Introducing the NSA-Proof Crypto-Font

Familiar with image recognition at all? by Anonymous Coward · 2013-06-22 09:59 · Score: 4, Insightful

Undecipherable my ass.

Re:Familiar with image recognition at all? by geoskd · 2013-06-22 10:10 · Score: 5, Funny

Undecipherable my ass.
He's from a school of design, give him a little slack for not understanding how computers work...

--
I wish I had a good sig, but all the good ones are copyrighted
Re:Familiar with image recognition at all? by GameboyRMH · 2013-06-22 10:22 · Score: 5, Insightful

I want to know why he thinks the NSA prints out each webpage and email and then runs it through OCR.
???

--
"When information is power, privacy is freedom" - Jah-Wren Ryel
Re:Familiar with image recognition at all? by paiute · 2013-06-22 10:22 · Score: 5, Funny

This just in: Slashdot announced that Anonymous Coward's contract would not be renewed for next year.

--
If Slashdot were chemistry it would look like this:Cadaverine
Re:Familiar with image recognition at all? by icebike · 2013-06-22 10:22 · Score: 5, Funny

He's from a school of design, give him a little slack for not understanding how computers work...
No doubt he uses that font for all his email, having recently switched from comic sans.

--
Sig Battery depleted. Reverting to safe mode.
Re:Familiar with image recognition at all? by Mitchell314 · 2013-06-22 10:32 · Score: 2

Even if the image recognition software wasn't adaptive (which I know at least some are), an image document with this font would scream red flag. A document with lots of text but low correspondence to common latin fonts?

--
I read TFA and all I got was this lousy cookie
Re:Familiar with image recognition at all? by Anonymous Coward · 2013-06-22 10:44 · Score: 2, Insightful

This is the first submission I have modded down since the ability to vote down submissions. I tend to vote and mod positively. Who in their right might voted this story up? Speak up so we may mock you.
Re:Familiar with image recognition at all? by ObsessiveMathsFreak · 2013-06-22 10:55 · Score: 3, Insightful

Meanwhile geeks, who do understand how computers work, instead of developing technologies supporting encryption and pricacy by default, have instead hopped into bed with big data and the NSA. There are more geeks helping the NSA builds a Stasi apperatus than there are geeks working on building a truely anonymous and untappable internet.
The more I think back to the likes of the whole Firefox self signed certs debacle, the more I see the NSA survellance apperatus collectively roaring with laughter at geekdom's heedless self-destruction of itself and the internet.

--
May the Maths Be with you!
Re:Familiar with image recognition at all? by Instine · 2013-06-22 10:58 · Score: 2

It's actually very difficult for the text to be read and filtered by a computer using this form of obfuscation, as long as there are enough variants of each letter, and they are well randomised throughout the content. However, you don't actually need a special font: http://www.tienhuis.nl/utf8-generator

--
Because you can - or because you should?
Re:Familiar with image recognition at all? by Anonymous Coward · 2013-06-22 11:12 · Score: 5, Funny

I want to know why he thinks the NSA prints out each webpage and email and then runs it through OCR.
???
This is government we're talking about here. It's a kickback to the paper, printer, and scanner companies who contributed so much to some campaigns during the last election cycle!
Re:Familiar with image recognition at all? by fuzzyfuzzyfungus · 2013-06-22 11:27 · Score: 2, Insightful

Undecipherable my ass.
More importantly, it's not as though the NSA reads your email by printing it out and sending it off for OCR... Font doesn't mean much if you have the document in any remotely sane digital format.
Re:Familiar with image recognition at all? by pjbgravely · 2013-06-22 12:15 · Score: 3, Informative

I don't think the creater understands that fonts aren't sent to a recipient, only the Unicode. To make this work you would have to write it, turn the paper into a photo and send that. The parents idea or 1337 would be less work.

--
Star Trek, there maybe hope.
Re:Familiar with image recognition at all? by Yomers · 2013-06-22 12:17 · Score: 1

, ï ë ç Â âç, 3 í ä ï, ïí !

Shit, still no utf-8 suppport here? FAIL :( anyway i was trying to say that

yes, this one would be sooo difficult to decode back to ASCII characters, it would take like 3 or even more hours of work to make script that will do it, that will save us all from all kinds of data mining for sure!
Re:Familiar with image recognition at all? by Anonymous Coward · 2013-06-22 12:32 · Score: 2, Informative

Undecipherable my ass.
More importantly, it's not as though the NSA reads your email by printing it out and sending it off for OCR... Font doesn't mean much if you have the document in any remotely sane digital format.
Speaking from experience as the copier repair guy, government agencies do in fact print stuff out so they can scan it - all the time.
Re:Familiar with image recognition at all? by loosescrews · 2013-06-22 13:42 · Score: 2

I tested a couple of the more human-readable variants with the OCR built into Adobe Acrobat, and Acrobat did really well. The normal Sans and Bold variants were recognized with nearly 100% accuracy, so I am unsure why they are even included. There were only a few letters in the noise variant that it consistently got wrong, but it got them wrong in a consistent manor (e.g. i turned into !), so some simple find and replace could get you a reasonably readable document. After that I got bored and I didn't try any of the other variants.
The only use I can think of for this might be using it in conjunction with a cipher. A cipher could break the word recondition in OCR software and would also make humans less sure that they were reading the correct letters. Either way, the utility of this font is very limited.
I am sure that the NSA has better OCR than what is built into Adobe Acrobat.
Re:Familiar with image recognition at all? by Anonymous Coward · 2013-06-22 14:54 · Score: 2, Informative

TFA explains all. It's only undecipherable to the OCR software that he tried, he's well aware that it won't remain undecipherable for long, and he sees it as an exercise in awareness rather than security.
Re:Familiar with image recognition at all? by fuzzyfuzzyfungus · 2013-06-22 15:21 · Score: 1

I wonder if that's stupidity, or people who know enough to know about metadata; but not about more elegant ways of scrubbing it?
Re:Familiar with image recognition at all? by Yvanhoe · 2013-06-22 15:36 · Score: 5, Insightful

Ok, now you are getting me angry.

Geeks have been very vocal about wiretapping issues for a LONG time. Does ECHELON ring any bell? Geeks have created institutions like the EFF, tools like Tor, GPG, darknets, bittorrent, bitcoin. It is true that few people use them, and it is true as well that they allow a truly anonymous internet that escapes even NSA surveillance. I refuse that because you are too lazy to get an interest in these free tools you pretend that these problems are met with indifference in the tech community. Reality could not be further from the truth.

People making most of these tools did this for free. When was the last time you did spend money in order to protect your privacy or anonymity? The market of surveillance is several dozens of billions of dollars yearly. The market of consumer counter-surveillance is almost inexistent. Yet, effective tools that are very easy to use exist. Don't forget to thank the geeks that have known for decades that the NSA was spying on you, found it immoral and spent years working gratis to provide you for free an excellent tool.

Geeks employed at several levels at ISP do all that they can to keep internet free and neutral. The fact that regular internet is quite free (compared for instance with what you usuall get on your 3G smartphone) is due in large part because geeks in their majority have a strong ethical sense and know the value of openness. Snowden and Assange are geeks, but if you look at the HBGary leaks, you will see that developpers strongly opposed some policies. Whistleblowers about surveillance are almost always geeks involved in the infrastructure. Never legislators, managers, officiers, who know as well the extent of the surveillance.

--
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
Re:Familiar with image recognition at all? by OneAhead · 2013-06-22 15:49 · Score: 2

You're greatly underestimating what computers - and the cryptographers who program them - are capable of / up against. Defeating something like this UTF-8 generator is peanuts.
Re:Familiar with image recognition at all? by OneAhead · 2013-06-22 15:57 · Score: 2

Ignoring the obvious problem that text is usually not sent over internet as an image, if you're gonna use a cypher anyway, you might just as well spare yourself the effort of using an obnoxious font by choosing a cypher that is (probably) impossible for the NSA to crack in a reasonable amount of time. It's really not rocket science. There are some good ones implemented in gpg, among many others.
Re:Familiar with image recognition at all? by OneAhead · 2013-06-22 16:02 · Score: 3, Insightful

I see it as an excercise in misinformation rather than awareness. If this catches on, a lot of "joe sixpacks" will be led to believe that a font can somehow make an electronic document less easy to decypher, rather than exploring options that are actually pretty safe, such as gpg. [lame pgp reference intended - hur hur hur]
Re:Familiar with image recognition at all? by greenguy · 2013-06-22 16:09 · Score: 1

Um, if you mod something down down, and then comment, it wipes out your moderation. Which, in effect, also negates your post.
But, keep trying!

