Security through obscurity: How to cover your tracks online

From Tor to steganography, these six techniques will help obscure the data and traces you leave online

The most common solutions involve changing some small part of the file in a way it won't be noticed. A single bit of a message, for instance, can be hidden in a single pixel by arranging the parity of the red and green components. If they're both even or both odd, then the pixel carries the message of 0. If one is even and one is odd, then it's a 1. To be more concrete, imagine a pixel with red, green and blue values of 128, 129, and 255. The red value is even, but the green value is odd, meaning the pixel is carrying the message of 1.

A short, one-bit message can be hidden by taking a file, agreeing upon a pixel, and making a small change in either the red or green value so that the pixel carries the right message. A one-bit change will be tiny and almost certainly not visible to the human, but a computer algorithm looking in the right place will be able to find it.

Paul Revere needed to send only one bit, but you may need to send more. If this technique is repeated long enough, any amount of data can be hidden. An image with 12 megapixels can store a message with 12Mb, or 1.5MB, without changing any pixel by more than one unit of red or green. Judicious use of compression can improve this dramatically. A large message like this article can be snuck into the corners of an average photo floating around the Internet.

Tweaking pixels is just one of the ways that messages can be inserted in different locations. There are dozens of methods to apply this approach -- for example, replacing words with synonyms or artfully inserting slight typographical mistakes into an article. Is that a misspelling or a secret message? All rely on inserting small, unnoticeable changes.

Steganography is not perfect or guaranteed to avoid detection. While the subtle changes to values like the red and green component may not be visible to the naked eye, clever algorithms can sometimes find the message. A number of statistical approaches can flag files with hidden messages by looking for patterns left behind by sloppy changes. The glare off of glass or chrome in a picture is usually stuffed with pixels filled with the maximum amount of red, green, and blue. If a significant number of these are just one unit less than the maximum, there's a good chance that a steganographic algorithm made changes.

These detection algorithms also have limits, and there are a number of sophisticated approaches for making the hidden messages harder to find. The scientists working on detection are playing a cat-and-mouse game with the scientists looking for better ways to hide the data.

For anyone seeking more on this, my book "Disappearing Cryptography" explores various solutions in depth, and my iPad App How to Hide Online provides interactive illustrations for trying the algorithms.

Related articles

This story, "Security through obscurity: How to cover your tracks online," was originally published at InfoWorld.com. Follow the latest developments in security at InfoWorld.com. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Read more about security in InfoWorld's Security Channel.

This story, "Security through obscurity: How to cover your tracks online" was originally published by InfoWorld.

| 1 2 Page 6
ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon