[deathanatos]

1. Where, in the original "article" is this "10k" size of the PGP key ever mentioned? (All I can see is the "Result size: 9846", which looks like some sort of output from a steganography program, and that's the data it found's size in bytes. An exported PGP key could be of a reasonable bit length and still be 9KiB in size, depending on additional metadata on the key.)

2. Link to source image? How was the key found to be embedded in the image? The tweeter seems to "not have Internet" — of course not! — when asked?

[aphextim]

This was the direct link he claimed in his twitter thread. https://twitter.com/_Luke_Slytalker/status/11693807432916049...

I'm not saying this is anything other than internet conspiracy stuff, and who knows if this guy is hoaxing everyone, however this is why I posted here because a lot of people more knowledgeable than me can chime in.

Thanks for your input.

[ipython]

It's internet conspiracy stuff... and what's worse, is that all of this is industrialized. Reading through that thread and the related tweets is just depressing. Please do not say what I am about to say as an attack... I just truly am horrified at what's going on and hope that shining a little light can help people discern truth from what is now an industry dedicated to sowing discontent and disinformation. We are but pawns stuck in the middle and I'm not sure what the right answer is.

I mean - take https://twitter.com/JacquelineMcNab/status/11695820154499440... for an example. Do these people really believe that Jack Dorsey is sitting there on his Aeron chair twiddling his thumbs and thinking, GEE I WONDER WHICH QANON FOLLOWER I SHOULD SHADOW-BAN TODAY? Or https://twitter.com/OuterLimits816/status/116943344838742425... - Twitter corporate is saying, "OuterLimits816 is trying too hard to expose the deep state. I should just gaslight him (or her) by randomly taking away their likes."

It really is fun to feel like you're "in" on a secret. I get it. Folks feel marginalized in their real life, and spending hours "researching" things and posting your findings on Twitter with like minded individuals - who praise you with likes and retweets about your amazing insight! - can feel intense. You may even feel like you're learning something (and sometimes you might actually learn something in the process!)

But it's not real. There's plenty of shady stuff going on. This isn't it. In fact the "people" praising you and egging you on - they may be random people PAID to do it. After all, https://en.wikipedia.org/wiki/On_the_Internet,_nobody_knows_.... We have real problems to deal with. Getting spun up about a post from a random Twitter user claiming that low order bits flipped randomly in a JPEG image represents a super-secret encryption key for covert communication is not one of them.

I just had to vent because stuff like this makes me absolutely vomit and despair for the future of our country.

[deathanatos]

Okay. How to regenerate whatever output from that JPEG the Tweet author claims to get? outguess emits random garbage for me over that URL.

(It's also not clear how to use this program from its own documentation, and the program has some QC issues…)

[ipython]

The short answer: you can't reproduce it. Because it never happened in the first place. Not to mention that Outguess doesn't provide the "data type" of the output - you just get the bits. The entire thing is a badly-executed hoax.

[ipython]

BTW this looks like the tool that could have created the output format from the twitter screenshot: https://github.com/DominicBreuker/stego-toolkit/blob/master/.... That repo has a Dockerfile so you can build the Docker image to see if you can recreate their results.

[deathanatos]

I agree; I just thought simply asking first might help prove out that there's nothing here. Normally, I'd hard pass on "content" like this, but apparently enough people upvoted this to make it to the front page of HN.

[aphextim]

>How to regenerate whatever output from that JPEG the Tweet author claims to get?

No idea, that's why I posted here so someone that does know how to do this can either verify it as a hoax or a legit find.