--
What if I do the same thing, and I do get different results?
Re:Familiar with image recognition at all? by tautog · 2013-06-22 16:20 · Score: 1

Except they posted AC.
Re:Familiar with image recognition at all? by SoCalChris · 2013-06-22 16:26 · Score: 3, Interesting

I've got a client that's a non-profit group home for abused kids. Because of what they do, and their funding sources, they have to send daily activity reports for each of the kids, including medical, psychological, behavior, school notes, etc...
Every day, the reports are hand written on to forms, which are then typed into a computer, which are then printed, which are then faxed to the county (Typically 75-100 pages of fax each day), which is then entered into the county's computers, which is then printed out and filed.
Between the original handwritten report, printed copy of the entered report, received fax, and county copy, multiplied by around 100 pages per day amounts to almost 150,000 pages created every year for something that could very easily be done almost entirely electronically.
Re:Familiar with image recognition at all? by Beardo+the+Bearded · 2013-06-22 16:32 · Score: 1, Offtopic

Ok, now you are getting me angry.
Geeks have been very vocal about wiretapping issues for a LONG time. Does ECHELON ring any bell?
Hmm?
Had this sig since 1998.

--

---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
Re:Familiar with image recognition at all? by CodeBuster · 2013-06-22 17:12 · Score: 3, Insightful

Meanwhile geeks, who do understand how computers work, instead of developing technologies supporting encryption and pricacy by default, have instead hopped into bed with big data and the NSA
Security is not something that you can simply buy as a product and then forget about. The tools are freely available, but they don't work well or even much at all unless you know how to use them. The Edward Snowden affair and his attempts to communicate securely with journalists via email serves to highlight the difficulties encountered by normal people attempting to install and use these tools. To some extent this is inevitable because good security requires knowledge of cryptographic procedures and strict observance of key handling protocols that most people outside of tech or intelligence circles would find to be esoteric at best and most probably incomprehensible.

There are more geeks helping the NSA builds a Stasi apperatus than there are geeks working on building a truely anonymous and untappable internet.
I'm not aware of any practical method of two-way communication that isn't subject to eavesdropping given enough resources. You can make yourself more difficult to follow, but as a practical matter if they want to listen in they will find a way to do so.

the more I see the NSA survellance apperatus collectively roaring with laughter at geekdom's heedless self-destruction of itself and the internet.
The people who work for the NSA have families and children too. Some of them might even be your neighbors. Surely your concerns aren't entirely separate from theirs on these matters? If they can listen to any of us then they can listen to all of us. Even Senators and Congressmen understand this much and it's no laughing matter.
Re:Familiar with image recognition at all? by Anonymous Coward · 2013-06-22 17:27 · Score: 1

Yeah and we put a bunch of Facebook pages to say we don't like it.
Re:Familiar with image recognition at all? by FatLittleMonkey · 2013-06-22 17:41 · Score: 1

"Submission != "Comment""
He's talking about a different type of mod.

--
Science is all about firing a drunk pig out of a cannon just to see what happens.
Re:Familiar with image recognition at all? by WaywardGeek · 2013-06-22 17:58 · Score: 3, Interesting

The tools for private communication are there, and geeks like me contribute what we can (not that much in my case). Instead of saying "it's not rocket science", we should say, "it's not crypto." This stuff is hard, which is why it's fun.
His statement that there is no practical way to safeguard privacy is true to a point. No one in the world is going to decrypt my one-time-pad encrypted email that I encrypt on a machine not connected to the Internet, transfer by USB stick, and email as an attachment. Instead, if anyone really cares, they'll just get my data the old fashioned way. It's really a matter of how much money the eavesdropper is willing to spend. Anything over I'm guessing maybe $100,000, and they just hire an expert to bug my house, car, cell phone, clothing, have an affair with my wife and run dog. If we care to, and have at least a small clue, we can encrypt whatever we want securely. At least if no one really cares to know what we're encrypting.
I agree with Google, Microsoft, and friends. We should let our service providers be honest with us, and have a public debate about privacy vs. security.
I don't have any secrets. Not one. Now that doesn't mean I post all my passwords on my blog,

--
Celebrate failure, and then learn from it - Nolan Bushnell
Re:Familiar with image recognition at all? by Pseudonym · 2013-06-22 19:14 · Score: 1

You could arrange things such that you almost have to do that, by using a custom character mapping and ship the font with the message.
Yes, I'm aware that simple substitution ciphers are no challenge under normal circumstances, but presumably you'd use the entire whole Unicode code space, and have a many-to-one mapping, and possibly map individual code points to parts of a character. That should make the unicity distance long enough for any modest-sized message.

--
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
Re:Familiar with image recognition at all? by inglorion_on_the_net · 2013-06-22 19:47 · Score: 1

There are more geeks helping the NSA builds a Stasi apperatus than there are geeks working on building a truely anonymous and untappable internet.
[citation needed]

--
Please correct me if I got my facts wrong.
Re:Familiar with image recognition at all? by thegarbz · 2013-06-22 20:09 · Score: 4, Insightful

Irrelevant. If the font were sent as a photograph of a printed copy all the NSA would have to do would be download his freely available font and add it to an OCR engine.
Re:Familiar with image recognition at all? by thegarbz · 2013-06-22 20:10 · Score: 3, Funny

Just don't tell the NSA where to download the font or they may be able to teach Mr OCR how to read it.
Re: Familiar with image recognition at all? by Anonymous Coward · 2013-06-22 20:41 · Score: 1

Nobody understands how computers work, only how they function. :-P
Re:Familiar with image recognition at all? by fa2k · 2013-06-22 23:55 · Score: 3, Insightful

It's actually very difficult for the text to be read and filtered by a computer using this form of obfuscation, as long as there are enough variants of each letter, and they are well randomised throughout the content. However, you don't actually need a special font:
http://www.tienhuis.nl/utf8-generator

It's like a keyless cipher that's just a character mapping (with random selection of character). If anyone used the font for something serious, the NSA could construct the inverse mapping in days manually. In fact, if the font is to be effective, the forward mapping has to be implemented in software, i.e. a program to convert normal text to "encrypted" text, and NSA could use that software to implement an automatic decoder in an hour.
Re:Familiar with image recognition at all? by netik · 2013-06-23 05:23 · Score: 1

When you invent your own cryptography, you are doomed to failure. All you need to do is load the font into the OCR software and it's game over. Sorry, sophomoric design student.
Re:Familiar with image recognition at all? by ooooli · 2013-06-23 07:01 · Score: 5, Funny

Obligatory xkcd: http://xkcd.com/538/
Re:Familiar with image recognition at all? by RockDoctor · 2013-06-23 08:14 · Score: 1

This is government we're talking about here. It's a kickback to the paper, printer, and scanner companies who contributed so much to some campaigns during the last election cycle!
Ah, the Lumber Cartel (There Is No Lumber Cartel)!

--
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
Re:Familiar with image recognition at all? by Anonymous Coward · 2013-06-23 10:00 · Score: 1

It may not be undecipherable to the NSA, but it's certainly Slashdot commenter proof. They were unable to read the paragraph where the font's creator explicitly acknowledged that it would do nothing (technologically) to stop the NSA, but would drive social change. I have translated it below for easier viewing:
"Sang has no illusions that even a clever cryptographic font—which he says you can use in email messages to shield them from snoops and font-recognition bots—will remain encoded for long. They're not meant to be long-term tools with which to combat the NSA. Rather, he views them as an awareness-raising measure."
Re:Familiar with image recognition at all? by WaywardGeek · 2013-06-23 12:31 · Score: 1

Nice link! That's one thing I love about Slashdot... if you can put up with all the noise and offensive posts, there's often a nugget worth waiting for. I hope they mod your link +5 informative.

--
Celebrate failure, and then learn from it - Nolan Bushnell
Re:Familiar with image recognition at all? by metaforest · 2013-06-23 13:25 · Score: 2

You must be new here.
That xkcd cartoon gets plastered into just about every discussion that has ever been initiated on /. since the cartoon was first published. It has relevance, but it is, at this time bordering on redundant, since every credible geek on /. knows this aspect of crypto, balls to bones.
Maybe you should take your .sig to heart, rather than wearing it like some geek-cred-badge. Also note that the tool that once again taped this classic cartoon to the thread did NOT get a risk free karma boost... why? Because the link is not helpful, funny or even relevant to a discussion about OCR resistant font faces.
Re:Familiar with image recognition at all? by ooooli · 2013-06-24 16:38 · Score: 1

Randall, is that you?
Re:Familiar with image recognition at all? by metaforest · 2013-06-24 17:08 · Score: 1

Randall, is that you?
Ah the XKCD linking tool responds.... That is Rich.
No Virginia, my name is not Randall, it is Shirley.
Re:Familiar with image recognition at all? by ooooli · 2013-06-25 02:02 · Score: 1

The only thing that could have made your reaction more comical would have been if it came from the guy who makes the xkcd comics. His name is Randall. God you made me explain a joke. Please go away now.

