
Memespeech: Censor-proof end-to-end encryption - henriquez
https://www.obsessivefacts.com/memespeech
======
prophesi
Does anyone know what happened to the live demo on
[https://github.com/harvardnlp/NeuralSteganography](https://github.com/harvardnlp/NeuralSteganography)
?

It basically does what memespeech is doing, except much better. Both parties
would need to agree on a cover text (let's say, a chapter from the NIV Bible).
It then generates some text via GPT-2 trained on this cover text, with your
hidden message encoded in it.

You'd then send this generated text to the recipient (which actually looks
like a normal message written in the style of your cover text). They'd enter
the same chapter of the NIV Bible along with your generated text, which then
lets it recover your hidden message.

Basically, memespeech looks like you're hiding something, both to the human
eye and to machine learning models. NeuralSteganography solves both of these
issues, as it looks like regular human-readable texts to both humans _and_ ML
models (Harvard's paper goes into more detail on this
[https://arxiv.org/abs/1909.01496](https://arxiv.org/abs/1909.01496) ).

------
brenden2
I agree that encryption is "unbannable" in the same way you can't really ban a
word or basic math. However, that won't stop the government from passing laws
that make it hard for businesses to operate legally using things the
government doesn't like. For example, there are certain arrangements of
letters which are considered illegal[1], and if you operate a TV station you
can't use those arrangements of letters without getting fined by the FCC.

There's also the famous illegal number from AACS[2].

[1]: [https://www.fcc.gov/consumers/guides/obscene-indecent-and-
pr...](https://www.fcc.gov/consumers/guides/obscene-indecent-and-profane-
broadcasts)

[2]:
[https://en.wikipedia.org/wiki/AACS_encryption_key_controvers...](https://en.wikipedia.org/wiki/AACS_encryption_key_controversy)

~~~
henriquez
This isn't so much about businesses that allow message exchange. Memespeech
allows users to add their own encryption on top of whatever messages that a
particular email provider, chat app or social network already allows. So even
with laws like EARN IT, there would be no way for a company like Facebook to
prevent people from bringing their own encryption.

There are more robust solutions like GPG, but Memespeech was designed to be
easy for people who already have established trust with the party they're
communicating with (and could exchange a decryption password off-channel).

~~~
snarf21
Encryption doesn't matter if we eventually get to the point that Apple can be
forced to run a key-logger on a user's iPhone (warrant or not). People are
lazy and won't use an extra app to "encrypt" something before copy/pasting it
into FB and then the other uses has to copy/paste back to the Memespeech app;
all just to send :D. Additionally, let's say encryption is banned and this is
the "workaround". They just ban this app in the AppStore. No way users are
building github repos and side-loading.

------
CJefferson
IANAL, but I know some and have seen them give talks on this kind of topic.

This might be entertaining, but it definately doesn't fix the problem it tries
to solve. Any jury in the land would still convict you if this was used to
pass messages which would otherwise be illegal. If this is serious it is as
stupid as saying "let's agree wearing Yellow socks means 'kill that guy', they
can't arrest me for the colour of my socks!"

~~~
zerocrates
To be fair, I don't think this purports to say anything about magically making
the encoded message legal in its content if it wasn't otherwise.

~~~
geofft
But you'll also have a real hard time convincing a court you have a free
speech right to uppercasing and lowercasing letters in certain ways - the
speech is in the _words_ , not the _presentation_. That is, if there's a law
banning encryption as a whole (and not simply certain messages, encrypted or
encrypted), I think this _still_ doesn't save you.

I think the courts have generally held that you can't simply throw speech onto
some otherwise prohibited activity to gain First Amendment protections. For
instance, see the case about the man who tweeted a GIF at Kurt Eichenwald with
the intention of provoking a seizure - the fact that the GIF also contained
words (... which were "you deserve a seizure for your posts") seems unlikely
to say that the act of sending the GIF itself was protected speech.

~~~
lukifer
Good: if the courts don't identify the decoding bible chapter, you get
plausible deniability of "I didn't communicate a message for Illegal Activity
X, I was just sharing some abstract ideas on theology with a friend".

Bad: Courts might begin issuing surveillance warrants (or worse) to TLAs based
on the most innocuous personal communications, because "we're pretty sure that
happy birthday e-card contains an encrypted message".

In either case, I completely agree if the message is deciphered by
authorities, they've got you dead to rights, whether it's done by PGP, GPT
bible verses, or yellow socks on Tuesday.

EDIT: I was commenting primarily on the GPT technique, but now having read the
Memespeech page, totally agreed that it wouldn't even slightly stand up to
scrutiny in court, as one needs no prior knowledge to decode the message and
demonstrate that there is no other legitimate explanation for the
communication.

------
klundqist
I don't get it. Why is this unbannable? Aren't they banning encryption tech
without backdoors, not the transmission format?

~~~
henriquez
With Memespeech, the encryption tech is wrapped into the transmission format,
and the transmission format is Free Speech.

Even if this software were banned, a couple of points remain: \- It's
unprovable that any block of Memespeech text has something encrypted in it
unless you know the password \- It's easy for a developer to write their own
Memespeech implementation based on the documented specification.

Not saying that anyone would violate a hypothetical (and probably
unconstitutional) law, but it would be hard to enforce.

~~~
geofft
I think there are multiple senses of "banned" here. There's "made illegal" and
there's "disallowed by a third-party platform." Something can be illegal but
easy to do, e.g., driving without a seat belt. Something can be blocked by a
platform but still quite legal, e.g., proselytizing your religion on HN.

It's pretty easy (relatively speaking) to run _your own_ transport that
doesn't go through a third party, at which point you can just use OTR or
whatever. Then you're immune from banned-in-the-sense-of-blocked, and you can
make your own risk decisions about banned-in-the-sense-of-illegal. (Also,
depending on the details of the law, this might be perfectly legal too, e.g.,
"big tech must give us backdoors" doesn't need to imply "everyone who runs
encryption must give us backdoors.")

It does seem like Memespeech has an advantage if you're using a third-party
platform as a channel and you don't want to be blocked, i.e., you want to
exchange encrypted-and-not-backdoored messages over Facebook Messenger because
you can no longer trust its own encryption. I agree that this seems less
likely to be blocked than literally sending base64 over the channel. But it
still can get blocked - Facebook is under no obligation to transport all "Free
Speech" (whatever that means) from user to user. If Facebook says, on our
platform we disallow text with >20% uppercase letters, they can do that
legally and constitutionally. The government could force them to do it, but
they could also do it on their own (e.g. a spam detector might do it,
honestly).

So you basically end up in a steganography arms race: you want to send
messages that look to Facebook like actual genuine messages so they don't
block you, but they contain coded information that is end-to-end encrypted
using modern cryptography. I suppose it depends on a number of external
factors as to whether that's easier than setting up your own transport.

For instance, if your goal is just successfully sending messages and you don't
care about legality, another easy (relatively speaking) thing is to run Noise
Protocol over your favorite shortwave digital mode. Then you don't have to
worry about being blocked at all.

~~~
seph-reed
If the government banned it, it'd probably have something like the Striessand
effect. People doing it just because.

------
henriquez
\- NPM module here:
[https://www.npmjs.com/package/memespeech](https://www.npmjs.com/package/memespeech)

\- Docs and detailed format specification:
[https://gitlab.com/obsessivefacts/memespeech#memespeech-
java...](https://gitlab.com/obsessivefacts/memespeech#memespeech-javascript-
library)

------
ryanmarsh
Oh my god this is hilarious.

It encodes your message into the bill of rights.

