← Back to context

Comment by Fredkin

2 days ago

Maybe a dumb question, but what's to stop people from communicating e2e encrypted over totally insecure channels using steganography techniques?

You don't need a special app to do this, or maybe you just need a companion app that you type your message into and it gives you the thing you just paste into whatever messaging app / social media you use. The steganography makes it hard for the operator to determine that you're "abusing" the service by not transmitting your message in the clear so they can read it.

1) Alice uses steganography to embed her public key in an otherwise innocent or mundane looking image e.g their profile picture.

2) Bob uses the public key to encrypt a short message to send her.

3) Bob embeds the encrypted message in his own mundane looking image (could generate these from a pool of images or on the fly using stable diffusion)

4) Bob sends the image to Alice.

5) Alice recovers the encrypted message and decrypts using her private key.

(Could also use the process to do key encapsulation too, instead of using the raw key pair)

Getting the criminals is not the point here, mass control is. How many of your friends do this now? The criminals might do it, but why, when they can just meet in person and talk there, without a digital recording of what they talk?

Combine the 'age verification' (show your ID when you register) with this (we can read what you type), add some AI (to profile the people), and you have all the info you'd ever want on anyone anywhere.

  • Any evidence what so ever for the "mass control" claim?

    I do not want E2E comms broken, but these posts on hackernews always bring out such outlandish claims.

    You can't be applying the "mass control" claim for the attempts at stopping the spread of CSAM? So can you point to any evidence of wide spread "mass control" with Chat Control 1.0?

    • Because it's control of what we send and it's done en-masse.

      I was born in a communist country (with red stars, a communist party and a dictator), and even back then, the government requiring post office workers to read (and photocopy) our mail would seem absurd, but now, somehow it's ok, because "it's on the internet". And yes, CSAM could be sent via normal mail too.

      Same for every repressive thing... if you went to a bar, and had to show your id, have it logged, and someone would write down when you came, who you sat with and how long you've talked, that would seem absurd even then... but now, since "it's on the internet", storing metadata is somehow ok.

      Stop protecting the governments, if they wanted to stop pedos, they have the whole epstein list, and they don't care about it.

Well when it comes to ending encrypted traffic, I would assume if they can’t read your traffic you will be in violation and the police will show up at your door to kindly imprison you for a few years

  • If they can't distinguish traffic containing hidden encrypted messages from humdrum non-encrypted traffic then they'd have to ban the whole thing for everyone.

Mass adoption. Two IT guys can communicate completely secure with udp packets via SSH tunnel, but it doesn't scale to family and non-techy friends.

> or on the fly using stable diffusion

Steganography fundamentally requires you to be able to know where the data is, which requires you to have the original image to compare against. The only other strategy I'm aware of is setting known pixel positions to exact data, which is very easy for basic tools to spot and decode. Or to add the data to non-visual data blocks if the image format supports those, which is also quite easy to spot.