New Service Converts Torrents Into PNG Images 297
Posted
by
Soulskill
from the pretty-useful-pictures dept.
from the pretty-useful-pictures dept.
jamie points out that a new web service, hid.im, will encode a torrent into a PNG image file, allowing it to be shared easily through forums or image hosting sites. Quoting TorrentFreak:
"We have to admit that the usefulness of the service escaped us when we first discovered the project. So, we contacted Michael Nutt, one of the people running the project to find out what it's all about. 'It is an attempt to make torrents more resilient,' Michael told [us]. 'The difference is that you no longer need an indexing site to host your torrent file. Many forums will allow uploading images but not other types of files.' Hiding a torrent file inside an image is easy enough. Just select a torrent file stored on your local hard drive and Hid.im will take care the rest. The only limit to the service is that the size of the torrent file cannot exceed 250KB. ... People on the receiving end can decode the images and get the original .torrent file through a Firefox extension or bookmarklet. The code is entirely open source and Michael Nutt told us that they are hoping for people to contribute to it by creating additional decoders supported by other browsers."
What? (Score:5, Insightful)
No "steganography" tag yet?
Slashdot, I'm disappointed in you. :P
Still limited (Score:5, Insightful)
Hosting a bunch of images doesn't do any good unless you have a text (or at least searchable) description of what you're downloading. Without context, warehoused information is useless. And these PNG files are just different representations of the same quasi-legal information (that is, they're still colored bits [sooke.bc.ca].
Just make sure your image hosting site... (Score:5, Insightful)
doesn't re-scale or tag your uploaded images first!
Might Not Be a Problem (Score:2, Insightful)
What's the point? (Score:3, Insightful)
If you're trying to post torrents into a web board that won't let you, wouldn't it be easier to encode the torrent to ASCII somehow? Say, MIME or yEnc? I mean, you want people to find the .torrent, so there's no point in hiding it with steganography.
Re:wait wait wait... (Score:4, Insightful)
All "The Man" needs to do is modify the image. Which is rather common practice anyways.
1. Insuring images are scaled properly.
2. Reconverted so the images will fit in the Database.
3. Insure you just have the image not a hack.
4. lossy compression to save storage space.
Re:Might Not Be a Problem (Score:1, Insightful)
Re:What? (Score:4, Insightful)
It's not steganography. It's an explicit PNG encoding of a torrent file. It's not a PNG of a kitten with a torrent hidden within so a casual viewer wouldn't realise.
Re:wait wait wait... (Score:3, Insightful)
Here we go with another technological arms race. How many image hosting sites will run the converter on all uploaded images and automatically reject those that contain an embedded file? Or just remove the steg and retain the basic image...
So the next step will be some sort of keyed steg, with the keys distributed on some sort of centralised webserver.... oh no, actually that might break. But luckily keys are quite small and can be widely distributed as long as the image sites don't get a hold of them. It's going to be an interesting few years...
Re:Won't work well (Score:5, Insightful)
All sites hosting images will just be required to filter for those images which have torrents inside (it shouldn't be hard, just try to decode the torrent, and if you succeed, reject the image).
Which just makes for an arms race, and one where the pirates can be more reactive than the authorities. Create new encoding methods, encode into different formats (MP3, JPEG, HTML, whatever).
Why not just use slashdot instead? (Score:5, Insightful)
It won't work as intended but not for the reason you say. Regardless of whether it's steganongrphyically encoded or not, this is just amtter of detectability to the eye.
let's work through the logic:
If a firefox plugin and retreive the torrent then so can any image hosting site. all reputable ones will decline to host those images. the torrents might be legal ones, but the image hosting sites will not see it valuable to their bussiness model to offer a service which might be hosting links to tainted goods.
if the encoding is done is some way that while a firefox plugin can easily recover a code that represents a torrent but you can't tell from the code if it is a torrent (without say actually trying it out) then you will have to have some other signifier that the image contains a valid torrent and the identity of what the torrent contains (so you can search for what you want). ANd again the image sites will decline to host those.
so you might as well just post hex encoded torrents and their plain language desciptions right to slashdot in the comments or in your journal. Anyone can then use slashdot's search feature or for that matter google with a site:slashdot.org search term to find them.
so it seems like this has no value as a means of hosting torrents.