Yes, that'll work by Anonymous Coward · 2013-06-22 10:00 · Score: 1

for all the printed content that you want nobody to read.

Re:Yes, that'll work by Anonymous Coward · 2013-06-22 10:10 · Score: 2, Insightful

You mean this font will be best used on all future Slashdot summaries?
Re:Yes, that'll work by icebike · 2013-06-22 10:25 · Score: 1

No, just for TFAs.
The summaries are sometimes scanned by slashdot readers, so comic sans would work for those.
The titles? They have to be in clear text.

--
Sig Battery depleted. Reverting to safe mode.
Re:Yes, that'll work by fibonacci8 · 2013-06-23 00:24 · Score: 1

But then the magical incoherence of TFA kicks in and deciphers any attempts at crypto on the fly.

--
Inheritance is the sincerest form of nepotism.

Easy to crack? by doomtiki · 2013-06-22 10:01 · Score: 5, Informative

Given that this seems to be just a simple font, why would it be hard to write an OCR program to decipher specifically this font (or any other supposedly secure font)? Perhaps a program that dynamically obfuscated text like a CAPTCHA would be more useful. This appears to be more of an artistic statement than something useful.

Re:Easy to crack? by Baloroth · 2013-06-22 10:06 · Score: 5, Informative

It isn't any more difficult to crack. Moreover, the absolute only way it would introduce any difficulty at all is if the NSA is scanning images of text. You can bet 95% or more of the data they intercept is already in digital form. The computer already knows what letters are what, so this will help precisely not at all, unless you start sending your emails in image formats, in which case, which is... yeah, not exactly a good plan. Just use encryption if it needs to be secure. This doesn't do anything.

--
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
Re:Easy to crack? by Slugster · 2013-06-22 10:09 · Score: 5, Funny

That is because you are like stupid.

This would be totally rad to make signs with the next time hipsters wear the V masks and have one of those "Occupy Mall Street" things again.
Re:Easy to crack? by Will.Woodhull · 2013-06-22 10:32 · Score: 2

Agree with parent: this is just silly, unless what is being sent is an image of the text. Not ASCII or any other binary encoding.
And if one was going to send images of secret messages, what would make more sense is to use steganography: put the message in image. Like probably millions of Internet users are doing already. How else can you explain the plethora of cute kitten pictures?
A point on which I'd like to see serious discussion by persons who know what they are talking about: How hard is it to determine whether any given image contains a steg message? Assuming the message is also encoded with something simple, like Playfair?

--
Will
Re:Easy to crack? by Anonymous Coward · 2013-06-22 10:36 · Score: 2, Funny

Can't you see that he wrote with the obfuscated font?
Re:Easy to crack? by number11 · 2013-06-22 10:56 · Score: 1

Agree with parent: this is just silly, unless what is being sent is an image of the text. Not ASCII or any other binary encoding.
Maybe useful if you're sending your sekrit plans by fax, postcard, or carrier pigeon. Or, would have been useful until NSA had a copy of the font.
Oh well, back to the drawing board.
Re:Easy to crack? by ldobehardcore · 2013-06-22 11:11 · Score: 2

You can look to see if the image is bit-for-bit the same as a known clean image on the internet. EG you intercept an image in an email that also appeared on, say, 9gag. You do a check to see if the image is in the same resolution, the same codec, etc. If you know they're the same format and such, you can delta the two images, if there's a difference you look to see if the difference is on the least significant bits. If so, that's pretty strong evidence that the image has a seganographic message in it.
Other than doing a delta technique with a known clean image, I don't have any idea off the top of my head for cryptanalysis methods of finding evidence for image steganographies.

--
Hectice, baby, Mercator says hello to you
Re:Easy to crack? by phrank · 2013-06-22 11:24 · Score: 1

Steganography is the right tool for obscuring the use of cryptography, if applied correctly. If not–by using a weak algorithm, none at all or well known kitten images–it can be detected easily, of course. Just collect the low bits and apply natural language statistics or some basic cryptoanalysis.
Probably the NSA can in fact break any cipher. Why else would they employ so many brilliant mathematicians?
If I were an agency, I would prefer the easy route and make myself comfortable inside everyones keyboards.
Re:Easy to crack? by Anonymous Coward · 2013-06-22 12:09 · Score: 2, Insightful

By simply owning a cat though, or living in a neighborhood with cats, you would have a generator for an infinite number of pictures with no clean version anywhere on the internet.
Re:Easy to crack? by dgatwood · 2013-06-22 12:12 · Score: 5, Interesting

Depends on the steganography method used, and on how many images are sent using that method. If you're a spook and you see somebody suddenly sending lots of images to someone else, you might grow suspicious, at which point you'll start performing analysis to see if there are patterns emerging across the entire set of images, such as certain pixels that are always higher than the adjacent pixels by a certain amount. Granted, such patterns can just as easily be caused by sensor flaws, but some fairly primitive steganography techniques could be detectable in this way.
Second, because subpixel noise in cameras isn't random—it tends to obey a gaussian distribution, and thermal noise can vary considerably from frame to frame depending on the length of the exposure—when spread over a large enough number of sequential or nearly sequential photos taken by the same camera, the steganography might be detectable by using a model of the predicted levels of noise that the image sensor should produce for a shot of a given duration and the elapsed time since the previous shot. This won't tell you what is embedded in the image, but if you're lucky, it might tell you that with a high probability, something is embedded. Depending on the circumstances, that might be enough to get a warrant. Then again, it could just be Digimarc.
Finally, there's the question of the randomness of the source material (or, more to the point, the lack thereof). If the base image is at the native sensor resolution of the camera, the nature of the image sensors themselves could potentially be exploited to detect some types of steganography. In a real-world image sensor (except for Foveon sensors), there's no such thing as a pixel; there are only subpixels that produce a value for a single color. The camera must combine these values (a process called "demosaicing") to compute the color for a pixel in the final image. Because the subpixels that make up a pixel are not physically on top of one another, the camera typically computes the estimated value for the color at a given physical point on the sensor by combining adjacent subpixel values in differing percentages. For example, if the green subpixel is chosen as the "center" of the pixel and the red subpixel is to the left and the blue is above, it might mix a bit of the red from the "pixel" to its right and a bit of the blue from the "pixel" below it. (This explanation is overly simplistic, but you get the basic idea.)
Unfortunately for steganographers, the way that particular cameras construct a pixel value from adjacent subpixel values is predictable and well understood. If a steganographic technique does not take that into consideration, it is highly likely that, given knowledge of the camera and its particular mixing algorithm, the steganographic data can be detected simply by determining whether there is any plausible set of subpixel values that could result in the final computed pixel values for the entire image. For that matter, given that most of the algorithms for subpixel blending are straightforward, even without knowledge of the particular camera, it is highly likely that steganography can be detected, because portions of the image that contain no hidden data will likely only be producible by a single algorithm, and portions of the image that contain hidden data likely will not be.
Those are just a couple of types of analysis off the top of my head that might potentially be used against some types of steganography, given some types of source material, etc. It is entirely possible that there are steganographic techniques that are resistant to these sorts of analysis, and there are likely many other interesting types of analysis that I have not mentioned. I have not kept up with steganographic research personally, so I can't say with any certainty.

--
Check out my sci-fi/humor trilogy at PatriotsBooks.
Re:Easy to crack? by king+neckbeard · 2013-06-22 12:23 · Score: 1

Except many of the services in question do not present clean images. They will watermark it, recompress it, change metadata, etc. And that's assuming that the steganography is added to an existing picture. If no clean image exists, then there is no known clean image.

--
This is my signature. There are many like it, but this one is mine.
Re:Easy to crack? by ldobehardcore · 2013-06-22 12:30 · Score: 1

Yeah. That's why this type of steganography detection is really hard to actually implement.
Another commenter replying to me outlined a number of cryptanalysis methods that don't seem to rely on a known clean copy. Although, they do seem to rely on bitmaps and known information about camera sensors. I'd expect an easy way to screw up an analysis would be to change to a lower bit-depth apply a few randomly tuned effects, re-encode the photo to a different codec, and then do the steganographic embedding. Then the camera sensors' noise profiles wouldn't really matter since the image is somewhat chaotically altered from the sensor's raw output.

