by /u/thebelsnickle1991:

A breakthrough algorithm conceals sensitive information so effectively that it is impossible to detect that anything has been hidden, researchers said on Tuesday.

The system — which uses steganography instead of cryptology — is so secure it could allow vulnerable groups such as dissidents to communicate more safely with the outside world, they said.

It could also allow investigative journalists and humanitarian aid workers to communicate easier in some countries.

The algorithm may soon be used widely for digital communications, including social media and private messaging, the team led by the University of Oxford said.

Please reply to OP's comment here:


klone_free t1_jbboj8w wrote

How's this gonna sit with EARN IT in america? EARN IT bill passed in 2022 and puts companies on the hook for crimes committed against children, and specifically seemed to have been made with cryptographic messages in mind.


KochSD84 t1_jbcbkun wrote

Does it work if user is viewing the data while browsing around a Target??? lol

I'll stick with the old encryption methods(if its even real), time is a very important factor here and the results after years of real user usage say more than technical data too me.


arthurjeremypearson t1_jbcenlq wrote

"Achieved a breakthrough"?

Or "discovered what They have been doing all along" ?!?!?!


captainfrijoles t1_jbd801z wrote

Man the people creating this level of privacy online gonna start disappearing like the MFs that are curing cancer


Kissaki0 t1_jbdhngt wrote

>Previous steganography algorithms would subtly change the distribution of the innocuous content, meaning the changes could also be detected. > >To overcome this, the research team used recent advances that allow different sets of data to be sent without the corruption.


Like adding another data stream to a media container file like mp4 or alternative media streams or files? That certainly be detectable and obvious something is there.

They say they submitted a patent. Does that mean I can read it? They don't reference or link any.


dGFisher t1_jbf4umh wrote

Sounds like the FBI is about to sting some suckers again.


herscher12 t1_jbh9yyw wrote

"It could also allow investigative journalists and humanitarian aid workers to communicate easier in some countries." It could also be used by spys and terrorists but that wouldnt sound as good


FalloutCreation t1_jbavn1r wrote

All you need is an inside man to get you the password.


Okikidoki t1_jbbj5b5 wrote

Hdsjsjbdhs shhsv vsghs ss djdjxid xbxbns djxjebx xnxjs znnsnx xnxnd


b01000100 t1_jbbprgu wrote

Why would you do that to goats? They can't give consent.


Internal-Tiger-7227 t1_jbchn19 wrote

There is no such thing as privacy. They watch us in our homes and have access to ALL of our shit in the cloud and elsewhere. Your tv watches YOU. There are pinhole cameras and electrical outlet cameras in hotels and everywhere else you go. I am not making this up. They’re sick voyeurs


Sarcasm-n-Caffeine t1_jbb2gx9 wrote

That's nice...the government will have access to this, and anything they have access to, they'll learn to break into. I'd be surprised if the CIA's "PRISM" can't intercept communications under this new protocol within the year.


ghostcatzero t1_jbchpop wrote

Lol they have been had access to this lol. They likely made this. Been available to them for decade. We are just hearing about it now because they let us


Sarcasm-n-Caffeine t1_jbelvhu wrote

It wasn't developed until last year. But I'll believe whatever a random keyboard warrior says before i believe viable sources. Yup makes perfect sense.


ghostcatzero t1_jbexj5q wrote

Yes be a good docile servant to big government and always believe everything they say lol


Sarcasm-n-Caffeine t1_jbfecrj wrote

Nope, i learned about MK ultra before it was declassified. I'm just not buying the fact that they've had access to a technology thats only been patented for less than 6 months. Just because I sincerely believe the government is rotten through and through, doesn't mean I'm gonna believe everything, every internet troll pulls out of his ass.


OniKanta t1_jbax9ip wrote

Again!? 🤣 I give them 6months to a year before this is found to be a scam or used by criminals and the Feds requiring a backdoor that is then exploited by cyber criminals 🤣


nickkangistheman t1_jbaae6v wrote

Shut up and make it a free app available to everyone already