Slashdot Mirror
New Service Converts Torrents Into PNG Images
jamie points out that a new web service, hid.im, will encode a torrent into a PNG image file, allowing it to be shared easily through forums or image hosting sites. Quoting TorrentFreak:
"We have to admit that the usefulness of the service escaped us when we first discovered the project. So, we contacted Michael Nutt, one of the people running the project to find out what it's all about. 'It is an attempt to make torrents more resilient,' Michael told [us]. 'The difference is that you no longer need an indexing site to host your torrent file. Many forums will allow uploading images but not other types of files.' Hiding a torrent file inside an image is easy enough. Just select a torrent file stored on your local hard drive and Hid.im will take care the rest. The only limit to the service is that the size of the torrent file cannot exceed 250KB. ... People on the receiving end can decode the images and get the original .torrent file through a Firefox extension or bookmarklet. The code is entirely open source and Michael Nutt told us that they are hoping for people to contribute to it by creating additional decoders supported by other browsers."
The.Black.Hole.1979.dvdrip.xvid.torrent -> goatse.png
.
Trolling is a art,
I still think the solution is to change TPB to a TpayB. Allow us to pay $1 for a movie and allow studios to save face and jump in. More hiding like this will just put the Congressmen in action to filter. If this path is chosen, we will all be living in wifi-caves before long.
No "steganography" tag yet?
Slashdot, I'm disappointed in you. :P
Hosting a bunch of images doesn't do any good unless you have a text (or at least searchable) description of what you're downloading. Without context, warehoused information is useless. And these PNG files are just different representations of the same quasi-legal information (that is, they're still colored bits.
you mean the pirates are going to continue to beat out "the man" and get away with it?
I'm just utterly shocked.
doesn't re-scale or tag your uploaded images first!
"I bless every day that I continue to live, for every day is pure profit."
"Hey folks, go to http://imagehostingsite.com/animals/cutebear.png to get The.Black.Hole.1979.dvdrip.xvid.torrent"
goatse.png->The.Black.Hole.1979.dvdrip.xvid.torrent
You know what to do...
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
If the conversion process is resilient enough, it might not depend upon the image having an identical binary format.
My blog
I can download all of my pirated torrents and view pr0n in one convenient step? If so, this is one brilliant Nutt!
"The code is entirely open source and Michael Nutt told us that they are hoping for people to contribute to it by creating additional decoders supported by other browsers."
Ok, ok, I do understand that a browser plugin adds some convenience, but how about a stand-alone version (native executable, or maybe something like a Java, Python, Perl, or Lisp program [which would be cross-platform]), which I can just run either as a GUI, or even a command line. . .
png2torrent in.png out.torrent
(heck, the original torrent filename might be stored in the png, so you might only need to specify the input file, and optionally an output path/filename if you want to change the name or extract to a different directory).
Maybe a drag-and-drop icon on the desktop - drag the png to the icon, and it automatically creates the torrent on the desktop.
All sites hosting images will just be required to filter for those images which have torrents inside (it shouldn't be hard, just try to decode the torrent, and if you succeed, reject the image). Or alternatively, to implement software which destroys the included torrent before putting the image online.
The Tao of math: The numbers you can count are not the real numbers.
If you're trying to post torrents into a web board that won't let you, wouldn't it be easier to encode the torrent to ASCII somehow? Say, MIME or yEnc? I mean, you want people to find the .torrent, so there's no point in hiding it with steganography.
Give me Classic Slashdot or give me death!
OMG, who uses PNG files?! The compression routine is rubbish! I'm going to use this technology, but I'm going to convert the files to JPEG before I upload them. When people see how much smaller the file is that they have to download, they'll quickly move over to my way of thinking.
Summation 2
Filename extensions are a form of metadata, and I don't think it sets a good precedent to lie in the metadata for a file. It's bad enough that we have Windows hiding filename extensions from the user, and encouraging people to just double-click on a file to launch the associated app. This just seems like asking for more problems, as people try to double-click on mjthriller.png and it launches - and crashes - IE.
http://alternatives.rzero.com/
Here's an example. It's the OpenOffice.org 3.1.0 win32 torrent taken from the OO.o site.
Couldn't you just use the comments section of a .tif file instead? At least then the picture could still look like kittens instead of a broken magic eye.
