Welcome to European Tribune. It's gone a bit quiet around here these days, but it's still going.
Well, no. The point is it's not too difficult to make one-to-one communication invisible, to the point where if you're a spook you have to try to decrypt all traffic and web content on the Internet, without knowing if it's been encrypted, or how.

Not even nation states have that kind of budget. Nowhere close.

Public email and cloud storage are very low hanging fruit in security terms. So far the NSA has been relying on hope and wishful thinking to get its sigint.

But my point is that once you start sending messages through non-standard channels, it doesn't take much effort to become invisible.

And once that happens, your only hope as a spook is to scan and decrypt the entire Internet - because nothing else will do the job.

by ThatBritGuy (thatbritguy (at) googlemail.com) on Thu Aug 15th, 2013 at 10:05:24 AM EST
[ Parent ]
Not if statistical analysis of passing images or video - you just need a sample - throws up that stenography is used. You then get to be a person of interest.

If everyone is using encrypted channels you get lost in the noise. Otherwise you just risk attracting attention.

by Colman (colman at eurotrib.com) on Thu Aug 15th, 2013 at 10:24:03 AM EST
[ Parent ]
That depends how it's done. The companies offering statistical analysis assume you're using an off-the-shelf app. All they do is buy an app, run some tests, and create a profile.

But all that says is that most commercial steganography apps aren't all that good.

In the limit, good steganography is indistinguishable from compression artefacts and random noise. And if the bit rate is low enough and somewhat randomised, it becomes even harder to be confident about getting a clean positive.

There are also things like this.

by ThatBritGuy (thatbritguy (at) googlemail.com) on Sat Aug 17th, 2013 at 10:46:37 PM EST
[ Parent ]


Occasional Series