display | more...
Take a quick peek at the pretty thorough steganography node to get up to speed on what steganography is about. Steganographic data need not be encrypted in most cases as people simply don't realise that it's there. This leads me to the matter in hand... How can (secret) information be hidden within E2? I have come up with a few possibilities, and detailed them below in no meaningful order:


The Image Method:
If you have a high enough position in the E2 Caste System you are allowed to place an image on your homenode. Currently you must be a Level 6 (crafter) to do this. Image files are an easy target for information hiding as a 350x350 pixel image contains the same amount of data as a pretty hefty page of text. Steganographic techniques usually have a problem with hiding large amounts of information within a small file; in the case of images, hidden information shows up as noise.

Recommendations:
If you're using a GIF image, use a black and white one. This will make the noise less noticeable.
The bigger your image, the less dense the noise will be.

Pros:
Can hold a fair chunk of information
Not necessarily easy to detect - always requires special software.

Cons:
Requires Level 6 or higher
All E2 homenode images are stored in the same directory (http://www.everything2.com/images/userincoming/). An attacker could easily download all the image files there and check them quite quickly.
You only have one image, so your information hiding capacity is limited.


The Attribute Method:
E2 supports attributes for some HTML tags. This is how you right align a paragraph:
<p align="right">this is on the right </p>
This is how you can use the "align" tag attribute to hide information:

<p align="this_could_be_a_PGP_encrypted_message_with_its_headers_stripped"> Innocent looking text </p>

(note the need for underscores... spaces will not work)

This can also be done using the clear attribute of the BR tag if you prefer to use BR's instead of P's.

Recommendations:
Encrypt your text if you feel the need; Stealth (see the links at the bottom) will help you with this
Don't put tons of information in one writeup, spread it around
Don't put the information in a popular node (duh)

Pros:
Plenty of storage capacity... limited only by the number of WU's you can manage not to get nuked.
Easy to carry out - requires no software other than (optional) crypto software.
There's so much E2 and so little time - how the hell is the attacker going to find your writeup in all that lot?

Cons:
Easy to detect
Easy to extract the information unless crypto techiniques are used


The Whitespace Method:
It is possible to use steganographic software to encode a hidden message into the whitespace at the end of lines of text. This poses some problems, as HTML formatted pages usually have text which wraps at the end of the line, so enforcing your own line breaks may seem a little unusual. Luckily there's a way out: add the whitespace to the HTML source rather than the text which is visible in the browser

To demonstrate, view the source of this page and search it for "mnbvcxz". Now look at the following lines.

This has whitespace added in the visible portion
and while the browser won't render it
it'll still be there in the source.

A better way is to do it is like this, with ordinary text formatting and extra whitespace sitting at the end of lines of HTML. That way you can format your writeup however you like and the whitespace doesn't stand out in the source quite as badly. On the downside, you won't be able to encode as much data.

A cgi script is available to add encrypted text to HTML using the whitespace method (see the links section below)

Recommendations:
Don't put tons of information in one writeup, spread it around
Don't put the information in a popular node (duh)
Use the web based tool to carry out whitespace encryption

Pros:
Fairly difficult to detect
Fairly difficult to extract the data.
There's so much E2 and so little time - how the hell is the attacker going to find your writeup in all that lot?
No steganography software required other than the CGI script

Cons:
Low capacity - a typical writeup will hold only a few bytes of text


Useful Links:

Steganography software links available here:
http://www.cl.cam.ac.uk/~fapp2/steganography/stego_soft.html

Stealth (strips headers from PGP data) is here:
http://cypherspace.org/~adam/stealth/

Snow (encodes data into the whitespace of text) is here:
http://www.darkside.com.au/snow/

Web-based Snow is here:
http://web.ece.villanova.edu:8080/~perry/snow/snow.html



Disclaimer: If you think it would be a great idea to hide vast amounts of information within the E2 database, you are wrong. Simple as that. You are increasing load needlessly.

There is another (what was to me the most obvious) method of stego'ing text in text: typoes.

It's more dense than whitespace: typos may have a value (what character they are) as well as an existence. You could encode using either method:

Existence: every, say, fifth word may or may not contain typos. Pros: easy to encode/decode reliably (you only have to check every fifth word), allows for more natural-looking typoes (you don't need people to believe that the extra 'z' in "pozll" somehow happened naturally) and typos of omission. Cons: hard to decode automatically, as spell-checkers are only so good at spotting typoes (but easier than the value-based method below), not very dense (though using a smaller character set than ASCII, say Baudot, or ISO 6-bit if you need digits too, can mitigate this).

Value: typos may occur anywhere but each is significant, as the character itself carries data. Two typoes could encode a byte, with the least-significant four bits of each being the value sought. Thus, you'd encode 10110111 as a sequencence of two typos: one character whose ASCII value mod 16 is 11, followed later by one for which ASCII mod 16 = 7. Pros: denser encoding. Cons: may force more unnatural-looking typos like "pozll", harder to encode/decode reliably, much harder to decode automatically. Also becomes obvious if you're a noder, like myself, who almost never typoes.

You could of course combine the two methods, or alternate them, or use an entirely different method based on typos, or whatever. The gist of the idea, as with all steganography, is unobtrusively inserting planned "noise" into a large chunk of data.

Some cryptology guy claims that certain eBay auction items' images change fractionally at intervals. To him this suggests steganograhy in eBay, a reasonable-looking reading of the cards to me. So the idea of stego in a large body of distributed work is nothing all that unusual: it may, in fact, already be commonplace.

Log in or register to write something here or to contact authors.