[betterunix]

"A solution to this is to increase the "noise floor" by bundling steganography tools with common widely distributed software, so that obviously 99+% of people and computers with steganography software would be 'innocent'."

Good luck with that one. As a practical matter, this is unlikely to happen; hardly anyone requires steganography as part of their security solution (the MPAA stands out due to the use of watermarking). Email and online businesses were the killer app for public key cryptography; what killer app do you see for steganography?

[PeterisP]

I don't see a killer app for that - the whole point is not that millions need it, but that all tools needed for steganography are shipped also to millions of people who don't need it.

Someone (preferably multiple organizations) should bundle steganography just because it's desperately needed for a tiny minority - doing so would not be because of a killer app but simply a service for public good, facilitating democracy, free speech, whistleblower protection, etc.

This is aligned with the stated ideals of multiple FOSS organizations, so it is feasible to assume that someone with popular widespread software (like, say, Firefox, Ubuntu or VLC) could do that for purely idealistic reasons. The software size is tiny, so the distribution overhead would be trivial while making a serious strategic change. Do it just because it can be done.

[lostnet]

The default installs of shells and window managers are likely to reveal whether the command has either ever or recently been run.. Disabling the defaults is also "suspicious".

I don't think you can fix a social problem with a technical fix. Innocent until proven guilty (of a crime with a victim please!) has to apply to employment law and clearances. Otherwise we are building a group of criminals who can honestly be believed when they say they are willing to violate the constitution to protect executive branch interests.

The trouble with the Snowden case is that the NSA now has more power to filter its employees/contracts in order to further violate the terms of the agreement.

Even drastic action would not fix it. Impeach the entire chain up the executive branch and the next one will be more secretive and let Hoover shine as the simple misunderstood Prom Queen he wanted to be.

I just hope Obama's actions will ruin him and this nonsense about replacing the President with an outsider. If that suddenly gets you an honest system instead of a cynical President, then kissing the frog must work too.

[ballard]

If BackTrack were outlawed as a munition, it would spread more, briefly. http://www.backtrack-linux.org/ Download it now, whether or not you need it, because it adds noise.

[lostnet]

> Download it now, whether or not you need it, because it adds noise.

Why would I download a security specific image?

If you want to be as secure as possible, download the smallest possible system that can bootstrap the compiler then build out from source, retaining all source and looking for variances when you recompile.

Personally, I don't much care. I am not looking for a technical solution. I am looking for a social upheavel in the form of citizens visibly exercising rights: http://www.aeinstein.org/ to finally end the cold war mentality in the US government.

[zepolud]

Whistleblowing would be a killer app.

Imagine you wanted to leak something but don't want to attract attention to yourself. You could encrypt it (with the public key of the organization you want to leak to), hide it with steganography and then upload the result to some public place you know the organization would be monitoring.

If you had ready access to tools to do so you could do all that inconspicuously.

[fennecfoxen]

Is that really true? Steganography is a lot of work to set up surreptitiously (we're not all IT techs like Snowden); it also gives you a rather narrow channel to send messages through, and you still need to attach the channel to the recipient somehow. Then, afterwards, you'll want to make sure you haven't left any stego-litter that will be detected and used against you.

By contrast, a USB flash drive or micro-SD card is tiny, easy to set up surreptitiously, gives you a channel for a whole lot of data, and doesn't usually leave much evidence after you hand it over to the recipient. I'd hazard that people who care enough to strip-search you for unauthorized mass-storage devices at the door could probably also detect your steganography too, if it comes down to it.

I would imagine that there are really very few circumstances related to whistle-blowing when it would make sense to choose steganography. It seems more appropriate for espionage situations where a deep-cover field agent really, really needs to receive messages through a channel that's essentially untrackable (e.g. classified ads in a newspaper).

[zepolud]

To be obnoxiously blunt, imagine the current situation with Snowden and assume he wanted to leak directly to Wikileaks and that they were using similar scheme to the one in my post below. This is what he would need to do:

1. Write a normal message discussing his favorite videogame on Ars Technica.

2. Encode his public key in it.

3. Use the WL public key (already available to him via the hypothetical stegano-crypto suite in common distros) to derive a shared secret.

4. Use the secret to encode and hide 20 top secret slides in his holiday family photos and upload them to his flickr account.

