
DissidentX – Censorship resistance tool by Bram Cohen - edwincheese
https://github.com/bramcohen/DissidentX
======
sillysaurus2
Judging by the claims and the code, this is a tool created by someone who
hasn't read any prior research about steganography. If you trust this, don't
be surprised when law enforcement detects that you're using it.

I'm surprised to see someone of Bram Cohen's caliber releasing something like
this. No one has any business coding security tools unless they've taken time
to read forensics whitepapers to look for reasons why their tool won't work.
And this tool certainly won't work.

The goal of steganography is to hide the fact that you've transmitted
messages. The longer the message, the harder that becomes. This may be
suitable for hiding a few bytes, but no useful message is going to be a few
bytes, unless it's something like a decryption key (and hiding a decryption
key using stego would be crazy). This doesn't solve the problem of "law
enforcement wants to know what your decryption keys are, because they've
detected you're encrypting data." The whole point of stego is to avoid that
scenario.

Anyone who's interested in steganography should start here:
[http://www.cl.cam.ac.uk/~rja14/Papers/jsac98-limsteg.pdf](http://www.cl.cam.ac.uk/~rja14/Papers/jsac98-limsteg.pdf)
... No one who reads that whitepaper and understands its implications would
take this tool seriously.

EDIT: To clarify: a message as short as ~50 bytes can often be detected,
depending on the stego implementation, because even that is enough to cause
statistical anomalies in the covertext which indicates that an encrypted
message is hidden in the covertext. So I'm not talking about detecting images
or videos sent via stego; just encrypted plaintext messages.

~~~
bramcohen
This is a framework for steganographic schemes, not a specific steganographic
scheme. The specific ones thrown in are just for demonstration purposes. The
versatility of this approach is a major step forward in defeating statistical
detection schemes. You of course don't know this, because you haven't read
through the page and figured out what the code does.

~~~
sillysaurus2
_You of course don 't know this, because you haven't read through the page and
figured out what the code does._

Let's not get personal. I only mentioned your name because it was in the
headline, not to bully anyone.

I know this is a framework. But the problem with stego is that as soon as you
release your code, you make it almost trivial for law enforcement to detect
that you're using stego. It's a catch-22: you want people using the code, but
you don't want law enforcement knowing what code you're using, because then
they can just use the same code to detect that you're using stego, which
defeats the purpose of stego.

This isn't theoretical. Each time someone releases a new stego tool out into
the wild, forensics companies add it to their own frameworks for detecting
stego.

Let me be clear: I _want_ you to succeed, and I think it's a great thing that
so much effort is being put into developing these sorts of tools. But you have
to say something like "Don't use this tool yet! It's not ready for
production!" ... The way it was presented here made it sound as if it's ready
to be used, but anyone who uses it in its current state will be swiftly
detected by law enforcement.

Let's put it another way. Do you think the 120 people who upvoted this did so
because they understood this is "just a framework / reference," or because
they were hopeful this actually works? It's not fair to them not to include a
disclaimer saying this shouldn't be used. The way the README is written makes
it sound like you're encouraging people to use it, even though it's not
intended to be used.

~~~
skunkworks
There's great irony in you saying

> Let's not get personal.

right after saying

> I'm surprised to see someone of Bram Cohen's caliber releasing something
> like this.

~~~
sillysaurus2
I feel bad about it. I shouldn't have called him out by name; I should've
concentrated solely on why this tool falls short. Sorry, Bram.

I'm just worried that people will see his name, see that he's saying things
like "this tool is ready to be used," and then actually use this, just because
"It's Bram Cohen," and end up getting themselves caught.

~~~
cynicalkane
I don't see anything wrong with pointing out that a famous person's work is
below par, particularly when said person decides to show up in the thread and
ignore what you are saying and act like a jerk in response. You shouldn't
retreat so easily.

------
stuartcw
Here's another fun steganographic tool:
[http://www.spammimic.com](http://www.spammimic.com)

Hide messages in SPAM Text:

Dear Decision maker , We know you are interested in receiving amazing
intelligence . This is a one time mailing there is no need to request removal
if you won't want any more . This mail is being sent in compliance with Senate
bill 1625 ; Title 4 ; Section 302 . THIS IS NOT MULTI-LEVEL MARKETING ! Why
work for somebody else when you can become rich as few as 33 days . Have you
ever noticed people love convenience and more people than ever are surfing the
web ! Well, now is your chance to capitalize on this ! WE will help YOU
decrease perceived waiting time by 190% and increase customer response by 150%
. You can begin at absolutely no cost to you . But don't believe us . Ms Ames
of Washington tried us and says "I was skeptical but it worked for me" . We
assure you that we operate within all applicable laws . We implore you - act
now ! Sign up a friend and you get half off . God Bless !

