There's a much simpler reason why few or no stego'ed messages are present in usenet images: They form an inefficient and unneeded distribution mechanism.
Try taking a peek at the Usenet newsgroup alt.anonymous.messages. Dozens for PGP'd messages a day, from our old friends Secret Squirrel, Nomen Nescio, and Anonymous. Usenet has some very good properties for those wishing to maintain privacy: multiple entry points, including from mail2news gateways, flooding distribution independent of message content, and knowledge of who reads what is restricted to the server from which the news is read (and there are 1000's of news servers, as well as web based systems such as groups.google.com). But you already know this. Posting PGP to aam also avoids the bandwidth bloat imposed by stego, and the extra complication of having to stego and destego images, as well as generate the images used for cover. Why would anyone bother hide tiny messages in ebay images or alt.binaries.erotica.bestiality.hamster when they can just post to aam? Peter Trei > ---------- > From: Niels Provos[SMTP:[EMAIL PROTECTED]] > Sent: Friday, December 28, 2001 4:33 AM > To: Arnold G. Reinhold > Cc: [EMAIL PROTECTED] > Subject: Re: Stegdetect 0.4 released and results from USENET search > available > > In message <v04210101b84eca7963ad@[192.168.0.3]>, "Arnold G. Reinhold" > writes: > >I don't think you can conclude much from the failure of your > >dictionary attack to decrypt any messages. > We are offering various explanations. One of them is that there is no > significant use of steganography. If you read the recent article in > the New York Times [1], you will find claims that "about 0.6 percent > of millions of pictures on auction and pornography sites had hidden > messages." > > >2. The signature graphs you presented for several of the stego > >methods seemed very strong. I wonder if there is more pattern > >recognition possible to determine highly likely candidates. I would > >be interested in seeing what the graphs look like for the putative > >false alarms you found. It also might be interesting to run the > >detection program on a corpus of JPEGs known NOT to contain stego, > >such as a clip art CD. > The following slides contain examples of false-positives > > http://www.citi.umich.edu/u/provos/papers/detecting-csl/mgp00023.html > http://www.citi.umich.edu/u/provos/papers/detecting-csl/mgp00024.html > > In my experience, eliminating false-positives is not quite that easy. > Some graphs look like they should have steganographic content even > though they do not. Any test will have a false-positive rate, the > goal is to keep it very low. > > >3. If you did succeed in decrypting one of Osama Bin Laden's > >missives, wouldn't he have a case against you under DMCA? > Good question. The panel about the DMCA at the USENIX Security > Symposium seemed to indicate that the exceptions built into the DMCA > have no real meaning. In my understanding of the American legal and > judicial system, it is not possible to know what is right or wrong > according to some law until one has been taking to court about it. > > Niels. > > > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to > [EMAIL PROTECTED] > > > > > ============================================================================ ================ This e-mail, its content and any files transmitted with it are intended solely for the addressee(s) and are PRIVILEGED and CONFIDENTIAL. Access by any other party is unauthorized without the express prior written permission of the sender. If you have received this e-mail in error you may not copy, disclose to any third party or use the contents, attachments or information in any way, Please delete all copies of the e-mail and the attachment(s), if any and notify the sender. Thank You. ============================================================================ ================ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
