Peekabooty, Camera/Shy Released

An anonymous (how appropriate) writer sends "Peek-a-Booty, a program designed to circumvent mechanisms (such as China's Great Firewall) limiting access to websites, has been open-sourced. It's listed as a "Beta" on SourceForge, but the Peek-a-booty website seems to encourage people to start using it." And Doug writes "PC World reports about a new tool to encrypt text with a click of the mouse and bury the text in an image. After posting an embedded image on a Web site, someone can notify intended recipients by e-mail with code words such as 'Go to this URL to see pictures from my birthday party.'"

Am I missing something?

[FreeLinux]

From the description at the Peek-a-Booty site it seems to me that it is nothing more than open proxies running SSL. While I understand their stated goals, the whole project seems redundant.

First, the project assumes that the governments are using a NOT list. This is a big assumtion. I would think that control freaks like the Chinese government would more likely use an ALLOW list. A small list of governmet sanctioned sites. This would, of course, negate Peek-A-Booty.

If the government is in fact, using a NOT list, there are already countless open proxies continually popping up all over the place. This makes me think that the whole project is redundant.

Re:Am I missing something?

[mrbnsn]

I want to reemphasize the point made in the parent: "For China, at least, this project isn't really relevant." The "hactivist" crowd has never been any good at doing their homework, and this is just the latest example.

The Chinese government DOESN'T EVEN BLOCK THE GOOGLE CACHE. Any site that's blocked, you just look it up in Google, and hit the "cached" link. They did block Google, once, for about a week, until popular outrage made them give it up.

That should give you an idea of just how "terrified" they are by the so-called threat the Internet poses to their hold on power. What they're really afraid of are the tens of millions of affluent, educated, urban Internet users rising up in revolt if their favorite toy gets taken away from them.

That, and the hundreds of millions of undereducated, underemployed peasants and factory workers who don't have a future, and barely enough to eat, much less Internet access.

I propose a new form of steganography

[phaxkolumbo]

How about putting hidden messages in spam? Nobody bothers with those anymore, anyway.

Here's an example:
***SNORING KEEPING YOU FROM A GOOD NIGHT SLEEP ?***
tHIs proDuct has been featureD on national tv.doEs sNoring keep you up at night?
tired of having to sleep in separate rooMs bEcauSe of Snoring?
just tired of being tired becAuse of someone's snorinG?
tired of hEaring how your snoring kept someone up all night?
There is a safe, natural solution to your snoring problem...

And so on...

The steganographic schema could be a bit more advanced in the production version, but i think the basic idea is good enuff for a start.

Snake Oil? Maybe... maybe not.

[muerte24]

there are many tools which allow you to hide things in images. there is already "Steganotools" (i forget the website) and programs like "Camoflage" that hide files inside of other files, or append them on the end as junk.

if you really want secrecy, you can move to things like "DriveCrypt", which makes containers you can mount as new drives. but these containers have no header, and being compressed and encrypted, it's impossible to distinguish them from purely random data unless you know the strong passphrase.

the idea of hiding data in the LSB of pictures (or mp3's for that matter) is old. just better hope that no one else has a copy of the original file! if you choose specific pictures where the LSB is statistically random enough, there is nothing that says you can't hide data there securely. the simplest way for short messages is to run MD5 (or some other hash) on your passphrase, and XOR the resulting digest on your message to produce your cyphertext. then just replace the LSB's in your image file.

just make sure you replace all your LSB's or else an attacker can detect that there is something hidden.

the only thing new about this particular tool is that it uses a browser plugin to decrypt the picture by double clicking on it. that sounds insecure to me.

drivecrypt lets you install the program entirely on removable media, so you don't have strange stego tools installed on your computer when the Red Police come busting down your door...

just my $.02.

muerte

As usual... everyone is missing the point.

[GuNgA-DiN]

Sure the Peekabooty website talks about free speech in China, blah, blah, blah.... Everyone here is arguing about whether the Chinese will block Peekabooty and whether it will be an effective tool for freedom of speech. But, the REAL point of this software isn't to help the Chinese -- it's to help us poor saps in the Good Ole US of A! Think about it: since 9/11 our Government has gotten more and more oppressive. They have taken away freedoms that we used to take for granted. But, if the developers of Peekabooty came right out and said: "this is used to circumvent the assholes in Homeland Security" they would get a visit from the NSA/FBI/CIA etc.. They picked an oppressive regime (like China) to talk about this tool. But, substitute the letters USA for CHINA and you will begin to see the truth.

Another nice benefit of this tool will be the developement of secure, anonymous P2P networks. Look at all the shit in the news lately about how ISP's are cutting off KaZaa. And, how Ranger Online is tracking down Gnutella users. The RIAA/MPAA Gestapo is out to get us and take us down. New tools like Peekabooty and FreeNet will help to insure that these organizations will never, EVER shut down the free-flow of information on the Net. Peekabooty is a dagger that is aimed right at the heart of corporate America! It says: "You think you can take over the Net? Ha! Fuck you and the horse you rode in on!". This just proves to them that we can always defeat them with technology regardless of how much money they have!