--
Hectice, baby, Mercator says hello to you
Re:Easy to crack? by Anonymous Coward · 2013-06-22 12:54 · Score: 1

By god, sir, you are a criminal mastermind.
Re:Easy to crack? by Will.Woodhull · 2013-06-22 14:26 · Score: 1

It seems like an easy way to assure the steg could not be identified (let alone extracted) would be to apply a steganographic mask first: using Method A for selecting pixels to alter, encode an entirely random text onto the image, then use Method B to encode the payload on the result.
I'm thinking that you would still want to use some form of encryption on the payload first.
Makes me wonder to what extent steg techniques are being used today.

--
Will
Re:Easy to crack? by shikaisi · 2013-06-22 14:50 · Score: 2

Makes me wonder to what extent steg techniques are being used today.
What else do you think all those cute pictures of cats are on the interwebs for?

--
No left turn unstoned.
Re: Easy to crack? by ldobehardcore · 2013-06-22 14:51 · Score: 1

I used to be very interested in steganography in my adolescent years. Mainly because the home pc was shared and I wanted to find a way of storing porn on it in a more undetectable way than building a folder hierarchy, or putting it in a system folder.
I don't bother with steganography anymore, as I don't really care that much anymore what someone might find on my machines

--
Hectice, baby, Mercator says hello to you
Re:Easy to crack? by Anonymous Coward · 2013-06-22 16:42 · Score: 1

Too bad there aren't mod points for "whoosh".
Re:Easy to crack? by Rich0 · 2013-06-23 01:56 · Score: 1

It isn't any more difficult to crack. Moreover, the absolute only way it would introduce any difficulty at all is if the NSA is scanning images of text.
Look closer. He did actually create one font which is plain letters, but with the shapes not corresponding to the correct ASCII codes. That would actually create a very slight difficulty in scanning text (granted, one solved by a 3 line mapping function with 26 bytes of lookup).
Of course, if you used that in an actual online message the recipient wouldn't be able to read it without using the same font.
Might as well just use ebcdic while you're at it...
Re:Easy to crack? by countach · 2013-06-23 09:36 · Score: 1

If you're sophisticated enough to be evading spooks and using stenography, you're probably not using " primitive steganography".
Re:Easy to crack? by Ceriel+Nosforit · 2013-06-23 10:30 · Score: 2

Depending on the circumstances, that might be enough to get a warrant.

Those no longer seem to matter to your government.

--
All rites reversed 2010
Re:Easy to crack? by tlhIngan · 2013-06-24 03:44 · Score: 1

It isn't any more difficult to crack. Moreover, the absolute only way it would introduce any difficulty at all is if the NSA is scanning images of text. You can bet 95% or more of the data they intercept is already in digital form. The computer already knows what letters are what, so this will help precisely not at all, unless you start sending your emails in image formats, in which case, which is... yeah, not exactly a good plan. Just use encryption if it needs to be secure. This doesn't do anything.

Not only that, but anything printed out in the crap font is now 100% harder to read by the recipient. It's basically a really good way to irritate anyone who might receive the printed document (electronically, well, just like I can select a new font from the Font menu...).
Really, it's just another form of WingDings in the end.

Oh that Sang Mun by Anonymous Coward · 2013-06-22 10:02 · Score: 1, Funny

I heard he's quite the cunning linguist!

But a BYTE Is a letter by Bruce66423 · 2013-06-22 10:03 · Score: 4, Informative

which is only subsequently translated into a type face when the item is converted into an image which doesn't contain the letters. So all your data would have to be held as such PDFs, which are no longer searchable.Nice idea - shame about the reality

Re:But a BYTE Is a letter by cold+fjord · 2013-06-22 10:14 · Score: 3, Interesting

The great tragedy of Science — the slaying of a beautiful hypothesis by an ugly fact. -- Thomas Huxley

--
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Re:But a BYTE Is a letter by mephist01 · 2013-06-22 10:26 · Score: 1

I've seen a couple academic articles in pdfs where copied text came out as jibberish. At the time I thought it was copy protected because when I examined the metadata I saw that dozens of proprietary fonts had been embedded.
If a font that escapes OCR is created so that it does not match ascii or unicode standards then I can see that it wouldn't be machine readable, at least until someone works out the mapping manually. However, the document wouldn't be searchable and would be pretty much an image.
Re:But a BYTE Is a letter by Paul+Jakma · 2013-06-22 10:33 · Score: 1

PDFs very much can be searchable, and cut & paste-able, etc.

--
I use Friend/Foe + mod-point modifiers as a karma/reputation system.
Re:But a BYTE Is a letter by K.+S.+Kyosuke · 2013-06-22 11:07 · Score: 2

I've seen a couple academic articles in pdfs where copied text came out as jibberish. At the time I thought it was copy protected because when I examined the metadata I saw that dozens of proprietary fonts had been embedded.
That happens whenever the typesetting program doesn't include an internal-encoding-to-Unicode table into the PDF file. My understanding of PDF is quite rusty but I believe that the Tj operator which is most commonly used for drawing text works with 8-bit strings. This means that if the original uses anything clever, the typesetting SW has to reencode the font, translate the original into to the new encoding, and embed a matching translation table from character numbers to glyph names to be used for displaying the text. When you're copying the text out, every character has to be converted back to Unicode according to the table which may or may not be present. If there are more different characters used in the text than what the 8-bit strings can handle, you have to switch the reencoding in the middle of the text and include multiple reencoding tables. I think that since the glyphs are named, you need to include the (potentially subsetted) font only once, but again, there have to be multiple 8-bit-number-to-glyph-name tables present, otherwise you wouldn't be able to display the different strings with different reencodings. Pretty much the only situation where you can copy out text without the reencoding tables is when the text is ASCII-only and uses the default mapping, which will fail for any non-English text, for example.
If anyone here understands PDF better than I do, feel free to correct me.

--
Ezekiel 23:20
Re:But a BYTE Is a letter by idunham · 2013-06-22 11:21 · Score: 1

IIRC, part of the problem is that the font tables may include arbitrary character numbers; if you use characters a-e and m-p, it's fine for the application to write a PDF that maps those like it would map a-i. (Source: my best recollection of the notes in either xpdf or mupdf, I forget which, that I read a year or two ago...)
Re:But a BYTE Is a letter by Bazman · 2013-06-22 11:26 · Score: 1

For a single font and a known language the mapping can be cracked easily by computer - its just a permutation and you can crack it by letter frequency analysis. Once the computer has guessed E and T and a couple of vowels it can dictionary-scan the rest of the text for possible words and get the rest of the letters.
I suppose if you use several fonts then you could use them so that E was 21 in font 1 and 8 in font 2 and so on, and then switch fonts randomly to balance out the number counts. I still think that's crackable, you just have a two-d table of frequencies (number/font) to try.
Re:But a BYTE Is a letter by K.+S.+Kyosuke · 2013-06-22 11:39 · Score: 1

That's perfectly all right, it doesn't matter when displaying the text since the uint8->glyph_name table is always there (otherwise the text would be undisplayable). It's just that the uint8->Unicode_code_point isn't mandatory and without it, you're copying out the internal representation as a pile of gibberish instead of a Unicode string.

--
Ezekiel 23:20
Re:But a BYTE Is a letter by crutchy · 2013-06-22 13:35 · Score: 1

but a byte is just a series of electronic gates made up of doped silicon with electric current running through them... if we etched our messages in stone rather than sand the NSA would have no fucking idea what we were talking about
Re:But a BYTE Is a letter by OneAhead · 2013-06-22 16:24 · Score: 1

at least until someone works out the mapping manually.
Perhaps it will suprise you that even amateur cryptographers these days have computer programs at their disposal that can "work out the mapping" completely hands-free from letter frequencies and patterns in the cyphertext and a library of existing words. And it doesn't take a lot of computer power; one could break a simple substitution cypher on a smartphone in a few seconds, provided a few sentences of cyphertext. When in middle school, I used to amaze classmates by cracking their substitution cyphers with pen and paper during a boring class. It's the easiest parlor trick - virtually anyone can do it once you show them how it's done.

I guess it will work... by cdrudge · 2013-06-22 10:06 · Score: 4, Insightful

I guess it will work for all my digital content that I save as raster graphics. Which is...um...none of it.

