Slashdot Mirror
New Service Converts Torrents Into PNG Images
jamie points out that a new web service, hid.im, will encode a torrent into a PNG image file, allowing it to be shared easily through forums or image hosting sites. Quoting TorrentFreak:
"We have to admit that the usefulness of the service escaped us when we first discovered the project. So, we contacted Michael Nutt, one of the people running the project to find out what it's all about. 'It is an attempt to make torrents more resilient,' Michael told [us]. 'The difference is that you no longer need an indexing site to host your torrent file. Many forums will allow uploading images but not other types of files.' Hiding a torrent file inside an image is easy enough. Just select a torrent file stored on your local hard drive and Hid.im will take care the rest. The only limit to the service is that the size of the torrent file cannot exceed 250KB. ... People on the receiving end can decode the images and get the original .torrent file through a Firefox extension or bookmarklet. The code is entirely open source and Michael Nutt told us that they are hoping for people to contribute to it by creating additional decoders supported by other browsers."
No "steganography" tag yet?
Slashdot, I'm disappointed in you. :P
Hosting a bunch of images doesn't do any good unless you have a text (or at least searchable) description of what you're downloading. Without context, warehoused information is useless. And these PNG files are just different representations of the same quasi-legal information (that is, they're still colored bits.
doesn't re-scale or tag your uploaded images first!
"I bless every day that I continue to live, for every day is pure profit."
If the conversion process is resilient enough, it might not depend upon the image having an identical binary format.
My blog
If you're trying to post torrents into a web board that won't let you, wouldn't it be easier to encode the torrent to ASCII somehow? Say, MIME or yEnc? I mean, you want people to find the .torrent, so there's no point in hiding it with steganography.
Give me Classic Slashdot or give me death!
All "The Man" needs to do is modify the image. Which is rather common practice anyways.
1. Insuring images are scaled properly.
2. Reconverted so the images will fit in the Database.
3. Insure you just have the image not a hack.
4. lossy compression to save storage space.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Here we go with another technological arms race. How many image hosting sites will run the converter on all uploaded images and automatically reject those that contain an embedded file? Or just remove the steg and retain the basic image...
So the next step will be some sort of keyed steg, with the keys distributed on some sort of centralised webserver.... oh no, actually that might break. But luckily keys are quite small and can be widely distributed as long as the image sites don't get a hold of them. It's going to be an interesting few years...
Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
All sites hosting images will just be required to filter for those images which have torrents inside (it shouldn't be hard, just try to decode the torrent, and if you succeed, reject the image).
Which just makes for an arms race, and one where the pirates can be more reactive than the authorities. Create new encoding methods, encode into different formats (MP3, JPEG, HTML, whatever).
It won't work as intended but not for the reason you say. Regardless of whether it's steganongrphyically encoded or not, this is just amtter of detectability to the eye.
let's work through the logic:
If a firefox plugin and retreive the torrent then so can any image hosting site. all reputable ones will decline to host those images. the torrents might be legal ones, but the image hosting sites will not see it valuable to their bussiness model to offer a service which might be hosting links to tainted goods.
if the encoding is done is some way that while a firefox plugin can easily recover a code that represents a torrent but you can't tell from the code if it is a torrent (without say actually trying it out) then you will have to have some other signifier that the image contains a valid torrent and the identity of what the torrent contains (so you can search for what you want). ANd again the image sites will decline to host those.
so you might as well just post hex encoded torrents and their plain language desciptions right to slashdot in the comments or in your journal. Anyone can then use slashdot's search feature or for that matter google with a site:slashdot.org search term to find them.
so it seems like this has no value as a means of hosting torrents.
Now it does have two uses one legitimate and one not. it could be just a conveinet way to pass around a torrent assoiciated with an image all in one handy container (kind of like a bussiness card printed on a mini-cd). nd it could be a way for someone to establish plausible deniability that they were posting a torrent. e.g. a blog post deploring the loss of revenue for Metalica with a picture of the band's latest almbum that happens to hide a torrent for that albumn. ("oh the irony, I just grabbed that image off google images and little did I know that particular one held a torrent. wink wink")
Some drink at the fountain of knowledge. Others just gargle.
