[convery]

Tl;dr: Stenography just helps with obfuscation as long as no-one is looking for it. The second someone looks it'll fail, and if it becomes a common practice; everyone will look for it.

The theoretical idea is that the information could be hidden in a random location, e.g. extracting every Nth bit, such that the information would be indistinguishable from random noise. In practice, both parties need to agree on the location, so it has the same flaw as 'perfect encryption' methods like a one-time-pad, you need to transfer information IRL.

One could make a case for a group/app using a custom scheme to add a layer of security until someone infiltrates the group / RE the app, but you'd get the same security by just encrypting everything with the same password.

[KETHERCORTEX]

> Tl;dr: Stenography just helps with obfuscation as long as no-one is looking for it. The second someone looks it'll fail, and if it becomes a common practice; everyone will look for it.

Not if the obfuscated payload is encrypted using end to end methods. This way obfuscated layer starts to look like trash.

To decrypt such a message you need to seize the control over message receiving computer with user and no encryption has protection from this.

[bilekas]

> Tl;dr: Stenography just helps with obfuscation as long as no-one is looking for it. The second someone looks it'll fail,

That was my 'playground' conclusion too. It has to be clandestine to work.

> In practice, both parties need to agree on the location

That is still a key by another term..

> but you'd get the same security by just encrypting everything with the same password.

Right, it feels like just a level of obfuscation at that point. Ironically what I was interested in was encypted payloads that could be `called` when loaded. Involves a ridiculous amount of 0days, but the idea of opening an image and having your browser/os touched.. It's interesting given today's lifestyle.