Re:I guess it will work... by girlintraining · 2013-06-22 10:53 · Score: 1

I guess it will work for all my digital content that I save as raster graphics. Which is...um...none of it.
Meanwhile, at NSA headquarters...
If Findfile(@SYSTEMDIR & "\Fonts\" & "ZXX.tff") Then {
Enhanced_anal_prober();
}

--
#fuckbeta #iamslashdot #dicemustdie

This is what you get... by carlhaagen · 2013-06-22 10:12 · Score: 4, Insightful

...when people with a fundamentally flawed understanding of computer communication try their hands at digital cryptography.

Re:This is what you get... by Anonymous Coward · 2013-06-22 13:14 · Score: 1

Like when government agencies set the background to black when redacting.

Yeah... by Georules · 2013-06-22 10:13 · Score: 4, Informative

Looks like a fun little project, but subverted about as trivially as a ROT-13. A dynamic font might be a little better.

How can we conceal our fundamental thoughts from artificial intelligences and those who deploy them?

By using a real form of encryption.

Re:Yeah... by camperdave · 2013-06-22 10:54 · Score: 4, Funny

The beast at Tanagra. Kiteo, his eyes closed. Temba, his arms wide/open. Shaka, when the walls fell. Temba, at rest.

That's all I've got to say about that.

--
When our name is on the back of your car, we're behind you all the way!
Re:Yeah... by BSAtHome · 2013-06-22 10:56 · Score: 2

Just send all communication in EBCDIC with latin or utf ID. Surely will make all slightly modern computers go haywire.
Re:Yeah... by Georules · 2013-06-22 12:51 · Score: 4, Funny

Sokath, his eyes opened.
Re:Yeah... by camperdave · 2013-06-22 13:40 · Score: 1

That's why I use IPX on my internal network. Nobody makes IPX cracking tools.

--
When our name is on the back of your car, we're behind you all the way!
Re:Yeah... by Georules · 2013-06-22 14:46 · Score: 1

If it's a picture of the text, as the use case in the article describes, it would take a bit of work to OCR it. Namely, by installing the font into your OCR database. I'd say about the equivalent of rot13 difficulty.
Re:Yeah... by Georules · 2013-06-22 14:50 · Score: 1

I imagine OCR that reads text includes fonts as classification patterns. Install this font into the database. Done. The gist of this font is just a political statement. Unfortunately the author also incorrectly demonstrates it to have a purpose.
Re:Yeah... by perryizgr8 · 2013-06-23 16:03 · Score: 1

I bet the people at NSA have already included this font in their auto-snoopers.

--
Wealth is the gift that keeps on giving.

I don't get it. by Anonymous Coward · 2013-06-22 10:15 · Score: 1

So, the NSA is reading your digital communications. A funky font is no help here, unless it also uses a different encoding (such as trivial replacement scheme where letters look like different letters). This kind of security by obscurity is't something that will defeat the NSA if they try. It might help if they don't try, but wouldn't real encryption be a better idea?

In the case of printed text, this font is supposed to resist OCR via security by obscurity. Thats not very useful: feed the publicly available font into the OCR software then the encryption is broken.

I'm glad someone it trying to cause a minor inconvenience for the NSA, but perhaps he should just use https for his site instead? That would accomplish more. Unencrypted site that wants to give me a cookie; that protects my privacy real well. (Oh, and slashdot, about time for https for you too?).

Recommending Tor would make more sense.

Is this a joke? by whoisrich · 2013-06-22 10:16 · Score: 1, Insightful

I am not sure if the person is an idiot or just trying to get attention from the NSA news.

The fact that each character has the same obfuscation means that it would be easy to match against, it would be more secure to take a marker pen and scribble random lines through pictures of your rebel message.

But the "clever cryptographic fontâ"which you can use in email messages to shield them from snoops" is just laughable. Any text scanner would only see the character encoding, not the font, or is opening an e-mail and changing it's font beyond their comprehension.

Re:Is this a joke? by fustakrakich · 2013-06-22 10:52 · Score: 5, Funny

Yes, you get better encryption when you type unicode on Slashdot..

--
“He’s not deformed, he’s just drunk!”
Re:Is this a joke? by zidium · 2013-06-23 04:49 · Score: 1

You're saying résumé shouldn't work?

--
Slashdot Valentines Beta Massacre: iT WORKED! The boycotts killed Beta!!

How about this one? by Anonymous Coward · 2013-06-22 10:18 · Score: 1

Almost completely indecipherable. http://blokkfont.com/

really want to give the NSA fits? by Connie_Lingus · 2013-06-22 10:20 · Score: 2, Funny

hey this has given me an idea for the perfect secure font...every char is a blank.

--
never bring a twinkie to a food fight.

Re:really want to give the NSA fits? by Brucelet · 2013-06-22 11:55 · Score: 1

They already use one like that. Every letter is thick black line.
Re:really want to give the NSA fits? by Brandybuck · 2013-06-22 14:06 · Score: 1

Too complicated. Just use a white font, they'll NEVER be able to read it!

--
Don't blame me, I didn't vote for either of them!

useless by BarfooTheSecond · 2013-06-22 10:28 · Score: 2

"This project will not fully solve the problems we are facing now", they say. I'd say it barely solve some.
It could even mislead people into thinking that writing emails with this font will make their messages safer. My father for sure would, as he doesn't know what UTF-8 nor what "charset" do mean.

Re:useless by Georules · 2013-06-22 12:59 · Score: 1

You make an interesting point. It likely makes the entire problem worse by providing weapon with no power.

Missing the point... by RedBear · 2013-06-22 10:29 · Score: 3, Insightful

I think most commenters here will end up completely missing the point, just as I initially did. Of course it will be trivial to bypass any possible protection the font might briefly provide, but that isn't the point. The making of the font is a political statement against government machinery and software spying on us and taking our humanity away. As such, I'd say it's quite clever and attention-getting.

Now I'll sit back and watch 50 different people get up-modded for pedantically explaining how it will be trivial to train an OCR to recognize the font and how software reads the bytecodes and doesn't care about the font and blah blah blah...

Is that a giant whooshing sound I hear?

Re:Missing the point... by putaro · 2013-06-22 10:45 · Score: 4, Insightful

And I will be writing all of my messages in crayon from now on because crayon will smudge up the scanner. It's only a point if it actually does something!
Re:Missing the point... by PipianJ · 2013-06-22 10:52 · Score: 1
While commenters here will be quick to point out that the font doesn't actually provide protection, you have to realize that there are people who will actually perceive the font as offering protection. Setting the record straight is just as important as recognizing the artistic message behind the act. We can appreciate the intent and the result, but we should also not delude ourselves that it has purpose beyond simply conveying an artistic message.
What's interesting is that this actually enriches the post-modern interpretation of the artwork, rather than detracting from it. Not only does the work demonstrate the superficial rejection of the all-seeing police state, but to those who understand and appreciate the technical aspects of the digitization of data, it also demonstrates deeper opposing meanings that are equally valid:
- that despite the effort of the common man, it is practically impossible to hide from the panopticon;
- that the commercialization and publication of a "standard" way to avoid breaches of privacy (i.e. a monoculture of privacy applications, like how so many people turn to 1Password) inevitably lead to breaches of privacy due to the shared central point of weakness; and
- that, ultimately, the assumption of and reliance on a shallow culture of privacy ("oh, just use PGP and you're safe!") is insufficient.
Re:Missing the point... by Intrepid+imaginaut · 2013-06-22 11:19 · Score: 1

Spammers have been trying to sneak past filters since the dawn of the internet, and have forgotten more about it than most people will ever know. Your best bet is probably to mix up words so they are still legible but don't match word recognition algorithms, and only then until the NSA catch on that this is being widely used. Assuming you don't just get snagged on spam filters.
Re:Missing the point... by divisionbyzero · 2013-06-22 11:28 · Score: 1

I think most commenters here will end up completely missing the point, just as I initially did. Of course it will be trivial to bypass any possible protection the font might briefly provide, but that isn't the point. The making of the font is a political statement against government machinery and software spying on us and taking our humanity away. As such, I'd say it's quite clever and attention-getting.
Now I'll sit back and watch 50 different people get up-modded for pedantically explaining how it will be trivial to train an OCR to recognize the font and how software reads the bytecodes and doesn't care about the font and blah blah blah...
Is that a giant whooshing sound I hear?
Either way, it's still lame. I mean the pedants are obnoxious but so are pointless political gestures.
Re:Missing the point... by DNS-and-BIND · 2013-06-22 11:36 · Score: 1

No matter how many times I hear the "but he's making a statement!" argument, it never stops seeming retarded. You mean he's winning a symbolic victory? You can win all the symbolic victories you want - I'll take the real victories.