5. Write another post on Ars discussing some other videogame, hiding in it the URL to his flickr photos.

6. Meanwhile, WL monitors the several thousand posts per day on the most used internet forums, and detects a possible public key and tries to decrypt all the messages within the next 24 with the common secret that could be derived using it. One of them has correct checksum after decryption and gives the URL to the photos.

7. WL also daily randomly visits several thousand photos on flickr, including this time the one with the sent URL. After it gets it, it uses the shared secret and gets the message.

This whole process could be accomplished without leaving the room, without transmitting any suspicious data or contacting suspicious addresses, and would be indistinguishable from his normal online activity. As long as his computer or the WL private key are not compromised it should be perfectly untraceable.

I fail to see how arranging for a microsd card to be sent over to WL would be easier to accomplish, assuming he could be tracked and recorded constantly.

If it comes to wasting 2 MB per CD on the odd chance it could aid a whistleblower of similar importance every couple of decades, I'm all for it.

[zipfle]

without transmitting suspicious data except:

1) ars technica post with encoded public key 2) ars technica post with shared secret of some kind 3) ars technica post with hidden url 4) flickr photos of size (visible_resolution + resolution_of_hidden_images + any_salt)--way larger than they should be

This is without mentioning that in order to use this system, he has to have either already contacted wl to set it up (just moving that risk to some other time) or wl has to have indicated that messages of those kinds will be read (ensuring that the nsa knows too, and is paying attention).

[fennecfoxen]

Exactly. Narrow pipe, difficult to route to its destination, and unless it's very well constructed it's quite probable that it leaks information about the existence of secret messages to an adversary.

Sure, with TrueCrypt on your laptop's drive you have lots of data and you can just say "I'm just securing my hard disk against loss, there's no hidden partition" and that'd be one thing. That's fine. But if you work for the TLA and they're reverse-engineering the latest leak and they find out that you've been posting lots of JPEGs and there statistically more entropy in the low bits of the pixels than would be anticipated given traditional JPEG encoding libraries ... then you might have some serious 'splainin to do.

A USB drive does not suffer that flaw. It can only leak the existence of a transmission to people who can physically see it. Isn't the goal of steganography hiding messages? Now you can physically hide the message...

You can even send it in the mail for at most a couple dollars' worth of stamps, without any direct way to trace it back to you. And then they have one chance to intercept it (which you can surely render tamper-evident in some manner.)

[zepolud]

Would it surprise you to know that all U.S. postal mail is also being monitored and recorded? [1] As soon as they see something addressed to a known WL address they will trace it back, find where it was sent from, find out the serial number of the sd card, get the shop where it was bought, etc. You wouldn't want that kind of attention. And if you don't have a private channel to WL you could only use their public addresses by definition, which would be guaranteed to be heavily monitored.

This is why I consider a working public steganography protocol so important. Using a very short message you could arrange the sd card to be dropped at some random place and know that somebody would come back in a couple of days to retrieve it. Encoded with ordinary simple text, using messages of typical lengths on popular, public websites. There are just too little bits of encoded information there to be statistically significant.

I'm not so worried about statistical analysis of how natural sounding or typical or expected the text you're producing is, as it would be a very difficult problem considering it requires a good understanding of natural languages to be done well automatically. What would be really problematic is that WL may very well be infiltrated and the private key compromised. Then you would be really screwed.

[1] http://www.nytimes.com/2013/07/04/us/monitoring-of-snail-mai...

[zepolud]

I don't think you understood the process--there is no 2) post to exchange a shared secret, as it is derived from his private key and the already known to him public key of WL.

There is also no prior need to contact WL--this is the whole point of the scheme. All this is public so NSA is supposed to be well aware of WL monitoring all these messages. That's why he would be encoding using wordlengths modulo 2 (see my post below) so they are statistically indistinguishable from normal text. NSA would not be able to detect suspicions activity without having the WL private key.

Also, there is no need to raise undue suspicion by using untypical photo sizes as he can publish as many and as different files (e.g. video, music, etc.) as he requires once the harder process of establishing channel of communication with WL has already been accomplished.

[PeterisP]

You need steganography to store documents that you can disclose if you want, but cannot be legally forced to admit that you have them if you don't want to.