New Service Converts Torrents Into PNG Images

jamie points out that a new web service, hid.im, will encode a torrent into a PNG image file, allowing it to be shared easily through forums or image hosting sites. Quoting TorrentFreak: "We have to admit that the usefulness of the service escaped us when we first discovered the project. So, we contacted Michael Nutt, one of the people running the project to find out what it's all about. 'It is an attempt to make torrents more resilient,' Michael told [us]. 'The difference is that you no longer need an indexing site to host your torrent file. Many forums will allow uploading images but not other types of files.' Hiding a torrent file inside an image is easy enough. Just select a torrent file stored on your local hard drive and Hid.im will take care the rest. The only limit to the service is that the size of the torrent file cannot exceed 250KB. ... People on the receiving end can decode the images and get the original .torrent file through a Firefox extension or bookmarklet. The code is entirely open source and Michael Nutt told us that they are hoping for people to contribute to it by creating additional decoders supported by other browsers."

The race is on...

[grub]

The.Black.Hole.1979.dvdrip.xvid.torrent -> goatse.png
... you know you want to.

.

What?

[geminidomino]

No "steganography" tag yet?

Slashdot, I'm disappointed in you. :P

Re:What?

[grub]

It's hidden in their header png.

Re:What?

[rawr_one]

I don't get why they can't just use the old trick of hiding a zip file in an image file.

Seems simpler, technology-wise, to me than encoding a torrent file as a PNG image, and all you would have to do to get the torrent file is change the extension on the file. Also seems safer. Unless this trick wouldn't be possible with .torrent files, that is?

Still limited

[rnelsonee]

Hosting a bunch of images doesn't do any good unless you have a text (or at least searchable) description of what you're downloading. Without context, warehoused information is useless. And these PNG files are just different representations of the same quasi-legal information (that is, they're still colored bits.

Re:Still limited

[lxs]

Obviously you have never visited 4chan.

Re:Still limited

[tooyoung]

Hosting a bunch of images doesn't do any good unless you have a text (or at least searchable) description of what you're downloading. Without context, warehoused information is useless.

Yes, someone should invent a method for posting images on the internet and associating text with them.

wait wait wait...

[Rooked_One]

you mean the pirates are going to continue to beat out "the man" and get away with it?

I'm just utterly shocked.

Just make sure your image hosting site...

[lobiusmoop]

doesn't re-scale or tag your uploaded images first!

PNGs?!

[Rik+Sweeney]

OMG, who uses PNG files?! The compression routine is rubbish! I'm going to use this technology, but I'm going to convert the files to JPEG before I upload them. When people see how much smaller the file is that they have to download, they'll quickly move over to my way of thinking.

An example..

Here's an example. It's the OpenOffice.org 3.1.0 win32 torrent taken from the OO.o site.

Re:Won't work well

[slim]

All sites hosting images will just be required to filter for those images which have torrents inside (it shouldn't be hard, just try to decode the torrent, and if you succeed, reject the image).

Which just makes for an arms race, and one where the pirates can be more reactive than the authorities. Create new encoding methods, encode into different formats (MP3, JPEG, HTML, whatever).

4chan banned similiar images

[Pingh]

A while ago it was a common thread on 4chan to have torrents hidden within rar files appended to jpgs. This lead to massive amount of virus infected files being uploaded. 4chan banned images that it could detect rar headers within. I can imagine similar practices would be up and about on other image boards as well.

Why not just use slashdot instead?

[goombah99]

It won't work as intended but not for the reason you say. Regardless of whether it's steganongrphyically encoded or not, this is just amtter of detectability to the eye.

let's work through the logic:
        If a firefox plugin and retreive the torrent then so can any image hosting site. all reputable ones will decline to host those images. the torrents might be legal ones, but the image hosting sites will not see it valuable to their bussiness model to offer a service which might be hosting links to tainted goods.

      if the encoding is done is some way that while a firefox plugin can easily recover a code that represents a torrent but you can't tell from the code if it is a torrent (without say actually trying it out) then you will have to have some other signifier that the image contains a valid torrent and the identity of what the torrent contains (so you can search for what you want). ANd again the image sites will decline to host those.

so you might as well just post hex encoded torrents and their plain language desciptions right to slashdot in the comments or in your journal. Anyone can then use slashdot's search feature or for that matter google with a site:slashdot.org search term to find them.

so it seems like this has no value as a means of hosting torrents.

Now it does have two uses one legitimate and one not. it could be just a conveinet way to pass around a torrent assoiciated with an image all in one handy container (kind of like a bussiness card printed on a mini-cd). nd it could be a way for someone to establish plausible deniability that they were posting a torrent. e.g. a blog post deploring the loss of revenue for Metalica with a picture of the band's latest almbum that happens to hide a torrent for that albumn. ("oh the irony, I just grabbed that image off google images and little did I know that particular one held a torrent. wink wink")

Re:Why not just use slashdot instead?

[elashish14]

Parent is wise. It would be easy for any image hosting site to detect something like this. They would just have to scan it as they receive it. Nobody wins when you just encode it using a simple straightforward and one-time algorithm.

What the authors need to do is provide some sort of key to decoding the torrent file. Instead of creating an entire image of it, they should instead take a standard image, and use some cypher method that would slightly distort the it (blur, stretch, etc.) in some way that would allow recovery of the torrent data. Then it wouldn't be obvious to the naked eye and you could just post the information necessary to decode the information from some other location. But is this worth the effort when torrents are still easy to find? Probably not yet, but in the future it may be.

Re:Why not just use slashdot instead?

[Sir_Lewk]

Anyone can then use slashdot's search feature

I take it you've never actually tried to use slashdot's search function.

Why limit it to torrents?

[Steve+S]

I built a utility that can be used for the same purpose back in april. http://cosmodro.me/blog/2009/apr/11/smuggle-improved/
It's a small flash movie that can encode files into pngs and decode them back. It's not limited to torrents, so you can encode any file that's less than about 16MB.

Re:Why bother to hide it at all?

[Amazing+Quantum+Man]

And if the xxAA gets the torrent from the image, they're illegally circumventing a technical protection measure!