--
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Re:Missing the point... by king+neckbeard · 2013-06-22 11:41 · Score: 2

If you want to make a political statement, why not just make a font that is all middle fingers? Equally useful, much clearer, and it requires far less effort. That he intends to make a political statement doesn't stop him from being a dumbass. There are plenty of stupid political statements. Furthermore, I'm not entirely convinced that he believes this to be a purely political statement. If he does, then he's done a poor job of explaining himself, as that is not what his statements convey. In all likelihood, he really has a poor grasp of the issues at hand, and while he is on the right side of this issue, he's not doing anything to help, and may give some people a false sense of security.

--
This is my signature. There are many like it, but this one is mine.
Re:Missing the point... by RedBear · 2013-06-22 11:53 · Score: 1

I think most commenters here will end up completely missing the point, just as I initially did. Of course it will be trivial to bypass any possible protection the font might briefly provide, but that isn't the point. The making of the font is a political statement against government machinery and software spying on us and taking our humanity away. As such, I'd say it's quite clever and attention-getting.
Now I'll sit back and watch 50 different people get up-modded for pedantically explaining how it will be trivial to train an OCR to recognize the font and how software reads the bytecodes and doesn't care about the font and blah blah blah...
Is that a giant whooshing sound I hear?
Either way, it's still lame. I mean the pedants are obnoxious but so are pointless political gestures.
Oh gosh, my sincerest apologies. I'll be sure to let everyone know that all political gestures need to be cleared by you first. You know, to make sure they're not "lame".
If his purpose was to invoke widespread discussion of governmental spying on everyday activities of citizens, I'd say it was far from pointless. But that's just my opinion.
Re:Missing the point... by RobbieCrash · 2013-06-22 12:42 · Score: 1

As with most art-based political commentary, almost nobody will get it outside of art circles.
Everyone will think "This is stupid, why would you do that? It's hard to read; I don't get it."

--
Keep on knockin'
https://robbiecrash.me
Re:Missing the point... by Georules · 2013-06-22 13:01 · Score: 1

I agree it's a fun little project. Looks neat too. The problem is that it actually has no use at all, but is demonstrated falsely to have some kind of technical advantage. Snake oil.
Re:Missing the point... by clarkkent09 · 2013-06-22 13:43 · Score: 1

I don't know how the discussion of governmental spying can get any more widespread? You mean, the front page story in every media outlet in the world might not get noticed, but some random guy making a font - well, that will get everybody's attention.

--
Negative moral value of force outweighs the positive value of good intentions.
Re:Missing the point... by reboot246 · 2013-06-22 13:48 · Score: 1

So, how's that big government thing working out for ya?

The solution is to end the NSA, and to do that you have to end the big government that created it - Republicans AND Democrats are the guilty ones.

Become what you think you are - a Libertarian. Hell, even become a Tea Party member. The ONLY way to kill the beast is to starve the beast. Cut taxes. Cut the size of government. Make them our servants again, not our masters.

You have only yourselves to blame.
Re:Missing the point... by camperdave · 2013-06-22 13:52 · Score: 2

A point that doesn't accomplish anything is pointless.

--
When our name is on the back of your car, we're behind you all the way!
Re:Missing the point... by Brandybuck · 2013-06-22 14:10 · Score: 1

It's not about missing the point, it's about the how email actually works. It's not that this method doesn't work, it's that it's a complete and total non sequitur. It's like trying to hide your income from the IRS by endorsing all your paychecks in disappearing ink.

--
Don't blame me, I didn't vote for either of them!
Re:Missing the point... by inglorion_on_the_net · 2013-06-22 20:00 · Score: 1

The making of the font is a political statement against government machinery and software spying on us and taking our humanity away. As such, I'd say it's quite clever and attention-getting.
Oh, I thought the point was figuring out how many unsuspecting netizens could be fooled into seriously discussing what is obviously a joke.
I mean, first we get a whole uproar about the NSA wiretapping, as if this is news. This was going on when Bush the second was president, and was widely discussed at the time. Really, this isn't news.
Then we get people seriously believing things like the NSA using more storage capacity than has actually been manufactured worldwide, or an operation like what the NSA was purportedly carrying out costing only 20 million dollars.
And now people are seriously talking about a *font* that is supposed to somehow stymie these efforts.
Clearly, someone is playing some netwide joke on us. The thing is, I'm not really amused, because there are real issues here and real people are being negatively affected by all this nonsense.

--
Please correct me if I got my facts wrong.
Re:Missing the point... by putaro · 2013-06-23 02:09 · Score: 1

Slashdot likes crayon. Deal with it.
Re:Missing the point... by divisionbyzero · 2013-06-24 16:39 · Score: 1

I think most commenters here will end up completely missing the point, just as I initially did. Of course it will be trivial to bypass any possible protection the font might briefly provide, but that isn't the point. The making of the font is a political statement against government machinery and software spying on us and taking our humanity away. As such, I'd say it's quite clever and attention-getting.
Now I'll sit back and watch 50 different people get up-modded for pedantically explaining how it will be trivial to train an OCR to recognize the font and how software reads the bytecodes and doesn't care about the font and blah blah blah...
Is that a giant whooshing sound I hear?
Either way, it's still lame. I mean the pedants are obnoxious but so are pointless political gestures.
Oh gosh, my sincerest apologies. I'll be sure to let everyone know that all political gestures need to be cleared by you first. You know, to make sure they're not "lame".
Yeah, please do. It'd save everyone a lot of wasted time and effort. Thanks.

Have they thought this out? by frovingslosh · 2013-06-22 10:30 · Score: 1, Insightful

At a moment when governments and corporations alike are hellbent on snooping through your personal digital messages, it'd sure be nice if there was a font their dragnets couldn't decipher.

It is just a font! If I'm sending a digital message, as the intent of this article states, then it hardly matters what font I want it displayed in. What am I expected to do, print every email that I type and all of the data that I want to send into an image that uses this font and just send the image? I'm not convinced that would slow the NSA down as much as it would impact the people I was trying to send it to, not to mention the potential for errors in receiving messages. I'll stick with my one time pad software.

--
I'm an American. I love this country and the freedoms that we used to have.

Re:huh? by sribe · 2013-06-22 10:34 · Score: 1

not sure what the point is even if you typed it in wingdings it would not obscure the meaning of the original message

As SCO once demonstrated so aptly...

Doing this with HTML by Animats · 2013-06-22 10:35 · Score: 1

You could obfuscate HTML by generating a custom font with glyphs in the Unicode private use space for each message, then using hard-to-read characters. This is, of course, a monoalphabetic substitution, which is close to the weakest known cryptosystem. At best it might be useful for getting spam through filters.

If anybody started using this font for CAPCHAs, there would be a module to break it for spam programs within weeks. Assuming the existing learning algorithms didn't solve it automatically.

Summary misses the point... again... by wonkey_monkey · 2013-06-22 10:46 · Score: 3, Interesting

Yes, as anyone with half an ounce of sense will have already realised, no font will ever be NSA proof. The first mistake was publishing it on the internet...

The creator is trying to make a point about privacy, not implement a workable solution.

--
systemd is Roko's Basilisk.

Re:Summary misses the point... again... by OneAhead · 2013-06-22 16:36 · Score: 1

Nope. The first mistake was creating it. No, wait, the first mistake was thinking a font would afford any kind of security whatsoever.
Re:Summary misses the point... again... by dkf · 2013-06-22 23:55 · Score: 1

The creator is trying to make a point about privacy, not implement a workable solution.
Ah, it's more subtle than that. The creator is now entirely safe from the NSA on the basis of being placed permanently in the box labeled "stupid useless arts graduate".

--
"Little does he know, but there is no 'I' in 'Idiot'!"

You guys don't get it by t8z5h3 · 2013-06-22 10:48 · Score: 1

I would not ether unless I had a tech support call about a x showing up when the guy pressed the r key... This really about ASCII codes. The person who created it thinks 1. NSA is focued on U.S. keyboards (as it is the English standered each key is mapped to a ASCII code so if you mix up those codes and send all your e-mail in HTML where the codes are mapped to the letters then your safe 2. NSA is so big and working on so many streams of info that the amount of work it would take to create a single system to work on the font that few will use its pointless. (apple effect for hackers) Also NSA is looking most likely for keywords this will not set off any of those.

wow- so dumb. by Maxo-Texas · 2013-06-22 10:50 · Score: 1

Firstly, if its using standard character values and this font is laid over it, then you just look at the character value.