~~~
yid
That is actually remarkably clever. Spam would indeed seem to be an excellent
vector for sending hidden messages!

~~~
wrongc0ntinent
What in this makes it get past spam filters?

~~~
sp332
It doesn't matter, as long as it still gets delivered to a spam folder, you
can still retrieve the message.

------
tsaoutourpants
Stenography is one of the NSA's worst nightmares. Encrypted strings sent over
the Internet they know are encrypted, and often know what algorithm and key
length. But the fact that any image can contain an encrypted message, and
there's know way to know whether or not something exists within, scares the
shit out of them.

So, good work.

~~~
DanBC
Most steganography is trivially easy to detect.

Steganography that is implemented correctly then requires reasonable amounts
of cover text, and small amounts of hidden text.

NSA fucking loves steganography because most of it is a toy implementation
where someone hides text in the LSB of the bytes of a gif or jpeg. The ratio
of cover:hidden text is terrible. And the implementer forgot to mention that
it's just a toy and not to be used seriously.

The number of decently implemented steganography systems is small.

~~~
chongli
Why use cover text? Why not just put ciphertext in a jpeg? Wouldn't that just
show up as noise?

~~~
DanBC
Sorry, by cover text I mean anything that is used to hide the hidden text.
Thus, the jpeg would be the cover text.

Thanks for pointing that out.

To answer the question: It shows up as a specific type of noise that's easy to
detect. Some of the crypto / math people will be able to explain it much
better than I can.

~~~
chongli
_To answer the question: It shows up as a specific type of noise that 's easy
to detect. Some of the crypto / math people will be able to explain it much
better than I can._

Ahhh. What if you were to use a video instead of a still image and only use a
handful of pixels (or macroblocks) in each frame, chosen randomly (the random
seed exchanged out-of-band)? Seems like that would give you a very high
cover:hidden text ratio.

~~~
rosser
_Seems like that would give you a very high cover:hidden text ratio._

It would, but that doesn't change the principles used to detect the
steganographically encoded cyphertext. The bits would still be twiddled in the
same way, and could be found in the same way.

~~~
chongli
The question is: would it be feasible to search for them? Scan every single
video on youtube looking for noise with some elevated probability of
containing hidden text? What happens when you find a candidate? Pick random
pixels out of every frame and then try and brute force it with every known
symmetric cipher and every single key?

You could flip a single, random, least-significant bit on each frame of a 1
hour movie. This would allow you to store a 10.5KB encrypted message within.
I'd like to know how anyone could possibly find those bits, let alone decipher
them.

~~~
rosser
Depends on your use case and threat model.

If I'm the Secret Police in some oppressive state, then I just need to find
out whether you seem to be using stego — which is naturally against the law,
itself, and hence grounds for arrest. Then, I can use rubber hoses, bamboo
splinters, the threat of violence against your loved ones, and what-not to
"brute force" your passphrase.

If I'm the NSA, I just detect the presence of stego and stash the container
for later — say, when my quantum computer finally works as advertised, or I
can plant a keylogger or turn on the back door on the your computers and sniff
your passphrase, or simply mine your social graph until I find some other
means of compromising you.

The possibilities are hardly limited to a naïve, brute-force search across the
set of (crypto algorithm, passphrase) tuples.

EDIT: But, to your point: yes, using video makes finding _stego_ harder. It
doesn't change the nature of the problem, though; it just changes its scale.
Against adversaries with the computational power of a modern nation-state,
however, if you're relying on scale to hide your behavior, licit or otherwise,
you're only deluding yourself.

~~~
chongli
_If I 'm the Secret Police in some oppressive state, then I just need to find
out whether you seem to be using stego — which is naturally against the law,
itself, and hence grounds for arrest. Then, I can use rubber hoses, bamboo
splinters, the threat of violence against your loved ones, and what-not to
"brute force" your passphrase._

Me? I'm the entire population of the country. Which one of us is using stego?

