Slashdot Mirror

← Back to Stories (view on slashdot.org)

Introducing the NSA-Proof Crypto-Font

Posted by Soulskill on from the for-days-when-reading-words-seems-too-easy dept.

Daniel_Stuckey writes "At a moment when governments and corporations alike are hellbent on snooping through your personal digital messages, it'd sure be nice if there was a font their dragnets couldn't decipher. So Sang Mun built one. Sang, a recent graduate from the Rhode Island Schoold of Design, has unleashed ZXX — a 'disruptive typeface' that he says is much more difficult to the NSA and friends to decrypt. He's made it free to download on his website, too. 'The project started with a genuine question: How can we conceal our fundamental thoughts from artificial intelligences and those who deploy them?' he writes. 'I decided to create a typeface that would be unreadable by text scanning software (whether used by a government agency or a lone hacker) — misdirecting information or sometimes not giving any at all. It can be applied to huge amounts of data, or to personal correspondence.' He named it after the Library of Congress's labeling code ZXX, which archivists employ when they find a book that contains 'no linguistic content.'"

12 of 259 comments (clear)

  1. Easy to crack? by doomtiki · · Score: 5, Informative

    Given that this seems to be just a simple font, why would it be hard to write an OCR program to decipher specifically this font (or any other supposedly secure font)? Perhaps a program that dynamically obfuscated text like a CAPTCHA would be more useful. This appears to be more of an artistic statement than something useful.

    1. Re:Easy to crack? by Baloroth · · Score: 5, Informative

      It isn't any more difficult to crack. Moreover, the absolute only way it would introduce any difficulty at all is if the NSA is scanning images of text. You can bet 95% or more of the data they intercept is already in digital form. The computer already knows what letters are what, so this will help precisely not at all, unless you start sending your emails in image formats, in which case, which is... yeah, not exactly a good plan. Just use encryption if it needs to be secure. This doesn't do anything.

      --
      "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    2. Re:Easy to crack? by Slugster · · Score: 5, Funny

      That is because you are like stupid.

      This would be totally rad to make signs with the next time hipsters wear the V masks and have one of those "Occupy Mall Street" things again.

    3. Re:Easy to crack? by dgatwood · · Score: 5, Interesting

      Depends on the steganography method used, and on how many images are sent using that method. If you're a spook and you see somebody suddenly sending lots of images to someone else, you might grow suspicious, at which point you'll start performing analysis to see if there are patterns emerging across the entire set of images, such as certain pixels that are always higher than the adjacent pixels by a certain amount. Granted, such patterns can just as easily be caused by sensor flaws, but some fairly primitive steganography techniques could be detectable in this way.

      Second, because subpixel noise in cameras isn't random—it tends to obey a gaussian distribution, and thermal noise can vary considerably from frame to frame depending on the length of the exposure—when spread over a large enough number of sequential or nearly sequential photos taken by the same camera, the steganography might be detectable by using a model of the predicted levels of noise that the image sensor should produce for a shot of a given duration and the elapsed time since the previous shot. This won't tell you what is embedded in the image, but if you're lucky, it might tell you that with a high probability, something is embedded. Depending on the circumstances, that might be enough to get a warrant. Then again, it could just be Digimarc.

      Finally, there's the question of the randomness of the source material (or, more to the point, the lack thereof). If the base image is at the native sensor resolution of the camera, the nature of the image sensors themselves could potentially be exploited to detect some types of steganography. In a real-world image sensor (except for Foveon sensors), there's no such thing as a pixel; there are only subpixels that produce a value for a single color. The camera must combine these values (a process called "demosaicing") to compute the color for a pixel in the final image. Because the subpixels that make up a pixel are not physically on top of one another, the camera typically computes the estimated value for the color at a given physical point on the sensor by combining adjacent subpixel values in differing percentages. For example, if the green subpixel is chosen as the "center" of the pixel and the red subpixel is to the left and the blue is above, it might mix a bit of the red from the "pixel" to its right and a bit of the blue from the "pixel" below it. (This explanation is overly simplistic, but you get the basic idea.)