Secondly, If this is only for display documents, there's OCR and the NSA is unlikely to get a sneaker net hard copy anyway.

So if you limit it to electronic documents, then the only way to make it unreadable is

a) the underlying character values are goofy ( the letter 'z' displays as "A").

So the unicode character values
zd% ne@erkaw $ekkew
is actually display as
"The terrorist network."

And then you might as well use stenography.

--
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.

Re:They're from RISD by PolygamousRanchKid+ · 2013-06-22 10:59 · Score: 2

RISD is just a place where stupid hipster kids with rich parents go to film themselves masturbating in bath tubs then go in front of the class and spout a line of b.s. about how it's the most original and unique thing ever created.

I dunno. The Talking Heads came out of the RISD, and they were pretty cool back in the 80's.

Of course, maybe the RISD only produces a band like that once in a lifetime . . .

--
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!

Re:They're from RISD by mwvdlee · 2013-06-22 11:00 · Score: 1

In all fairness, there's a good reason why nobody ever before attempted to do whatever they did, so it IS unique.

--
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?

better idea by louden+obscure · 2013-06-22 11:01 · Score: 1

http://search.dilbert.com/comic/Small%20Font

Prior art?

--
Serenity now, insanity later.

Re:better idea by Georules · 2013-06-22 13:34 · Score: 1

and Dilbert possibly displays the idea better. Rather than being pretentious art masked with a use case, it's shown properly as a joke.

That's what I was thinking by symbolset · 2013-06-22 11:07 · Score: 1

I was going to come in here and remind Soulskill that this is not April first. But then I remembered that there's a "submit story" link in the /. global footer. This is probably his way of reminding us that we need to click that now and then if we don't want to see this crud.

--
Help stamp out iliturcy.

Re:That's what I was thinking by symbolset · 2013-06-22 13:36 · Score: 1

Apparently now I need to remind folks that slashdot.org/recent is important too. There are people who want to prevent certain stories from being accepted from the submission queue, and they're here all day to downvote the firehose because they're getting a daily rate.

--
Help stamp out iliturcy.

Great art but.. by houbou · 2013-06-22 11:10 · Score: 1

lousy encryption idea. I mean, all one has to do is add this to an OCR database in order to decipher the text. anything printed and mapped is in essence already broken.

Wrong goal by Skapare · 2013-06-22 11:11 · Score: 1

The idea should be to get ideas out on a larger scale, not hide them.

--
now we need to go OSS in diesel cars

Now he just needs to get the NSA to install it by Arancaytar · 2013-06-22 11:17 · Score: 1

So his stuff will actually show up in that font when they try to read it.

Wait...

Re:huh? by Groo+Wanderer · 2013-06-22 11:18 · Score: 1

"As SCO once demonstrated so aptly..."

I believe you are confusing a lawsuit concieved by wingings rather than written in that font. :)

Epic failure by pbjones · 2013-06-22 11:19 · Score: 2

Too easy to train OCR for his font. Same glyph for same character. When they say that NSA is reading your mail, they don't mean snail mail. I'm sure that it seamed like a good idea at the time.

--
There was an unknown error in the submission.

alternate implementation by v1 · 2013-06-22 11:36 · Score: 2

If you exported a document as a pdf, you can embed fonts in it. Run a program to convert your original text file into another one. translate out the characters to other ascii ids. and then embed the font.

For example, ""DOG". Letter "D" is ascii 68. So the pdf will say "this is character 68, in whatever font you had selected." So place the obfuscated glyph for "D" in the position for "Y" (90) and then change all Ds to Ys in the document's text stream. Then when a person reads it, it LOOKS like DOG but copy-paste will get "YOG". Do this for all characters and numbers.

A smart app to do this would roll up a random ascii remapping for each document, and obfuscate characters in the font differently each document. This would make it difficult to craft a specific skimmer module to handle this obfuscation automatically..

This will allow you to email or post the data, and humans to read it, but skimmers won't get legible text with a copy and paste, and if they then fall back to OCR attempt, that will also fail.

Although in reality, fallback to OCR in an automated system is unlikely, and would probably just move on to the next document to skim. So just making very slight adjustments to the glyphs in the font, (to prevent automated correction) in addition to mixing them up, would probably do a good job against fully automated skimming. The adjustments this guy is making (except for the last one) are inconvenient to read. Just adding a LITTLE noise would do the trick I think.

--
I work for the Department of Redundancy Department.

Re:alternate implementation by camperdave · 2013-06-22 13:38 · Score: 1

That's still just a simple substitution cypher, which is dead easy for a computer to crack given a sizeable enough input. Besides, why would OCR fail if it is human readable?

--
When our name is on the back of your car, we're behind you all the way!
Re:alternate implementation by complete+loony · 2013-06-22 14:46 · Score: 1

It probably isn't deliberate at all. If the pdf was created with a windows printer driver, the easiest method for converting word files for example, then the printer driver interface basically does the same thing. "Here's this new font definition, but I'm only using these 50 glyphs so I'm not going to tell you what the unicode characters are."

--
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
Re:alternate implementation by v1 · 2013-06-23 12:02 · Score: 1

That's still just a simple substitution cypher, which is dead easy for a computer to crack given a sizeable enough input. Besides, why would OCR fail if it is human readable?
You missed two important points to my suggested method. (1) there's no clue that it's enciphered. (beyond being a bit of a jumble anyway) Even if it's only a substitution cipher (which it indeed is) then it amounts more to stenography than enciphering. Imagine the cpu time they could burn up trying to decipher everything they ran across on the internet that didn't appear to be cleartext? I don't think they'd get much done. The return on investment is too low.
(2) I'm not saying ditch the font tweaking. Just don't go quite as wild as this guy is suggesting. It doesn't need to beat OCR. Why would you bother to OCR something when you have the text of it? that'd be like printing out an email you received, sticking it on the scanner, scanning, OCR'ing, and then reading the result... complete waste of time when you already (think you) have the plain text? Without this light noise to the font, the easiest way to detect my above steno is to compare the font against known fonts. (there really aren't that many, 99% of the fonts you will find in use in a given year will be in a set of under 20,000 and of course there are a few dozen that alone will take the first 70%) You just need to make it not quick to compare your font (hashed) against the known fonts to check to see if someone is pulling the above switcheroo steno, and if you detect it, then dump into more processor intensive analysis like substitution cipher.
Moral of the story is, if the cost to investigate is justified by the level of suspicion that they need to invest more resources, you've already lost. They have infinite resources if they strongly (or even reasonably) suspect you are hiding something.
If the NSA etc want to seriously respond to these ocr-impossible fonts, they'll just look for it (which is rather trivial seeing as they've published the font, it's static) and then just bulk it to a sweatshop in india to get translated. It'll get done in the cubicle adjacent to another doing captchas for the bot-hearders, cheaply, quickly, and 100% effectively.

--
I work for the Department of Redundancy Department.

Re:Woosh!!!! by cbiltcliffe · 2013-06-22 11:45 · Score: 2

Al of /. completely missed his joke. Man, you guy are pathetic.

I know /. readership has dropped over the past few years, but I think you might be exaggerating just a little bit, here.....

--
"City hall" in German is "Rathaus" Kinda explains a few things......

Slightly clever, but only a little by cpghost · 2013-06-22 11:55 · Score: 1

I guess, it is meant to be something like reverse-steganography: the characters would be openly readable by humans, but would map 1:1 to a permutation of the codes. What I mean: suppose that what looks like "M" on the screen has the ASCII Code for "A", then the NSA scanners would read "A" and obtain a slightly unparseable text.

Of course, NSA could still apply basic kindergarten 101 cryptanalysis (e.g. by selecting characters according to their frequency and mapping them to EATOINSHRDLU...), but that would be more work. A simple grep(1) won't be enough and, more importantly, couldn't be done on current massively parallel silicone chips: they'd have to be reprogrammed. Sure, just a bump in the road for NSA, but it's a way to show dissent.

--
cpghost at Cordula's Web.

Awesome way to get on NSA watchlist. by csumpi · 2013-06-22 11:56 · Score: 1

That is to use anti-NSA measures for communication.

On a side note, even just trying to read the example on the website gave me a headache. And I bet an OCR could read it much much faster than me.

So... by Hartree · 2013-06-22 12:04 · Score: 1

If I use this for all my writing will it make me as k3wL as if I used 1337 speak?

Wrong level by gman003 · 2013-06-22 12:27 · Score: 1

Many have already pointed out that making an unreadable font would really only protect against physical letters (as in, mail, not email) being read, or perhaps text being distributed through raster images. After all, 0x446561746820746F20416D6572696361 means the same thing, whether it's displayed in Helvetica, Times Roman or this new font.

