← Back to context

Comment by nekusar

1 day ago

The cypherpunks were right. Rights to encryption are only a part of what we need.

The other part is steganography, or hiding real messages within a innocuous anodyne message stream. And encryption can be used in conjunction as part of hiding said messages.

It can be within pictures with the lowest bit values. It can be constructed punctuation and spaces. Lots of things.

But hidden and plausibly deniable messaging is the ONLY way to defeat a government(s) that want to invade every communication aspect for humans.

The trouble with pictures is that when you share them online the platform will likely compress them before serving them to others, spoiling your steganography. I think text-in-text is the way to go. Decrypt that recipe for brownies into the actual message. For example: https://arxiv.org/abs/2510.20075

  • One can host their own private or semi-private forum, chat server, chan board, etc... and choose not to re-encode the images and/or permit .tar .7z .zip archives and so on. Keep the bots away with basic auth to minimize skiddie risk to platform RCE's.

    It's unlikely people can move their friends to their own platform but the best way I have found is to call it a "fall-back" platform for when Discord and others are temporarily offline. Get people used to the idea that is the place to share things they do not want leaked when the big platform 3rd parties expose files. The admin can encrypt the storage and periodically zero out files and zero out empty space for privacy.

    People with slightly higher opsec may choose to block mobile proprietary devices.

    • Joining a private space that's set up for steganography, or facilitating such a space either by self hosting or by logging in somewhere as an administrator, is sort of at odds with the nothing-to-see-here approach that steganography takes. An adversary that has compromised one message can then use whatever metadata is intrinsic to that space to suss out which other plaintexts might contain a secret, and which other humans might be exchanging secrets in that place.

      The ideal hiding space would be visible to the public, and indistinguishable from a mountain of other material that's visible to the public--especially if they don't have to log in to see it. That way if a message is found, the search for co-conspirators doesn't narrow at all.

      2 replies →

What I don't understand is, what kind of legitimate criminal would not use such techniques? Are bank robbers planning things out on iMessage? If so, presumably they won't be criminals for very long. Therefore these types of initiatives only impact the innocent and inept but still active criminals.

  • The purpose of these efforts is not to catch criminals, at least not primarily, it’s to map the spread of “dangerous” ideas and the networks behind them. In other words, to prevent effective political change.

    Found a new problematic meme? Someone leaked a video of you taking a bribe? Someone published a photo of damage from a missile strike? Add it to the database of forbidden media and quickly track down the source.

    • They'll make sure to catch just enough criminals that when you say it's all bullshit some snooty waste of oxygen on HN can say "well akshually" and link you to some cherry picked news story that makes it all look like a good thing because they caught some small time house painter dumping waste paint in the sewer or nabbed someone for selling vapes to teenagers.

  • The past has shown that “legitimate” criminals tend to be more careless and have a poorer technical understanding than you’d think.

    This is not a defense of surveillance, just that your argument doesn’t hold as well as you might believe.

  • Security is the reason given to us since most of us are too trusting or dumb to look any further into it. It becomes clear security isn't what they're doing it for after giving it more than a few minutes of thought