If people constantly found ways to rob banks without implications there wouldn't be many banks left, would there? Instead there would be another solution that fits reality better. I don't know if you're trying to be funny or really using this as an argument, but if you're serious then you have to understand that if a method doesn't work, you need to rethink it and adapt it so that it does. The same goes with robbing banks. The very reason that we have banks left is because they've been adapted to reality. Bigger and more secure safes, security staff, panic buttons etc. The fact that avoiding getting caught filesharing is so easy means that something is wrong. Either we keep up this charade and try to limit internet without any results, or we adapt ourselves and our businesses to it and create new rules that can coexist with internet.
I am the lawn!
We have compassion for you, the anonymous internet troll. We pirate so that you can troll us with something other than the GNAA.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
I'm half tempted to pop it open myself and add a feature that inserts a text description into the encoded PNG. Really, I don't think it would be too hard (hell, it could just have a few flag bits that tell the interpreter how much of the image needs to be cropped to remove the description.)
"Sorrow is better than laughter, for by sadness of face the heart is made glad." [Ecclesiastes 7:3]
It is funny you say this, because corporate copyright holders have done just that and a huge number of people went "WAIT! That is not fair!11!!1!". Copyright legislation, law suits, DRM, etc are all adaptations to the reality created by people who have no morals or ethics and casually violate copyright law.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Lack of transparency support for your PNGs won't let those bastards see through the image to your thinly veiled P2P activity! Looks like IE6 just won the browser war.
Take a .png of the Mona Lisa and convert it to a torrent and it downloads several thousand hours of voice notes by Da Vinci... and porn
"The Y chromosome is genetic. The odds are very good that if you are male then your father was too." -Internet Commenter
I'd say copyright legislation is less like adapting your business model to reality than it is trying to force reality to adapt to your business model.
This space available.
A while ago it was a common thread on 4chan to have torrents hidden within rar files appended to jpgs. This lead to massive amount of virus infected files being uploaded. 4chan banned images that it could detect rar headers within. I can imagine similar practices would be up and about on other image boards as well.
It won't work as intended but not for the reason you say. Regardless of whether it's steganongrphyically encoded or not, this is just amtter of detectability to the eye.
let's work through the logic:
If a firefox plugin and retreive the torrent then so can any image hosting site. all reputable ones will decline to host those images. the torrents might be legal ones, but the image hosting sites will not see it valuable to their bussiness model to offer a service which might be hosting links to tainted goods.
if the encoding is done is some way that while a firefox plugin can easily recover a code that represents a torrent but you can't tell from the code if it is a torrent (without say actually trying it out) then you will have to have some other signifier that the image contains a valid torrent and the identity of what the torrent contains (so you can search for what you want). ANd again the image sites will decline to host those.
so you might as well just post hex encoded torrents and their plain language desciptions right to slashdot in the comments or in your journal. Anyone can then use slashdot's search feature or for that matter google with a site:slashdot.org search term to find them.
so it seems like this has no value as a means of hosting torrents.
Now it does have two uses one legitimate and one not. it could be just a conveinet way to pass around a torrent assoiciated with an image all in one handy container (kind of like a bussiness card printed on a mini-cd). nd it could be a way for someone to establish plausible deniability that they were posting a torrent. e.g. a blog post deploring the loss of revenue for Metalica with a picture of the band's latest almbum that happens to hide a torrent for that albumn. ("oh the irony, I just grabbed that image off google images and little did I know that particular one held a torrent. wink wink")
Some drink at the fountain of knowledge. Others just gargle.
This is for encoding the .torrent file. Not whatever it points to.
For example, I just found a torrent file for Terminator Salvation - 14kB
No not really, not at all actually. Corporate copyright holders have held a gun at the heads of a few threatening that anybody that does the same will be made an example of. This is not even remotely close to my bank example. They can't stop the methods because it would take an insane amount of restriction and surveillance, so they try the scare tactics. If the method was adapted to reality we wouldn't have had this discussion to begin with.
