[zipfle]

without transmitting suspicious data except:

1) ars technica post with encoded public key 2) ars technica post with shared secret of some kind 3) ars technica post with hidden url 4) flickr photos of size (visible_resolution + resolution_of_hidden_images + any_salt)--way larger than they should be

This is without mentioning that in order to use this system, he has to have either already contacted wl to set it up (just moving that risk to some other time) or wl has to have indicated that messages of those kinds will be read (ensuring that the nsa knows too, and is paying attention).

[fennecfoxen]

Exactly. Narrow pipe, difficult to route to its destination, and unless it's very well constructed it's quite probable that it leaks information about the existence of secret messages to an adversary.

Sure, with TrueCrypt on your laptop's drive you have lots of data and you can just say "I'm just securing my hard disk against loss, there's no hidden partition" and that'd be one thing. That's fine. But if you work for the TLA and they're reverse-engineering the latest leak and they find out that you've been posting lots of JPEGs and there statistically more entropy in the low bits of the pixels than would be anticipated given traditional JPEG encoding libraries ... then you might have some serious 'splainin to do.

A USB drive does not suffer that flaw. It can only leak the existence of a transmission to people who can physically see it. Isn't the goal of steganography hiding messages? Now you can physically hide the message...

You can even send it in the mail for at most a couple dollars' worth of stamps, without any direct way to trace it back to you. And then they have one chance to intercept it (which you can surely render tamper-evident in some manner.)

[zepolud]

Would it surprise you to know that all U.S. postal mail is also being monitored and recorded? [1] As soon as they see something addressed to a known WL address they will trace it back, find where it was sent from, find out the serial number of the sd card, get the shop where it was bought, etc. You wouldn't want that kind of attention. And if you don't have a private channel to WL you could only use their public addresses by definition, which would be guaranteed to be heavily monitored.

This is why I consider a working public steganography protocol so important. Using a very short message you could arrange the sd card to be dropped at some random place and know that somebody would come back in a couple of days to retrieve it. Encoded with ordinary simple text, using messages of typical lengths on popular, public websites. There are just too little bits of encoded information there to be statistically significant.

I'm not so worried about statistical analysis of how natural sounding or typical or expected the text you're producing is, as it would be a very difficult problem considering it requires a good understanding of natural languages to be done well automatically. What would be really problematic is that WL may very well be infiltrated and the private key compromised. Then you would be really screwed.

[1] http://www.nytimes.com/2013/07/04/us/monitoring-of-snail-mai...

[fennecfoxen]

I know perfectly well that all postal-mail envelopes are recorded, yes. But I have doubts that they're intercepting all envelopes heading to Wikileaks. You can attempt to make the envelope tamper-evident, you can buy the SD card with cash at some no-name Chinatown vendor, you can drop it in the mail at any mailbox in town, and you can encrypt all the contents with the public key. This does not guarantee that your message makes it through to Wikileaks per se, but it does make it really hard to trace to you.

If you'd like, you could also identify a separate, known Wikileaks sympathizer and mail the encrypted data to them, requesting that they forward it? They could be quite brazen about it, as they are at no risk of being identified. And there are many Wikileaks sympathizers in the world; the government may be scanning their envelopes but they're not inspecting and opening all of them.

[zepolud]

I don't think you understood the process--there is no 2) post to exchange a shared secret, as it is derived from his private key and the already known to him public key of WL.

There is also no prior need to contact WL--this is the whole point of the scheme. All this is public so NSA is supposed to be well aware of WL monitoring all these messages. That's why he would be encoding using wordlengths modulo 2 (see my post below) so they are statistically indistinguishable from normal text. NSA would not be able to detect suspicions activity without having the WL private key.

Also, there is no need to raise undue suspicion by using untypical photo sizes as he can publish as many and as different files (e.g. video, music, etc.) as he requires once the harder process of establishing channel of communication with WL has already been accomplished.