← Back to context

Comment by __MatrixMan__

1 day ago

Joining a private space that's set up for steganography, or facilitating such a space either by self hosting or by logging in somewhere as an administrator, is sort of at odds with the nothing-to-see-here approach that steganography takes. An adversary that has compromised one message can then use whatever metadata is intrinsic to that space to suss out which other plaintexts might contain a secret, and which other humans might be exchanging secrets in that place.

The ideal hiding space would be visible to the public, and indistinguishable from a mountain of other material that's visible to the public--especially if they don't have to log in to see it. That way if a message is found, the search for co-conspirators doesn't narrow at all.

In that case I think you may be out of luck as most platform change the images. Sometimes they just remove exif data but some compress or optimize in their view the images. In that case maybe find a public site that allows archive files.