Using YouTube For File Storage

First time accepted submitter ememisya writes "Ever thought it might be a good idea to store encrypted data in a QRCode video? Using this technique one could easily store 10GB of data to be available anywhere in the world, and completely free."

Ever thought it might be a good idea?

Ever thought it might be a good idea to store encrypted data in a QRCode video?

Not even a little bit. Now that you mention it though, it does sound like possibly one of the dumber ideas I've heard in quite some time.

Re:Ever thought it might be a good idea?

[ememisya]

Ever thought it might be a good idea to store encrypted data in a QRCode video?

Not even a little bit. Now that you mention it though, it does sound like possibly one of the dumber ideas I've heard in quite some time.

So considering a scenario like a student posting Iron Man 3, camera rip and the encryption key as another video onto YouTube, and the links in another forum. Who would be responsible for this copyright infringement? YouTube for having encrypted video data? It could be argued that YouTube is only carrying gibberish video data. The forum? The forum is only containing links to YouTube which is perfectly free to do. Could it be the software for putting the key and the data together? I wouldn't think so, because then any encryption library is responsible for its resulting data. It could be argued that it wouldn't be illegal until the user started writing the actual video onto his/her harddrive, at which point there will be no internet connection to detect anything unusual. Now, I'm a person who believes copying something and taking that copy is different than taking that thing itself, but I know how copyright laws are touchy about these scenarios :) My guess is they would put the pressure on YouTube to detect videos with too many QRCodes in their frames and remove them and it will soon be in their Terms of Service. If enough people abused this method anyways, writing a browser plugin to detect YouTube and offer file uploading options will fire this away to the spiral of doom, sort of like FireSheep and facebook https.

Re:Ever thought it might be a good idea?

[omnichad]

Who would be responsible for this copyright infringement? YouTube for having encrypted video data? It could be argued that YouTube is only carrying gibberish video data. The forum?

The student who posted it. If you want to get technical, the QR code video on Youtube is not gibberish video data. It's a copy of the movie. It's just a different carrier. Unless you think turning on SSL in bittorrent means you're transmitting gibberish data.

Re:Ever thought it might be a good idea?

[vux984]

Same thing if you uploaded a video containing only white noise as the picture: it's there just to waste Google's hard drive space.

http://www.youtube.com/watch?v=bf7NbRFyg3Y

Good times.

Re:Ever thought it might be a good idea?

[nabsltd]

I said that the student is responsible for the infringement. I never said it would be proven in court.

Even if it could be proven in court, that would set the precendent that any file of exactly the right number of bytes could be called "infringing".

This is because for any given set of bytes the same length as copyrighted content, there is some transform that will convert the bytes into the copyrighted content. Even if you really did start with the copyrighted content, until you perform the transform, there is no infringement.

As an example, if I encrypted the image of a commercial Blu-Ray disk with a random key that I do not know and then posted it to someplace that anybody could download it, I have not infringed, since all I did was post some bytes. If somebody guesses the key and posts it, then they are also not guilty of infringement. The only people who might be guilty of infringement would be those who use the key and decrypt the bytes into the copyrighted work.

Re:Ever thought it might be a good idea?

[Tom]

You still think on the wrong track. Really.

People thought they could do the same thing with basically any crime in the books - make some changes to the way it is done so that it isn't recognizable anymore and get away.

Surprise, the law doesn't care about the way you do it. If you kill someone, that's murder (or any of a related, bla) and it doesn't matter if you used a gun or a knife or an orbital laser array that you programmed through a Tor network and accessed over an encrypted botnet controller interface with a hundred other layers of indirection. It'll make proving that it was you who pushed the button more difficult, but if that can be done than it's still murder, plain and simple.

Same thing with copyright infringement. You take a copyrighted work, apply any number of whatever operations on it, make a copy and distribute it and you're in violation of copyright, plain and simple. The number and kind of operations in the intermediate step don't matter one iota. And as long as you don't get that into your head, you'll be laughed at when they slam you. Do you think the judge will be the smallest bit impressed by anything you said above? He'll have one question and one question only and that is: Did you copy a copyrighted work without authorisation, yes or no?

And no, that is not something that is unique of this new digital world. That's techie bla bla. You can say the same of paint or letters. No, the book sellers don't have a copyright on the letters A through Z, but they do have a copyright on a specific number of them in a specific order, otherwise known as a novel, or a poem, or a drama or whatever.

No, the movie industrie does not have a copyright on 0 and 1, yes it does hold the copyright to specific collections of 0s and 1s in specific orders. Or more specifically: To the content of what these numbers represent.

Copyright is not a mathematical concept. You can't "defeat" it with mathematics. For all the law cares, math is a tool to apply transformations on content, but that doesn't change the fact that the content is copyrighted, end of story.

Lolzers.

[RightSaidFred99]

I'm sure Youtube will _never_ notice this and your foolproof plan will be good for all time.

You might be OK with some steganography, but otherwise they will thwart you if more than a few people do this.

Re:Lolzers.

