Since I published my article on ZWC [1] I've been scanning different parts of the net for their use after hearing about their use in Eve Online.
I've found them being used for quite some time, even here on HN. I think spammers are using them to get around spam filters because the context that they're using them for doesn't usually seem like they've been inadvertently fingerprinted. It seems like they're sending the same message over and over again on things like hiring threads for HN. I wish I had more time to dig into it, but there are too many more important things going on right now.
The manual page mentions that the program has a command that will calculate the "approximate storage capacity of a file", but doesn't really say what that would be. I'm guessing that would turn out to be the limiting factor here—it seems like you'd either need a really long text file, or a really short encrypted message to be able to use this method reliably.
I'd guess the idea would be to pass around a copy of Hamlet, the Odyssey, Canterbury Tales, KJV Bible[1], or a similar public domain lengthy and popular work that would, in itself, draw no attention to itself.
For me, the reason I always hesitated to use widespread encryption ahead of mainstream adoption was that standing out as an oddity seemed to pose a greater threat than taking no extraordinary efforts. That is, if I engaged in behavior similar to someone with good reason to hide then I might become a target for scrutiny. My "opsec" wouldn't have been effective for anything beyond casual scrutiny, so my security efforts would have been demonstrably counter-productive[1]. At least that was my logic. A couple examples: as soon as full disk encryption started shipping with Windows, I used it. When choosing between SMS, Hangouts, and iMessage, I'd choose iMessage.
Not saying my logic was sound, but feel confident that it contains at least a degree of truth.
[1] Sort of an all-or-nothing choice. Taking some steps arguably makes you a higher profile requiring consistent security measures taken at every turn.
> I'd guess the idea would be to pass around a copy of <snip>
Diffing your copy of Hamlet.txt against a clean copy would reveal the pattern of spaces (ie, the cyphertext), so the security by obscurity (if any) would be easily defeated.
First, let me say that encoding bits in whitespace is to Steganography what ROT13 is to Cryptography. Neither has a chance of success against any non-incompetent attacker, but they serve well as simple proofs of concept.
Second, you assume there's one canonical Hamlet.txt to compare against (which there's, if Alice was dumb enough to pick whatever is the first available option in Guthenberg.org as her cover message). For a more sophisticated attack, you must consider how many different editions, reprints, etc, have there been of that work over the centuries. For each of those, you must consider how many possible digitalizations can be obtained for different brands and configurations of scanners.
Then, there's the issue that you must do all of this for every large message that Internet users send to each other...
Cool in concept, but if you're trying to hide messages in documents that are saved/edited by others, it'll be a crapshoot. Quite a few editors will trim trailing whitespace after saving (Emacs, Vim, and Atom all have the option).
I have just tested it with the following procedure:
- Extract some text from a facebook post.
- Put that text in a file (resulting size 1869 bytes)
- Encode a message of 8 bytes on it. Resulting output file size of 1956 bytes.
- Copy the output to a new FB post.
- Extract the text from the new FB post.
- Found that FB removes all added whitespace and the size of the copied text is exactly the initial one: 1869 bytes
Whitespace (as in the SNOW technique) is one of the channels Snowdrop uses to conceal its watermark, but not the only one-- for English text, it also introduces typos, changes punctuation marks, and replaces some words with synonyms.
https://secretsigner.com