We have measures that are better against machine interception (such as encryption), but those still have one flaw - they're obviously hiding something, and apparently "having something to hide" is now a crime in and of itself. There are steganographic techniques to hide one message inside another, but as soon as they become commonplace, they too will be scanned for.

What we need is something machines cannot adapt to. We need language. Come up with a system of code phrases that can easily be confused for inane, "safe" chatter. Either they don't scan for it, or grabbing it gets too much, and any actual messages get hidden within the noise. Make it so that only a human could reliably determine whether it's an actual "terrorist" message, or if it's a regular email.

For extra protection, base it off a somewhat-obscure set of jargon, so that even the average person wouldn't find anything suspicious about it.

Re:Wrong level by camperdave · 2013-06-22 13:59 · Score: 1

Many have already pointed out that making an unreadable font would really only protect against physical letters (as in, mail, not email) being read, or perhaps text being distributed through raster images.
That's exactly what he's trying to do. He's trying to make an un-OCR-able font. Of course, that will only last until the OCR software is trained against his font, but hey! It'll be good for a week.

--
When our name is on the back of your car, we're behind you all the way!

What a long way to fall by Anonymous Coward · 2013-06-22 12:38 · Score: 1

The fact that this post made it onto slashdot's page is proof that it has jumped the shark. A "crypto-proof font" is like "crypto-proof salad dressing". It's absurd on its face, and it actually made it to full article status on /. Alas and adieu.

Alternative: Don't send, just compute data by Anonymous Coward · 2013-06-22 12:45 · Score: 3, Interesting

If the NSA and other snoops capture and record data that is sent and just store it for subsequent analysis when the need arises, a better approach to foiling them would be to not actually send data at all, but only to compute data live at each end.

Computing the data of a communication can be done in countless ways, from timing the intervals between items of data sent (where the data is either garbage or readable misdirection), to encoding it in IP addresses used, applying mathematical functions to the live stream, or any of a million other wierd approaches that a suitably inebriated brain could dream up. This diversity is a strength.

Note that this is not cryptography, it's denial of cryptographic analysis at a later date because essential reassembly parameters are available only at the time of transmission, not later. All it would do is prevent dumb data gathering and storage by the mass dragnet from providing data that is meaningful at a later time.

Needless to say, you could use it in conjunction with cryptography too if you wanted to ensure that, should they actually be monitoring you live and capturing a whole pile of possible reassembly parameters, then they'd still need to break the real crypto as well. But if they're doing that to you then you're probably in deep trouble already and you shouldn't be online reading Slashdot.

Where it can help is by being a thorn in the side of the mass data collectors, and so helping the great mass of public communication remain private despite subsequent analysis by the spooks. To combat it, they would not be able to just blindly collect traffic for posterity, because it would be meaningless.

It's not an original idea, but perhaps after the PRISM revelations it's time to revive some old ones.

Re:Alternative: Don't send, just compute data by mhajicek · 2013-06-22 16:00 · Score: 1

Interesting. But do they record all the metadata on what's snagged when and how?
Re:Alternative: Don't send, just compute data by eab530 · 2013-06-22 22:11 · Score: 1

Seems like what you're describing is a network based on side channels, which is an idea some colleagues of mine and I have been looking at recently. One other idea is the constant-bitrate darknet, where nodes continually send out data and only some of it consists of real packets, which are encrypted. Luckily, decent ciphers produce output which is supposed to be indistinguishable from noise, and this constant bitrate precludes traffic analysis.

Re:do the homework by Georules · 2013-06-22 13:06 · Score: 1

The inventor is more concerned with a political statement rather than use. Unfortunately, he's convinced himself that it has some use because it tricked some OCR program he downloaded.

Re:huh? by crutchy · 2013-06-22 13:31 · Score: 1

SCO probably thinks just because they use wingdings to correspond with their lawyers that the Linux kernel must be violating their copyright because actual source code to them just looks the same as wingdings to everyone else

April fools in June? by Anonymous Coward · 2013-06-22 13:53 · Score: 1

This is the dumbest article I have ever read.

...sorry, just had to get that out.

Re:do the homework by techno-vampire · 2013-06-22 14:34 · Score: 1

That is how hieroglyphs were decrypted.

No, that's not how heiroglyphs were translated, although that's an important tool in breaking substitution cyphers. Heiroglyphic (and Demotic) scripts were translated using the Rosetta Stone, which is inscribed with a decree in heiroglyphs, demotic and greek, although none of the versions are complete.

--
Good, inexpensive web hosting

Bad title. Font breakable and author know it by manu0601 · 2013-06-22 14:49 · Score: 1

This is a bad title. The font is of course breakable, and author tells about it in TFA::

Sang has no illusions that even a clever cryptographic font—which you can use in email messages to shield them from snoops and font-recognition bots—will remain encoded for long. They're not meant to be long-term tools with which to combat the NSA. Rather, he views them as an awareness-raising measure.

"This project will not fully solve the problems we are facing now," he writes, " but hopefully will raise some peculiar questions."

Bad title, font breakable and author know it by manu0601 · 2013-06-22 14:52 · Score: 1

Slashdot title is bad. Of course the font is breakable, and the author even acknowledges it in TFA:

Sang has no illusions that even a clever cryptographic font—which you can use in email messages to shield them from snoops and font-recognition bots—will remain encoded for long. They're not meant to be long-term tools with which to combat the NSA. Rather, he views them as an awareness-raising measure.

"This project will not fully solve the problems we are facing now," he writes, " but hopefully will raise some peculiar questions."

Fundamental flaw by DaMattster · 2013-06-22 15:03 · Score: 1

I have to give the creator credits for a relatively creative scheme but there is a fundamental flaw. Ultimately, based on the availability of the font, NSA can just forensically evaluate which key strokes create which characters and work backwards from there. There is no privacy guarantee. This could only work well if the font were dynamic and shifted shapes on a random basis. Then you would be more closely approximating cryptography.

an obvious joke... by zerro · 2013-06-22 15:34 · Score: 1

because Sang Mun == anagram for "Man Guns"

Re:hand writing by rossdee · 2013-06-22 15:57 · Score: 2

Even better, a Doctors hand writing - the NSA will have to hire pharmacists or RN's to read it.

This would be neat... by Eskarel · 2013-06-22 16:39 · Score: 1

if AI scanning were what the government was actually doing.

Use a captcha generator instead... by Kazoo+the+Clown · 2013-06-22 20:26 · Score: 1

It'd be a little better because decent captcha generators won't generate the exact same symbol for a given letter every time specifically to foil OCR programs. But often captcha generators produce outputmthat even humans can't read...

About as secure as rot13 by loufoque · 2013-06-23 00:10 · Score: 1

This is about as secure as rot13

Easier solution by multimediavt · 2013-06-23 03:59 · Score: 1

How can we conceal our fundamental thoughts from artificial intelligences and those who deploy them?

Easy, don't put them on the Internet or computer. You see they have these things called pens and pencils and this other stuff called paper. You want something hidden from electronic surveillance, don't make it electronic.

Because the NSA does screen capture and OCR by petteyg359 · 2013-06-23 05:49 · Score: 1

Right. The NSA is doing screen captures and then using OCR to read your messages, rather than just intercepting the bytes that don't give a fuck what font you're using.

Tits not what I said by fyngyrz · 2013-06-23 07:20 · Score: 1

more importantly, couldn't be done on current massively parallel silicone chips

Where do you get silicone chips? Old breast implants? Do they only function in supporting roles? And by massively parallel, are you saying that anything below a DD won't work? To start up a silicone chip, do you bra-strap it instead of boot-strap it? Are silicone chips the ideal technology to create AI's without feelings?

I would like to learn more about this. How can I subscribe to your newsletter? I can already tell it's worth at least a nipple an issue.

--
I've fallen off your lawn, and I can't get up.

Why Not use this instead?? by dav1dc · 2013-06-23 09:07 · Score: 1

Support your local open source project: http://freecode.com/projects/fuckthensa

from their website:

"FuckTheNSA is a binary-to-text encoding and decoding tool. The encoded data is an ASCII-string, 8 times bigger than the source data, and consists purely of anti-NSA profanity. It encodes any 8-bit byte sequences."

Sooooo much funnier too.

Re:They're from RISD by larsbars · 2013-06-23 12:18 · Score: 1

Lightning Bolt!

Slashdot Mirror

Introducing the NSA-Proof Crypto-Font

169 of 259 comments (clear)