Peekabooty, Camera/Shy Released

An anonymous (how appropriate) writer sends "Peek-a-Booty, a program designed to circumvent mechanisms (such as China's Great Firewall) limiting access to websites, has been open-sourced. It's listed as a "Beta" on SourceForge, but the Peek-a-booty website seems to encourage people to start using it." And Doug writes "PC World reports about a new tool to encrypt text with a click of the mouse and bury the text in an image. After posting an embedded image on a Web site, someone can notify intended recipients by e-mail with code words such as 'Go to this URL to see pictures from my birthday party.'"

Birthday pics?

[ocbwilg]

After posting an embedded image on a Web site, someone can notify intended recipients by e-mail with code words such as 'Go to this URL to see pictures from my birthday party.'"

This product must have already been released since I've been getting emails like that for months now. "I just turned 18! Click here for hot pictures from my 18th birthday party! You won't believe how wild my barely 18 year old friends and I got that night!"

er...

[david_g]

How are the chinese going to circumvent their firewall to be able to get this program that enables them to circumvent their firewall?

Free sites already foil this, IIRC

[wirefarm]

Long ago, I tried hosting the images for a site on Geocities or Tripod or somewhere and the HTML page on my laptop and Ricochet modem. Worked OK, but I noticed one side effect that would seem to be relevant - these sites were re-compressing the images.
If you take a jpeg and encode some data steganographically and later the compression is changed, wouldn't that effectively remove the steganographic information? (Correct me if I'm wrong.)

Now, if I was trying to communicate with terrorists this way, pretty much the only safe way would be to put the 'birthday pics' up on a very popular free site - no way I'd post them anywhere that had my name connected to it.

I don't know if the compression thing is common, but couldn't something like that be put pretty transparently into "The Great Firewall"?

Cheers,
Jim in Tokyo

Am I missing something?

[FreeLinux]

From the description at the Peek-a-Booty site it seems to me that it is nothing more than open proxies running SSL. While I understand their stated goals, the whole project seems redundant.

First, the project assumes that the governments are using a NOT list. This is a big assumtion. I would think that control freaks like the Chinese government would more likely use an ALLOW list. A small list of governmet sanctioned sites. This would, of course, negate Peek-A-Booty.

If the government is in fact, using a NOT list, there are already countless open proxies continually popping up all over the place. This makes me think that the whole project is redundant.

Re:Am I missing something?

[helarno]

Last time I checked, they used a NOT list and it was a very small list. For mainstream use, you could pretty much access anything you wanted with the exception of a couple of news sites like CNN and sometimes, NYT. The blocking was erratic though ... some months the sites were reachable, other days, they were perfectly fine. Of course, I'm sure a few dissident sites are blocked, but since I don't view those on a daily basis, I wouldn't know.

But it's really a non-issue. Even 4 years ago, all the internet cafes I visited by default went through a proxy that pretty much allowed you to view whatever you wanted. Knowledge of how to circumvent the blocks were very common among the younger audience. I'm sure it's even more prevalent today. For China, at least, this project isn't really relevant.

Snake Oil

[cperciva]

This "steganography tool" is no more than snake oil.

Rather than using a more advanced method of steganography, this tool packs data into the least significant bits of the image. Simple, easy, and incredibly obvious. This is to steganography what ROT13 is to encryption -- if you use it for anything important, people will laugh at you.

In fact, this is the worst kind of snake oil, because it is not only ineffective, but also dangerous. The administrators of the Great Firewall Of China (for example) could very easily detect files encoded with this software; using it would then be akin to waving a red flag and shouting "hey, I'm doing something I don't want you to know about". Bad steganography is worse than no steganography, because it highlights the fact that you're trying to hide something.

This stuff needed in USA

[WCMI92]

I can see a growing need for this kind of thing in the USA, as we allow the Megacorp cartels like the RIAA/MPAA to chop off and "firewall" so to speak, the individual.

Remember the Napster trial? The infamous statement by a RIAA honcho "We will firewall them at their PC"? And then go read the story just below this one where AOLTW's RoadRunner is port blocking Kazaa.

I find it very interesting phinisophically, that the net result of "Big Government (Communist)" and "Big Business (Capitalist)", when left unrestrained by civil law that is supposed to protect and affirm the rights of the individual, produce the SAME RESULTS!

In the communist system, as China is, the governmment IS the corporation. It makes up "laws" as it goes along, always to benefit those in power. In the USA, we've allowed corporations to achieve similar results by the fact that our Congress and Presidents are passing and signing laws WRITTEN BY THEM, as the DMCA and CBDTPA are.

Unfortunately for the tyrants, both governmental and corporate, there are a lot of Thomas Paine's in the world, and they tend to be creative people. Hence this program that lets you circumvent firewalls.

Re:I propose a new form of steganography

[Tazzy531]

Already available: http://www.spammimic.com/ and talked about here: Wired