[tsaoutourpants]

I don't see how it would be terribly difficult to undetectably (without key) hide a few bytes of data in the least significant bits of a .jpg.

There are likely trillions of images available on the Internet. I would imagine less than 0.001% of them have a hidden message. This increases the "haystack" so drastically for the NSA that, even if 100x as many people started using it, it's still a big-ass haystack.

[DanBC]

This is one of the worst, easiest to detect, form of steganography. Publishers like Springer Verlag have many papers and books about detecting that type of steganography.

While analysis (breaking) of steganography is long lived there hasn't been much work on creating new better forms.

Just as things like PGP are still hard for regular people to use, and there's no real encrypted chat, there's not much in the way of strong stego.

Obvious caveats apply here: How much does the text need to be hidden? Who does it need to be hidden from? Me hiding my angsty poetry from my sister doesn't need much and anything is going to be okay. But me hiding material that could get me killed, from a well funded government? I need something better than a reference github project.

[Gnewt]

> and there's no real encrypted chat

What about OTP? One of the easiest things to set up and use imo, users just need to know to exchange key fingerprints over a third party medium (in person being the foolproof way).

[MichaelGG]

At some ratio of hidden data to visible data, I'm sure it can be undetectable. But transmitting reasonable amounts of data leaves a trace using LSB algorithms. Here's one paper. It shows the LSB part of the image, which leaves an obvious looking impression.

http://rahuldotgarg.appspot.com/data/steg.pdf

[chongli]

This is just showing steganography with plaintext payloads. If you use only ciphertext payloads (with the keys exchanged out of band) you sidestep this problem.

[danbruc]

Not really. Encrypting the message will yield uniformly distributed noise and that is a very rare in nature. So if you attempt to hide an encrypted message in the least significant bits of images, audio recordings or video it is as easy to detect as plain text messages if not even easier.

[chongli]

Then don't use every LSB in the image; use a low percentage. Just a guess, but I bet if you applied your stego detection algorithm to a large sampling of random images on the internet, you'd find a significant false positive rate. Just hide your messages in the false positives.

[danbruc]

As already mentioned by others - hiding small amounts of data is easy, the challenge is to hide nontrivial amounts of data. There are algorithms that (try to) compensate statistical changes introduced by hiding data. One approach is to only use half of the available bit for hiding data and modifying the other half in a way to preserve a set of statistical properties.

It is probably not a good idea to hide data in images available on the internet because this enables direct comparison of the same image with and without hidden data.