Also you know very damn well that people object to the fact that they are forced to be monitored just so that nobody shares files. This is a pretty big sacrifice we make for the entertainment industry and you seem to think that people brought it on themselves. Perhaps they did, but perhaps the entertainment industry did as well. Whatever methods are used today are completely useless, and to defend them isn't doing the entertainment industry nor their consumers any good. Nobody thinks music artists should be poor, at least nobody that enjoys music, since nobody would produce music if reality was as such. But the current structure is not the only possible one, and I'm damn sure that even the entertainment industry will abandon this fools errand sooner or later. Right now you're one of the responsible for keeping this natural transition at halt.
I am the lawn!
I'll be impressed when they start hiding torrents in EXE files, like with hydan. Bloated installer archives (Nvidia drivers being a good example) should make for nice carriers for this. Or even better, expand to making it possible to hide the info in any kind of file.
I built a utility that can be used for the same purpose back in april. http://cosmodro.me/blog/2009/apr/11/smuggle-improved/
It's a small flash movie that can encode files into pngs and decode them back. It's not limited to torrents, so you can encode any file that's less than about 16MB.
------- Driver carries less than 64K of cache.
Steganography hides data in an innocuous-looking "carrier" signal; e.g., a photo from your vacation; it's about hiding in plain sight. These images are not pictures of anything, and very obviously represent just a bunch of bits shoved into an image. It's the difference between a spy sending the message "So, I hear the Yankees won the other day" to communicate "assassinate the prime minister" to his partner, and sending the message "ENCRYPTED: XLAIHOIUHLEGDHGDLHSLKJHDGS" to his partner. The former avoids suspicion; the latter arouses it.
Better would be to just shove the torrents into some "reserved" or "metadata" portion of the image format, say somewhere in the header, or after the last byte of the image data (or similar; I'm not super familiar with the implementation details of these formats).
This must be a different use of "hiding" that I'm aware of, which apparently means 'make it blatantly obvious that this image is encoding something'. The point of steganography is that the image doesn't appear to have any hidden data in it.
So I suppose there might be some use for this, but it's not about to fool any hosting provider that dislikes torrents.
So now, what this is telling me is that you can post porn videos INSIDE porn pictures? mind boggling!
Why can't a forum owner scan all uploaded images for torrents using the same technology?
And not worry about the *transport?*
The Torrent file is just a little bit of text information, but what about the actual transfer, where huge amounts of data are transferred with the endpoints just flapping in the breeze, waiting for some authority figure to take notice? This is the 21st century. Shouldn't some cryptographic scheme be in place making it impossible for things like governments and XXAA's to take any interest in what goes on in the torrent transfer?
-fb Everything not expressly forbidden is now mandatory.
I'm sure the process creates works of intrinsic art of themselves, new works.
Help stamp out iliturcy.
I'm suprised no-one has mentioned this, but Spore Creation files are PNGs with a picture of the creation, with the data needed to create it in the game hidden in the alpha channel. This scheme, obviously, just generates a blurry group of pixels, but I wonder if you could change it somehow so the png looks like its contents... Like text of what's in the .torrent.
No, the size of the files listed in the torrent doesn't make a difference to the filesize. The number of trackers, nodes, and piece size (etc.), however, does. I just downloaded a .torrent file describing an 8GB 1080p movie, and it was 41KB in size.
Sadly your lack of arguments leads to flamebaiting. However try lawsuits for ridiculous sums of money that do not reflect real loss of income. Its one thing to pay for your damages, but if you actually consider this fair then I can only hope someone shoots your kneecap off with a shotgun the next time you make an illegal turn or drive too fast. It's called excessive sentencing, hope you'll like it.
I am the lawn!
250k? Instead of images, they should move to a file that's naturally larger and gives them more room to work... like movies! I can't wait until one movie is hidden inside another. Like I can download "The Fast and the Furious" but it's actually got "3:10 to Yuma" inside. Then maybe they can make a VLC plugin so when I open the container movie I see the hidden movie instead.
Somebody quick, get XZibit on this right away!
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
MAFIAA: We'll sue torrent hosters.
Web Site Operators: Make sure to convert all images that are uploaded and embed a stenographic message of "This image has been processed by (web site name here)"
Result: The Encoded torrent info is destroyed due to the subsequent stenography applied to the image.
I expect that code to be in drupal and damn near every CMS within the next month to avoid the MAFIAA.
