|> From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] |> Sent: Monday, September 17, 2001 11:27 PM |> |> On Mon, 17 Sep 2001 22:36:53 PDT, Roeland Meyer said: |> > So, Bruce Schneier, when posing that problem, must have |> had his imagination |> > disengaged. There is more than adequate cover story for |> passing huge JPGs |> > around. |> |> No, he actually had his brain engaged. His point was that |> if you're trying |> to use steganography to move data around under the nose of a |> government that's |> actively trying to catch you at something, you can't just |> start sending |> files around, because that would set off traffic pattern |> analysis warnings. |> |> http://www.counterpane.com/crypto-gram-9810.html#steganograph |> y for the whole story. Yes, and neither of you have yet been to www.ofoto.com have you? One of my clients is yet another photo sharing site. In two years, customer photos took up over 3 TeraBytes worth of RAID space. Snapshots are 1) original content, 2) very large, 3) numerous as hell, 4) not porn, and 5) there are LOTS of innocent people doing it. Also, when folks upload photos, they don't do just one. They do half a roll, or more, so you don't have to embed a message in every one of them. In addition, one could encrypt the message prior to embedding it. Since it is original content there is no other picture to compare it to, in order to detect alteration. No one else has access to the original, but you. You can further, destroy all non-steg enhanced originals. For a news site that publishes original content, the arguments are the same. What are you going to compare the photos to? It's the original that's been "doctored". If you have support of the local government, there are no "Secret Police" issues, and your "photos" get sent to every web-browser that takes a peek. If you don't keep visit logs then no one knows who has seen the pretty pictures and decoded their content. After having read the article (thanks), I think that Bruce was being improperly dismissive. He applied special case arguments (a specific context) to the general case. The cutter had a dull knife that day ... it happens. The true operational model is quite different from the one that Bruce envisioned in his argument. This is a more complete reason why I suggested that we all start observing the proscription lists, from US State. A site like www.lybia.com or www.taliban.com, operated with such intention, and hosted in a US colo facility, and fed through an SSH tunnel, can otherwise operate with impunity. We would never even know otherwise. We have no such "Secret Police" and I'd really rather not have them. KGB was sufficient trouble in the USSR. We don't need FBI thinking/acting like them. CALEA is bad enough, thank you. Understandibly, I have personal reasons for wanting to see that photo sharing sites remain unmolested and none of the ones, I have mentioned here, are on my client list. Yes, there are counter-measure that those sites could take. They aren't taking them right now. Equally, there are ways around those counter-measures. 'nuff said.