To my reckoning, the search space would put the number of atoms in the
universe to shame.

~~~
rosser
Maybe start with the guy who uploaded the video to YouTube?

------
preech99
I am going to port this to ruby. I'm currently unemployed and it should be a
good sample to share with potential employers.

------
tokenrove
I would have liked to have seen some references to the research in the field
in the explanation or comments. I wrote something like this around 15 years
ago
([https://github.com/tokenrove/steaghan/;](https://github.com/tokenrove/steaghan/;)
horribly broken, do not use) but quickly abandoned it when Niels Provos
started doing much more sophisticated stuff
([http://www.citi.umich.edu/u/provos/stego/](http://www.citi.umich.edu/u/provos/stego/)).

Since then, there has been a fair bit of really interesting research in the
field; I recommend anyone interested read Peter Wayner's book Disappearing
Cryptography. Might be a good place to start for enhancing this provocatively
named framework.

~~~
turingbook
The first link incorrectly has ; with it.

------
swordswinger12
I feel like this is a good place to mention a similar project which aims to
circumvent deep-packet inspection with some cool encoding techniques. It can
even be used as a Tor plugin!

[https://github.com/kpdyer/fteproxy](https://github.com/kpdyer/fteproxy)
[https://fteproxy.org/](https://fteproxy.org/)

------
pretz
__Q. Why did you use Python3 as a reference language? __

 __A. Because not having distinct binary and unicode string types is barbaric.
__

Well played.

------
dublinben
This isn't really a "censorship resistance" tool as it is a steganography
tool. You can still be censored if your internet access is cut, or you have no
way to publish your message.

~~~
Crito
> _" You can still be censored if your internet access is cut, or you have no
> way to publish your message."_

Hence censorship _resisting_ , not censorship _defeating_.

Stenography is potentially useful if partial but monitored and censored
communication channels remain open. See: The Great Firewall of China, or the
postal system in prisons. Some data gets through, but data that they don't
like does not. If the data is concealed, you can get it through.

Beyond just stenography, in the Soviet Union and beyond, some writers and
artists would use allegory to criticize political figures or the state,
enabling them to make points that would otherwise be censored. They could have
shut down all film and book production, defeating this technique, but as long
as _some_ artistic works were allowed this channel remained open.

------
radikalus
It's been a long time since I've done work in infosec related things, so I
apologize if I'm way behind on...things.

I remember in school a million years ago we discussed an algorithm of the
following type for sending short covert messages.

1\. Negotiate cipher/mapping for where to look for hidden information 2\. A
wants to send B message "Let's get drinks @ 9 @ Bill's" \-- instead of
inserting this into some random file, he instead maps to the cipher/mapping
area and then iteratively searches for images/texts that are closest possible
matches in those bits to his message. 3\. Ideally, given access to enough
cover files and a short enough message, he has an EXACT match. A sends B
picture of puppies with NO bit twiddling. B knows to meet at the pub.

------
est
We don't need yet another steganography tool based on texts, we need a
steganography tool to scramble data into a pile a fucked up HTML DOM tree.

------
blueblob
I love the question in the FAQ:

    
    
      Q. Why can't it be given more than two alternates for one position to encode more information?
    
      A. Because of math. See Explanation.txt for a bit more detail.
    

_Because of math_ hilarious

~~~
simbolit
i was actually thinking that the "of" was superfluous. since reading [0] on hn
(discussion: [1]) i am more and more seeing the use of "because" without
preposition. so i was expecting

"Q. Why can't it be given more than two alternates for one position to encode
more information? A. Because math. See Explanation.txt for a bit more detail."

[0]
[http://www.theatlantic.com/technology/archive/2013/11/englis...](http://www.theatlantic.com/technology/archive/2013/11/english-
has-a-new-preposition-because-internet/281601/) [1]
[https://news.ycombinator.com/item?id=6765099](https://news.ycombinator.com/item?id=6765099)

~~~
dinkumthinkum
Yeah, but it's sort of just a comical thing that is getting tired and played
out... Let's be honest, it was a slow news day for the Atlantic.

~~~
simbolit
Yes, it was. But i have a degree in linguistics, so i am probably more
interested in this than the general population. :-)

------
eliteraspberrie
Steganography has a bad reputation because the only tools publicly available
are worthless. Not one is both secure according to Kerckhoffs's principle and
secure against statistical analysis. I hope to change that by releasing an
implementation of a new algorithm I have developed, sometime in the new year.
If you are interested in reviewing the algorithm and code when it is released,
feel free to follow my blog.

------
DanBC
Has anyone sensible done any kind of analysis of this?

~~~
im3w1l
It is very primitive steg. This will not survive antisteg tools. Look at the
*encode.py

------
tostitos1979
This is from a few months ago. Still neat :)

------
xdissent
I like the name!

