‘Secretbook’ Lets You Encode Hidden Messages in Your Facebook Pics

If you’re bored with Facebook, this might be just what you need to spice up your Facebook experience. How would you like to send secret messages to people through the photos you share on Facebook? These are messages that will be hidden in the pixels, and nobody except the person who is supposed to see them will recognize that they’re there. Sounds pretty sneaky, right? Now that is possible with a new Chrome extension called Secretbook.

A browser extension called Secretbook allows anyone using Google Chrome to secretly embed a message in a JPEG image uploaded to Facebook. The contents of the 140 character message can only be viewed if you know the corresponding password, according to the program’s creator.

The extension was created by 21-year-old Oxford University computer science student (and former Google intern) Owen Campbell-Moore as part of a school project. Campbell-Moore said the goal of the two-month long project was to demonstrate that JPEG steganography can be performed on social media – a platform where it has previously been impossible.

What Secretbook looks like after installing it into Google Chrome, loading Facebook and pressing CTRL-ALT-A.

Facebook is a place where you can share pictures of cute animals and fun activities. Now there’s a browser extension that lets you encode those images with secret, hard-to-detect messages.

That’s the idea behind Secretbook, a browser extension released this week by 21-year-old Oxford University computer science student and former Google intern Owen-Campbell Moore. With the extension, anyone — you, your sister, a terrorist — could share messages hidden in JPEG images uploaded to Facebook without the prying eyes of the company, the government or anyone else noticing or figuring out what the messages say. The only way to unlock them is through a password you create.

“The goal of this research was to demonstrate that JPEG steganography can be performed on social media where it has previously been impossible,” Campbell-Moore tells Danger Room. He says he spent about two months spread out over the last year working on the extension as a research project for the university.

The extension is only available for the Google Chrome browser — Campbell-Moore cites its developer tools and popularity — and the messages are restricted to 140 characters. Less certain is what Facebook thinks; a spokesman declined to comment. But it’s still the first time anyone’s managed to figure out how to automate digital steganography — the practice of concealing messages inside computer files — through Facebook, the world’s biggest social media platform. Unlike cryptography, which uses ciphertext to encrypt messages, steganographic messages are simply hidden where no one would think to look.

For an image, that could be a bunch of pixels or electronic 1s and 0s. In Facebook’s case, they can be hidden among the tons of images uploaded to the site daily.

It wasn’t easy developing the extension. “Many tools for steganography in JPEGs have existed in the past although they have always required that the images are transmitted exactly as they are,” Campbell-Moore says.

The image on the right has been encoded with a secret message. Photo: courtesy of Owen Campbell-Moore

This could be a single pixel changed to a different color, and then repeated over several images, spelling out a message — which you can’t see, unless you have the translation key, and know which pixel to look for. But when you upload an image to Facebook, the image is automatically recompressed, which can lower the image quality. If you’ve encoded a secret message in the image, Facebook will garble it. Facebook competitor Google+ doesn’t do this, so you can share encoded messages there without needing an app for it.

So Campbell-Moore replicated Facebook’s recompression algorithm, available in a draft research paper (.pdf). When encoding a message into an image, the extension automatically compresses the image, as Facebook would. Then it makes lots of “very slight” changes to add redundancy. “This minimizes the amount of change it will undergo when they do recompress it, keeping the damage to the secret message low,” he says.

“Conceptually, imagine storing the message ten times, each in different sections of the photo before it is uploaded and recompressed,” Campbell-Moore adds. “The algorithm can then piece the original message back together correctly, despite each copy stored in the image being slightly damaged.”

Secretbook has to be subtle. It uses Google Chrome’s web extension platform, since Facebook’s in-house apps publicly list their users — which would defeat the purpose of a secrecy tool. Since the extension runs through a web browser without a server connection, the users can’t be detected by network analysis. It’s also hard for Facebook to block or remove permissions, as the extension doesn’t rely on a Facebook API key.

Steganography tools can benefit terrorists as much as they can protect privacy. Campbell-Moore believes steganography certainly can be used by terrorists in a general sense — but terrorists may avoid his method as it’s not entirely foolproof. Since the images contain a large number of changes, someone looking for them could conceivably write an algorithm that tracks down manipulated images. That could limit the extension to “hobbyists and researchers,” he says, rather than militants, or maybe not.

“A researcher could certainly build a simple system for detecting which images have secret messages hidden in them although they would first require access to all 300+ million photos being uploaded to Facebook every day,” Campbell-Moore says. “Which I suspect even the NSA doesn’t currently have, and performing detection on that scale would be very difficult.”

Another problem he encountered: correcting his algorithms so they don’t inadvertently cause changes to the plain areas of some images — which can make the encoded messages easier to detect. Think of a picture of a dog running through grass beneath a cloudless sky. Much better to encode the message in the grass and fur, where there’s a lot of complexity, than a much less complex sky.

Campbell-Moore claims to have solved this, after theorizing that difficulties sorting out the complex regions of an image from the less-complex was a major obstacle for why social media steganographic tools hadn’t come out sooner. If he’s right, get those puppy close-ups ready. There are messages to conceal within them.

I found this at unspyWiki!


start [BuddhaCode!]

Send money to a randum bitcoin address that starts wtih 107HKR
and you are helping fund the open source, open money revolution

In reality, you are doing two things: 1) giving money back to
Bitcoin early adopters… and

and mining for digital gold while hacking the greedy system.

<–! “…this text is hidden from human view the same way that the…” –> <–! “…that the Buddha code is hidden from artifical intelligence” –> <–! “…help others protect themselvs from government spy programs —> <–! “to write code only human beings can de CYPHER ————> <–! “Learn to…. HACK t h e B u d d H a C o D e ————<

What is the difference between privacy and secrecy?

When something is private, you don’t mind if others know it’s there,
as long as they don’t have access to it. For example, other people know
you have a credit card number, but as long as they don’t know what it is,
they can’t use it.

Bitcoin is turns this pricacy mode on it’s head.
After Edward Snowden was nominated for the Noble Peace Prise
the world was suffering from the knowledge of GOD watching them.
THis false god doesn’t live in the human pschyee, rather is the
the Artifisal Intelligence created by serve-vah-lence State

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s