-=[ Who Is John Galt? ]=-
you create a image ( artistic work, protected by copyright ) host in some site, RI** download the image so they can see what torrent is hiding in image, RI** try to sue you, the shoot backfires, you sue the RI** for using your copyrighted material without paying the 80k imaginary market value, because you would sell the pic for 80k.
profit!!
Seven informative responses and not a mod point to spend. Maybe every logged in user should get a half mod point to spend every day. If two of those seven spent a tenth as long modding as talking, the misunderstanding would be corrected and closed.
Do these guys even know how Bittorrent works? A .torrent file is useless without a tracker. What tracker are these files using? Whatever THAT host is, why isn't it just hosting the .torrent files?
It would be a welcome change from the banks robbing us.
Give me Classic Slashdot or give me death!
If you encode a .torrent into a PNG, invert the colors in Photoshop and decode the image back again, you get the torrent download and save alot of bandwidth.
Does this solution seem worthless to anybody else? It is less convenient to the users who have to download it, and it is full of potential problems, such as image hosting sites scanning their images for stuff like this and banning them, or simply resizing or compressing the images, and therefore corrupting the hidden data.
This solution is less convenient than the current one, which is to upload a torrent to a torrent hosting service, such as TPB or MiniNova, and then providing a link.
Am I the only one who can't determine whether you're trying to be funny or if you're just being confused?
You just got troll'd!
Yeah like the banks! Instead of adapting their business model they hired men with guns and put up bars on the windows. Get with the 20th Century, dudes. The advent of the tommy gun and the Model T ford mean that a business model based on hogging money was clearly obsolete as obsolete as the buggy whip manufacturers'. They should have given their money to entrepreneurs like Mr Capone and instead made money out selling services like tommy gun hire and washing the blood stains off spats.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
Opinions are not facts and should not be expressed as such. Try something more adult, like... "I don't like Slashdot 2.0 because of X and Y".
You are an overreactive and offtopic ass. How's that for fact?
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
[PNG is] a bit like a barcode, only with more capacity since it's 2D and colour.
PNG also supports internal textual metadata. Example: Adobe Fireworks "... by default also stores meta data for layers, animation, vector data, text and effects [in PNG]."
- http://en.wikipedia.org/wiki/Portable_Network_Graphics
-kgj
WARNING! Your toddlers might violate a Patent! http://preview.tinyurl.com/22yk38
My parents have evidence of my prior art dating back to the mid 1980s on VHS-C. I'd show you but the cassette adapter is broken.
I can put my ed2k and magnet links right in here. No problem at all. :)
ed2k://|file|[DivX - ENG] Monty Python And The Holy Grail 1975.avi|734478336|DD25EDAE3F63726F19C9B86CE4F117DE|/
What a great technology from... 2000! ^^
In my opinion, BitTorrent was a huge step backwards. Imagine if Bram Cohen had created some darknet (which would be the logical next step) with the same success instead.
Any sufficiently advanced intelligence is indistinguishable from stupidity.
well don't forget to include a description in plain text so it's search able. You could however post that in another comment with a link back to the hex torrent comment.
Some drink at the fountain of knowledge. Others just gargle.
Yes, it's detectable. But I think a lot of site maintainers have better things to do, than continuously work on the image-that's-not-used-as-an-image format du jour. If an image file decodes as an image file, then as a programmer I am done worrying about it, except for maybe secondary things, like "does the width cause it to fuck up the layout so that it needs rescaling?" It doesn't take much to sneak this by me. And that's not technical incompetence (flame me for my real mistakes (there are lot) but not this); it's just that blocking images based on possible meanings of their pixels, isn't something worth spending infinite time on.
Programmers are not going to play whack-a-mole. Turn this into whack-a-mole, and you've beaten me. I whitelist image files that behave like image files. I am not going to maintain (i.e. spend recurring time on) a blacklist.
At that point, maybe a human moderator might decide, "This image makes no sense," and see it as spam or something, and delete it. But that person isn't someone who keeps up with all the latest tech fluff and isn't going to know it's a torrent. The software could know it's a torrent and explain it to the moderator, but like I said, I'm not going to bother, because once I set down that road, it's a continuous job to keep up, and that's time I could spend doing real work instead.
If the hosting site doesn't have human moderators that are looking at the images and saying, "I don't get it, this was a discussion thread about lawnmowers, why did some user post a comment containing a picture of random colorful snow?" then it's not going to get blocked.