Now it does have two uses one legitimate and one not. it could be just a conveinet way to pass around a torrent assoiciated with an image all in one handy container (kind of like a bussiness card printed on a mini-cd). nd it could be a way for someone to establish plausible deniability that they were posting a torrent. e.g. a blog post deploring the loss of revenue for Metalica with a picture of the band's latest almbum that happens to hide a torrent for that albumn. ("oh the irony, I just grabbed that image off google images and little did I know that particular one held a torrent. wink wink")
Re:Won't work well (Score:3, Insightful)
Which is totally inconvenient for user that has to keep up with it... *AA wins with every step of arms race because users need to adapt.
Andre regardless of images, there is more trouble: But they still need channel to share those files with public ... and to organize them and allow searching ... or you end up with closed communities of people who share them between themselves and network with other similar communities, which hinders casual torrent downloading.
Which basically means *AA gets what they wanted. Hordes are cut off or have harder time downloading.
Idea is not to force people out of sharing, but make it inconvenient enough to stop being more useful than going out and cashing money for originals.
Not really steganography... (Score:4, Insightful)
Steganography hides data in an innocuous-looking "carrier" signal; e.g., a photo from your vacation; it's about hiding in plain sight. These images are not pictures of anything, and very obviously represent just a bunch of bits shoved into an image. It's the difference between a spy sending the message "So, I hear the Yankees won the other day" to communicate "assassinate the prime minister" to his partner, and sending the message "ENCRYPTED: XLAIHOIUHLEGDHGDLHSLKJHDGS" to his partner. The former avoids suspicion; the latter arouses it.
Better would be to just shove the torrents into some "reserved" or "metadata" portion of the image format, say somewhere in the header, or after the last byte of the image data (or similar; I'm not super familiar with the implementation details of these formats).
!steganography (Score:4, Insightful)
This must be a different use of "hiding" that I'm aware of, which apparently means 'make it blatantly obvious that this image is encoding something'. The point of steganography is that the image doesn't appear to have any hidden data in it.
So I suppose there might be some use for this, but it's not about to fool any hosting provider that dislikes torrents.
Forums can use it too (Score:3, Insightful)
Why can't a forum owner scan all uploaded images for torrents using the same technology?
Re:Good for small torrents maybe, but... (Score:3, Insightful)
Re:Still limited (Score:3, Insightful)
Most people prefer to keep things that way.
Re:4chan banned similiar images (Score:1, Insightful)
In cmd: (assuming pic.jpeg and file.rar in the current working directory, otherwise specify path)
copy /b pic.jpeg + file.rar output.jpeg
where pic.jpeg is your source pic, file.rar is the .rar file you create in which your 'hidden' files are, and output.jpeg will be a .jpeg file, which when executed will open in your picture manager, but when opened with WinRAR, will reveal the contents of the .rar file you added.
copy /? in cmd says that the /b flag is for indicating a binary file, so I guess it doesn't mess up the extension headers when you combine files. I haven't gotten around to finding a bash equivalent.
Re:What's the point? (Score:3, Insightful)
If the public can find it, so can the middleman. What am I missing?
Re:Why not just use slashdot instead? (Score:3, Insightful)
This is probably what uuencode is for.
Doesn't matter if software can detect THIS version (Score:2, Insightful)
Yes, it's detectable. But I think a lot of site maintainers have better things to do, than continuously work on the image-that's-not-used-as-an-image format du jour. If an image file decodes as an image file, then as a programmer I am done worrying about it, except for maybe secondary things, like "does the width cause it to fuck up the layout so that it needs rescaling?" It doesn't take much to sneak this by me. And that's not technical incompetence (flame me for my real mistakes (there are lot) but not this); it's just that blocking images based on possible meanings of their pixels, isn't something worth spending infinite time on.
Programmers are not going to play whack-a-mole. Turn this into whack-a-mole, and you've beaten me. I whitelist image files that behave like image files. I am not going to maintain (i.e. spend recurring time on) a blacklist.
At that point, maybe a human moderator might decide, "This image makes no sense," and see it as spam or something, and delete it. But that person isn't someone who keeps up with all the latest tech fluff and isn't going to know it's a torrent. The software could know it's a torrent and explain it to the moderator, but like I said, I'm not going to bother, because once I set down that road, it's a continuous job to keep up, and that's time I could spend doing real work instead.
If the hosting site doesn't have human moderators that are looking at the images and saying, "I don't get it, this was a discussion thread about lawnmowers, why did some user post a comment containing a picture of random colorful snow?" then it's not going to get blocked.