      Unfortunately for steganographers, the way that particular cameras construct a pixel value from adjacent subpixel values is predictable and well understood. If a steganographic technique does not take that into consideration, it is highly likely that, given knowledge of the camera and its particular mixing algorithm, the steganographic data can be detected simply by determining whether there is any plausible set of subpixel values that could result in the final computed pixel values for the entire image. For that matter, given that most of the algorithms for subpixel blending are straightforward, even without knowledge of the particular camera, it is highly likely that steganography can be detected, because portions of the image that contain no hidden data will likely only be producible by a single algorithm, and portions of the image that contain hidden data likely will not be.

      Those are just a couple of types of analysis off the top of my head that might potentially be used against some types of steganography, given some types of source material, etc. It is entirely possible that there are steganographic techniques that are resistant to these sorts of analysis, and there are likely many other interesting types of analysis that I have not mentioned. I have not kept up with steganographic research personally, so I can't say with any certainty.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

  2. Re:Familiar with image recognition at all? by geoskd · · Score: 5, Funny

    Undecipherable my ass.

    He's from a school of design, give him a little slack for not understanding how computers work...

    --
    I wish I had a good sig, but all the good ones are copyrighted
  3. Re:Familiar with image recognition at all? by GameboyRMH · · Score: 5, Insightful

    I want to know why he thinks the NSA prints out each webpage and email and then runs it through OCR.

    ???

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  4. Re:Familiar with image recognition at all? by paiute · · Score: 5, Funny

    This just in: Slashdot announced that Anonymous Coward's contract would not be renewed for next year.

    --
    If Slashdot were chemistry it would look like this:Cadaverine
  5. Re:Familiar with image recognition at all? by icebike · · Score: 5, Funny

    He's from a school of design, give him a little slack for not understanding how computers work...

    No doubt he uses that font for all his email, having recently switched from comic sans.

    --
    Sig Battery depleted. Reverting to safe mode.
  6. Re:Is this a joke? by fustakrakich · · Score: 5, Funny

    Yes, you get better encryption when you type unicode on Slashdot..

    --
    “He’s not deformed, he’s just drunk!”
  7. Re:Familiar with image recognition at all? by Anonymous Coward · · Score: 5, Funny

    I want to know why he thinks the NSA prints out each webpage and email and then runs it through OCR.

    ???

    This is government we're talking about here. It's a kickback to the paper, printer, and scanner companies who contributed so much to some campaigns during the last election cycle!

  8. Re:Familiar with image recognition at all? by Yvanhoe · · Score: 5, Insightful

    Ok, now you are getting me angry.

    Geeks have been very vocal about wiretapping issues for a LONG time. Does ECHELON ring any bell? Geeks have created institutions like the EFF, tools like Tor, GPG, darknets, bittorrent, bitcoin. It is true that few people use them, and it is true as well that they allow a truly anonymous internet that escapes even NSA surveillance. I refuse that because you are too lazy to get an interest in these free tools you pretend that these problems are met with indifference in the tech community. Reality could not be further from the truth.

    People making most of these tools did this for free. When was the last time you did spend money in order to protect your privacy or anonymity? The market of surveillance is several dozens of billions of dollars yearly. The market of consumer counter-surveillance is almost inexistent. Yet, effective tools that are very easy to use exist. Don't forget to thank the geeks that have known for decades that the NSA was spying on you, found it immoral and spent years working gratis to provide you for free an excellent tool.

    Geeks employed at several levels at ISP do all that they can to keep internet free and neutral. The fact that regular internet is quite free (compared for instance with what you usuall get on your 3G smartphone) is due in large part because geeks in their majority have a strong ethical sense and know the value of openness. Snowden and Assange are geeks, but if you look at the HBGary leaks, you will see that developpers strongly opposed some policies. Whistleblowers about surveillance are almost always geeks involved in the infrastructure. Never legislators, managers, officiers, who know as well the extent of the surveillance.

    --
    The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
  9. Re:Familiar with image recognition at all? by ooooli · · Score: 5, Funny

    Obligatory xkcd: http://xkcd.com/538/