Facebook is a place where you can share pictures of cute animals and fun activities. Now there’s a browser extension that lets you encode those images with secret, hard-to-detect messages. With the extension, anyone — you, your sister, a terrorist — could share messages hidden in JPEG images uploaded to Facebook without the prying eyes of the company, the government or anyone else noticing or figuring out what the messages say. The only way to unlock them is through a password you create.
The goal of this research was to demonstrate that JPEG steganography can be performed on social media where it has previously been impossible,” Campbell-Moore tells Danger Room. He says he spent about two months spread out over the last year working on the extension as a research project for the university.
The extension is only available for the Google Chrome browser — Campbell-Moore cites its developer tools and popularity — and the messages are restricted to 140 characters. Less certain is what Facebook thinks; a spokesman declined to comment. But it’s still the first time anyone’s managed to figure out how to automate digital steganography — the practice of concealing messages inside computer files — through Facebook, the world’s biggest social media platform. Unlike cryptography, which uses ciphertext to encrypt messages, steganographic messages are simply hidden where no one would think to look.
How to do
1.Go the link secret book chrome store
2.Click add to chrome
Secretbook has to be subtle. It uses Google Chrome’s web extension platform, since Facebook’s in-house apps publicly list their users — which would defeat the purpose of a secrecy tool. Since the extension runs through a web browser without a server connection, the users can’t be detected by network analysis. It’s also hard for Facebook to block or remove permissions, as the extension doesn’t rely on a Facebook API key.
The goal of this research was to demonstrate that JPEG steganography can be performed on social media where it has previously been impossible,” Campbell-Moore tells Danger Room. He says he spent about two months spread out over the last year working on the extension as a research project for the university.
The extension is only available for the Google Chrome browser — Campbell-Moore cites its developer tools and popularity — and the messages are restricted to 140 characters. Less certain is what Facebook thinks; a spokesman declined to comment. But it’s still the first time anyone’s managed to figure out how to automate digital steganography — the practice of concealing messages inside computer files — through Facebook, the world’s biggest social media platform. Unlike cryptography, which uses ciphertext to encrypt messages, steganographic messages are simply hidden where no one would think to look.
How to do
1.Go the link secret book chrome store
2.Click add to chrome
Quickstart
Refresh Facebook. Press ctrl+alt+a while on Facebook to encode a message. Press ctrl+alt+a while looking at a photo to decode a message.
Creating a new secret message
If you've just installed Secretbook then please refresh Facebook before trying to use this extension.
- Securely share a password with the friend you wish to communicate secretly with.
- While on Facebook press ctrl+alt+a to activate the secret system.
- Use the dialogue to create an image. Upload this new image to any album on Facebook or post it on your friend's wall.
- Note that sending secret messages via messaging is not yet implemented
- Attempt to receive the message from the image you just uploaded in case an error occurred!
- Optional: Mention your friend in a comment or the description to ensure they know to check it for a message.
Your friend can now use the password you shared to decode the message.
Receiving a secret message
- While looking at an image on Facebook press ctrl+alt+a to activate the secret system.
- Enter your shared password to receive the secret message.
Secretbook has to be subtle. It uses Google Chrome’s web extension platform, since Facebook’s in-house apps publicly list their users — which would defeat the purpose of a secrecy tool. Since the extension runs through a web browser without a server connection, the users can’t be detected by network analysis. It’s also hard for Facebook to block or remove permissions, as the extension doesn’t rely on a Facebook API key.
0 comments:
Post a Comment