Which is totally inconvenient for user that has to keep up with it... *AA wins with every step of arms race because users need to adapt.
Andre regardless of images, there is more trouble: But they still need channel to share those files with public ... and to organize them and allow searching ... or you end up with closed communities of people who share them between themselves and network with other similar communities, which hinders casual torrent downloading.
Which basically means *AA gets what they wanted. Hordes are cut off or have harder time downloading.
Idea is not to force people out of sharing, but make it inconvenient enough to stop being more useful than going out and cashing money for originals.
-- Technology for the sake of technology is as pathetic as eschewing technology because it's technology.
Steganography hides data in an innocuous-looking "carrier" signal; e.g., a photo from your vacation; it's about hiding in plain sight. These images are not pictures of anything, and very obviously represent just a bunch of bits shoved into an image. It's the difference between a spy sending the message "So, I hear the Yankees won the other day" to communicate "assassinate the prime minister" to his partner, and sending the message "ENCRYPTED: XLAIHOIUHLEGDHGDLHSLKJHDGS" to his partner. The former avoids suspicion; the latter arouses it.
Better would be to just shove the torrents into some "reserved" or "metadata" portion of the image format, say somewhere in the header, or after the last byte of the image data (or similar; I'm not super familiar with the implementation details of these formats).
This must be a different use of "hiding" that I'm aware of, which apparently means 'make it blatantly obvious that this image is encoding something'. The point of steganography is that the image doesn't appear to have any hidden data in it.
So I suppose there might be some use for this, but it's not about to fool any hosting provider that dislikes torrents.
Why can't a forum owner scan all uploaded images for torrents using the same technology?
No, the size of the files listed in the torrent doesn't make a difference to the filesize. The number of trackers, nodes, and piece size (etc.), however, does. I just downloaded a .torrent file describing an 8GB 1080p movie, and it was 41KB in size.
In cmd: (assuming pic.jpeg and file.rar in the current working directory, otherwise specify path)
copy /b pic.jpeg + file.rar output.jpeg
where pic.jpeg is your source pic, file.rar is the .rar file you create in which your 'hidden' files are, and output.jpeg will be a .jpeg file, which when executed will open in your picture manager, but when opened with WinRAR, will reveal the contents of the .rar file you added.
copy /? in cmd says that the /b flag is for indicating a binary file, so I guess it doesn't mess up the extension headers when you combine files. I haven't gotten around to finding a bash equivalent.
Yes, it's detectable. But I think a lot of site maintainers have better things to do, than continuously work on the image-that's-not-used-as-an-image format du jour. If an image file decodes as an image file, then as a programmer I am done worrying about it, except for maybe secondary things, like "does the width cause it to fuck up the layout so that it needs rescaling?" It doesn't take much to sneak this by me. And that's not technical incompetence (flame me for my real mistakes (there are lot) but not this); it's just that blocking images based on possible meanings of their pixels, isn't something worth spending infinite time on.
Programmers are not going to play whack-a-mole. Turn this into whack-a-mole, and you've beaten me. I whitelist image files that behave like image files. I am not going to maintain (i.e. spend recurring time on) a blacklist.
At that point, maybe a human moderator might decide, "This image makes no sense," and see it as spam or something, and delete it. But that person isn't someone who keeps up with all the latest tech fluff and isn't going to know it's a torrent. The software could know it's a torrent and explain it to the moderator, but like I said, I'm not going to bother, because once I set down that road, it's a continuous job to keep up, and that's time I could spend doing real work instead.
If the hosting site doesn't have human moderators that are looking at the images and saying, "I don't get it, this was a discussion thread about lawnmowers, why did some user post a comment containing a picture of random colorful snow?" then it's not going to get blocked.