[Cenan]

The fact that you can have the "super smart encrypted content" taken down with a moments notice by serving a bogus DMCA never entered the submitters mind.

Re:Lolzers.

[tverbeek]

Yeah, this is a textbook example* of how relying on an outside "cloud" service – especially one that you have no contractual control over – to store your data is a really dumb idea.

*OK, maybe it's just in the teacher's edition.

Re:Lolzers.

[TheCarp]

No its an example of how naively relying on an uncontracted outside "cloud" service is a really dumb idea.

Now imagine you split your data up into a Set of messages, which can be recovered by any sufficiently large subset of more than N messages? This is what tahoe lafs does, typically using 10 messages, any 6 of which can recover the original.... of course its all encrypted too.

Then all you need is some process which periodically checks the messages and ensures that you always have some threshold (which should really be larger than N, by at least a few).

There is also no need for QR codes to be used, thats another example of naive use. It would actually be vastly more efficient to encode the data differently, but, encoding in such ways as to not be easily detected and removed by youtube could be tricky. However, if you could find a way to minimally disguise the data so it just looks like hours of terribly boring video (like, video of your pet fish)....

Shit you could probably just keep re-uploading the same fish video with differently encoded data and new names....nobody is going to examine hours of fish swimming to determine where the loop is or whether the two videos are of the same loop.

Re:Lolzers.

Depending on the decoding speed, this may be a good way to include tablet and phone apps with movie purchases. Just tack it on where the movie previews are. Not everybody has reliable broadband, especially those that don't stream their video.

a bit too blatant

[Trepidity]

If you start uploading videos to YouTube with nothing but frames of QR codes, you're pretty likely to have your account closed and the videos deleted.

It would be more robust if you made the video look like something that could plausibly be on YouTube as a "normal" video, even if it's something really boring. Probably especially if it's something really boring. Record one of your pets and use the low-order bits of the video and/or audio to steganographically include some data.

I already have a better solution.

I store mine in the Linux source code comments. Nobody has ever noticed.

Re:Wow... worse than old usenet binaries.

[i_ate_god]

what ever happened to the hacker mentality these days?

they would do it, BECAUSE THEY CAN. A reason so valid that it I shouldn't have to be here telling you about it.

Re:Great! Now Al-Qaeda has YouTube technology. :-(

[Cenan]

First of all, what the fuck is up with using the subject for half the reply? Seriously, cut it out. You people look like retards.

Hiding stuff in plain sight has never been very hard, you don't need youtube for that. Anything connected to the 'net is pretty much hidden in plain sight, no need to involve a millions-of-users-per-month website, when a simple IP distributed would do the trick just as fine.
Encryption is no secret, no matter what the feds tell you, the ban en exports of encryption algorithms has not made the rest of the world go sans encryption. The example in the article is about the dumbest security idea since, shit i don't know... ever?

Re:10GB Free, Wow!

[ag0ny]

Have you been hiding under a rock for the last few months? Mega gives you 50GB for free.

I found a QSR code burned into my toast

[AndyKron]

I found a QSR code burned into my toast. My cellphone read it, and it said "Jesus"

This is like

[meerling]

Using Youtube to store your files is like using your neighbors car for storing you beer without asking. Odds are that one of these days it won't be there when you really want it.

Re:Wow... worse than old usenet binaries.

[K.+S.+Kyosuke]

Are you Captain Kirk? This reminds me of the only good reason to climb a mountain.

After your first sentence, I thought that was his remark on the subject of why bang genetically or even anatomically incompatible aliens.

Re:right...

[Psyborgue]

QR codes error correction is quite resilient. Even with heavy spatial/temporal compression, the data should still be recoverable. There are far better ways of hiding data than this, however.

Re:Wow... worse than old usenet binaries.

[Psyborgue]

Because it's not a particularly clever or interesting "because we can".

Re:right...

[CrashandDie]

Have you ever used a QRCode? Ever noticed that most algorithms don't recognise the QRCode when it's sharpest and level with your screen? Usually, you don't have the time to have the code be level, or in focus, before the algorithm picks it up.

That's because QRCode are nigh indestructible. They could add a watermark and the code would most probably still be readable (depending on the level of error correction you apply when encoding).

For example, I took one of the Wikimedia QRCode examples, and drew on it. It still worked. Then I skewed the image using MS Paint. It still worked. Then I decided to go from 172 pixels to 86 pixels (using MS Paint's resize function). It still worked (zoomed to either 100% or 200%). Then I decided to "reduce its resolution", so to speak, by resizing that reduced image to 200%, then back to 50%, then back to 200%, etc for 4 or 5 times, until I ended up with this. It still worked.

Now, I'm sure that I *wanted* this to work. There will be dozens of cases where even the most stupid tear of paper or poor lighting will prevent that QRCode from being decoded. But somehow, I don't think that YouTube's HD video encoding will be much of an issue for QRCodes.

Tested with QR Droid on a Wiko Cink King, scanning off a 23" 1080p screen.