← Back to context

Comment by necovek

14 days ago

Democracies around the world are increasingly looking to surveil and expose private data of their citizens, and introducing laws where simple act of defiance will become criminal.

I believe we should increasingly turn to steganography as a way to ensure our privacy (obviously, combined with encryption). Something that provides simple plausible deniability but lots of data to use as a carrying medium should become the default selection (like "personal videos" — a great use for our phone cameras to build an extensive collection), so even if "identified" as potential carrier for the data, it would be impossible to convict someone over it.

I can imagine a scheme where your secret passphrase defines what bits of data in a video to use to carry actual data and yet avoid changing the output too much. Obviously, coming with a non-reversible algorithm that takes into account different lossy video encoding schemes is non-trivial, though I am sure there is some (plenty?) prior art to build off of.

12 comments

necovek

Reply
TheDong  14 days ago

Clever technological tricks are not the solution to political problems.

"Plausible deniability" is cute, but in practice, who cares?

> impossible to convict someone over it.

Yeah, sure, tell me how well that works for you. "Your honor, the data is mathematically indistinguishable from random bytes so you can't convict me" -> "The witness saw you type in a password to view data from that image, give us the password or you're going to prison. Even if you don't give us the passphrase, the police officer says you might be using something called 'steganography', and that's already enough to convict you"

The court and legal system does not care about clever logical tricks or cryptographic tricks or any of that.

  • necovek  14 days ago

    When you've been observed doing something (esp with evidence), "plausible deniability" falls through.

    But when you haven't (eg. if you had your data that way in an Apple Cloud, and Apple was required to provide blanket access to everything), nobody can come and claim you've got there anything other than videos.

    Obviously, a sufficiently motivated actor won't be stopped (see torture), but your data is not out in the open.

  • tsumnia  14 days ago

    Obligatory XKCD: https://xkcd.com/538/

    • necovek  14 days ago

      As I responded in a sibling comment, that is true when you are being targeted: for blanket surveillance of innocent citizens, it will work wonders.

      The problem with just doing encryption is that it can be made illegal and it's obvious when you are using it with a cloud platform. The same is true for steganography (you can make it illegal), but someone would have to know you are using it to apply the same tactic.

      1 reply →

tokinonagare  14 days ago

> Democracies around the world are increasingly looking to surveil and expose private data of their citizens, and introducing laws where simple act of defiance will become criminal.

Not only that, but also trying to ban platforms that don't follow their censorship guidelines (TikTok in the US, X under scrutiny in UE) and even voiding elections when the result is not good (Romania) under very slim technology-related pretense (somehow a few ads are deemed enough to cancel an election, but 24/7 oriented news from every established newspapers in another country like France is totally OK). It's becoming harder and harder to believe in said democracy when the methods are all but looking like the ones used in non-democracies.

  • tremon  14 days ago

    voiding elections when the result is not good (Romania)

    Downvoting for this claim. Stop spreading misinformation.

    1) it wasn't the government voiding the election, it was the courts

    2) it wasn't because they disagreed with the results, it was because an existing law was broken (undisclosed campaign financing)

    • wqaatwt  14 days ago

      Also because the candidate who won the first round and was almost guaranteed to win (not the nut job TikTok guy who came second) didn’t belong to any of the major parties. So the government wasn’t particularly excited about that…

    • rolisz  14 days ago

      2) why wasn't the person/party that broke the law penalized then? PNL was found to have paid for the TikTok ads for Georgescu. Did they get even a slap on the wrist?

marcosdumay  14 days ago

> Democracies around the world are increasingly looking to surveil and expose private data of their citizens, and introducing laws where simple act of defiance will become criminal.

Yes. Democracies around the world are increasingly stopping being democracies.

rollcat  14 days ago

> Something that provides simple plausible deniability but lots of data to use as a carrying medium should become the default selection (like "personal videos" — a great use for our phone cameras to build an extensive collection) [...]

No. I want all of my data end-to-end encrypted. In transit, at rest, everywhere and at all times. Privacy is a human right. Security of their citizens is what these governments vowed to protect. If they can't, these governments should be changed.

  • necovek  11 days ago

    What I am suggesting is embedding encrypted data in innocent-looking files using steganography to avoid it being obvious you are using encryption in the first place.

    This protects you even if we — as citizens — fail to stop governments from going rogue and forbidding encryption (some of us remember US export controls on strong encryption that was only lifted 2 decades or so ago).