Parent is correct, also, a little software based on steghide does exactly what is mentionned here... It would be just a matter of putting everything in a firefox extension and you could have something much better than hid.im (although it is a good idea)
I really like the idea where, instead of a blob of color with no real meaning, you could use a representative image, like a movie-poster image...
You can concatenate anything onto the end of a GIF image and still have a valid file without any limit on payload size. The classic example is to append a zip file which keeps its "headers" at the end of the file and doesn't measure any offsets from the beginning. This allows you to attach anything to a GIF without having to have special tools to extract the payload.
I am becoming gerund, destroyer of verbs.
Would let you host them anonymously on freenet without the trouble of how to run a regular tracker on there.
There you can post descriptions to your hearts content.
---- Booth was a patriot ----
It would be easy enough to require an obscene amount of processing power to find the image. Simply run the image through an encryption algorithm 100 times. The end user could wait a few minutes to decrypt the image, but there's no way a website could do that.
Another way to do it is to include a decryption key as a captcha in the image.
You clearly know nothing about the history and original intent of copyright law.
This space available.
OK OK, I won't mod him down like I was going to. But JESUS CHRIST goombah99, take a extra minute and proofread your post next time and fix all the errors! There's apparently something of value in there, but trying to read it makes my brain bleed.
One simple rule for its versus it's
So, when the EFF sues a company for using GPL code, it should not receive a dime, yes? And, when a person is discriminated against in a restaurant, they should not get a dime because they have had any actual damages.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
What? Where did I make such a claim? I said that $1.9 million is a ridiculous sentence for her crime. How can you possibly misunderstand this? If a software provider gets caught stealing code, e.g. GPL code, they should be fined for the exact sum of copies of this software sold multiplied by the price charged per copy. This is completely fair and logical. The restaurant scenario I can't help you with. It's not in my interest nor profession. And the fact that I'm not an oracle doesn't disprove anything I say.
I am the lawn!
There are no damages in those cases. The whoever holds the copyright to the GPLed code loses no money and suffers no real harm from having their code used. No damage at all. So, any damage claims are by default ridiculous.
Why is her sentence ridiculous? Let's look at what she was found to have done: she knowingly and willfully violated the copyrights of others. She could have settled. She could have paid the original fine. But, no, she didn't. She just dug her hole deeper. It does not matter that you think she did nothing wrong, because you obviously a hypocrite and have no ethics. What does matter is that she was found guilty and her fine, according to the law, could have been TWICE that.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
sweet, now on 4chan (and 12chan) not only will CP be hidden in a torrent, but a torrent will be hidden in CP...
life is good
Be seeing you...
Has nobody heard of them? http://en.wikipedia.org/wiki/QR_Code An established standard for encoding text as an image. Bonus is - any current smart phone with the right app can recognise qrcodes. There's dozens of open source libraries to encode and decode them.
There are no damages in those cases. The whoever holds the copyright to the GPLed code loses no money and suffers no real harm from having their code used. No damage at all. So, any damage claims are by default ridiculous.
I don't understand. If you're looking for some general rule that defines damage payment I can't provide you with one. And you're not making any sense with your examples. In this case the only damage done was loss of income. There was no mental nor physical damage, only economical, so in my opinion it's quite easy to define a reasonable sum as we use money in our time to repay any damage done. Don't assume that this is some golden general rule that can be applied on any case. I never claimed such and you're simply making false assumptions.
Why is her sentence ridiculous? Let's look at what she was found to have done: she knowingly and willfully violated the copyrights of others. She could have settled. She could have paid the original fine. But, no, she didn't. She just dug her hole deeper. It does not matter that you think she did nothing wrong, because you obviously a hypocrite and have no ethics. What does matter is that she was found guilty and her fine, according to the law, could have been TWICE that.
You are truly fucking blind if you consider that a fair sentence. I'm not blaming the courts, so your bullshit argument that she could have been fined twice the amount doesn't change anything. The law is flawed, and was initially even pushed by corporate lobbyists. Also I never said she didn't do anything wrong, these are your bullshit words. During this dialogue you've made up a lot of nonsense claiming that these are my words. I'm ending this since you're not arguing anymore, you're simply lying and it's getting fucking tiresome.
I am the lawn!