Comments: 297 +- Technology: New Service Converts Torrents Into PNG Images on Wednesday July 15, @08:42AM
Posted
by
Soulskill
on Wednesday July 15, @08:42AM
from the pretty-useful-pictures dept.
from the pretty-useful-pictures dept.
jamie points out that a new web service, hid.im, will encode a torrent into a PNG image file, allowing it to be shared easily through forums or image hosting sites. Quoting TorrentFreak:
"We have to admit that the usefulness of the service escaped us when we first discovered the project. So, we contacted Michael Nutt, one of the people running the project to find out what it's all about. 'It is an attempt to make torrents more resilient,' Michael told [us]. 'The difference is that you no longer need an indexing site to host your torrent file. Many forums will allow uploading images but not other types of files.' Hiding a torrent file inside an image is easy enough. Just select a torrent file stored on your local hard drive and Hid.im will take care the rest. The only limit to the service is that the size of the torrent file cannot exceed 250KB. ... People on the receiving end can decode the images and get the original .torrent file through a Firefox extension or bookmarklet. The code is entirely open source and Michael Nutt told us that they are hoping for people to contribute to it by creating additional decoders supported by other browsers."
The shortest distance between two points is under construction.
-- Noelie Alito
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.
The race is on... (Score:5, Funny)
The.Black.Hole.1979.dvdrip.xvid.torrent -> goatse.png
.
Re: (Score:3, Funny)
The.Black.Hole.1979.dvdrip.xvid.torrent -> goatse.png
goatse.png->The.Black.Hole.1979.dvdrip.xvid.torrent
Well, that explains why in the UK piracy is down [arstechnica.com].
Why not just use slashdot instead? (Score:5, Insightful)
It won't work as intended but not for the reason you say. Regardless of whether it's steganongrphyically encoded or not, this is just amtter of detectability to the eye.
let's work through the logic:
If a firefox plugin and retreive the torrent then so can any image hosting site. all reputable ones will decline to host those images. the torrents might be legal ones, but the image hosting sites will not see it valuable to their bussiness model to offer a service which might be hosting links to tainted goods.
if the encoding is done is some way that while a firefox plugin can easily recover a code that represents a torrent but you can't tell from the code if it is a torrent (without say actually trying it out) then you will have to have some other signifier that the image contains a valid torrent and the identity of what the torrent contains (so you can search for what you want). ANd again the image sites will decline to host those.
so you might as well just post hex encoded torrents and their plain language desciptions right to slashdot in the comments or in your journal. Anyone can then use slashdot's search feature or for that matter google with a site:slashdot.org search term to find them.
so it seems like this has no value as a means of hosting torrents.
Now it does have two uses one legitimate and one not. it could be just a conveinet way to pass around a torrent assoiciated with an image all in one handy container (kind of like a bussiness card printed on a mini-cd). nd it could be a way for someone to establish plausible deniability that they were posting a torrent. e.g. a blog post deploring the loss of revenue for Metalica with a picture of the band's latest almbum that happens to hide a torrent for that albumn. ("oh the irony, I just grabbed that image off google images and little did I know that particular one held a torrent. wink wink")
Parent
Re:Why not just use slashdot instead? (Score:5, Interesting)
Parent is wise. It would be easy for any image hosting site to detect something like this. They would just have to scan it as they receive it. Nobody wins when you just encode it using a simple straightforward and one-time algorithm.
What the authors need to do is provide some sort of key to decoding the torrent file. Instead of creating an entire image of it, they should instead take a standard image, and use some cypher method that would slightly distort the it (blur, stretch, etc.) in some way that would allow recovery of the torrent data. Then it wouldn't be obvious to the naked eye and you could just post the information necessary to decode the information from some other location. But is this worth the effort when torrents are still easy to find? Probably not yet, but in the future it may be.
Parent
Re:Why not just use slashdot instead? (Score:5, Funny)
I take it you've never actually tried to use slashdot's search function.
Parent
Re:Why bother to hide it at all? (Score:5, Funny)
And if the xxAA gets the torrent from the image, they're illegally circumventing a technical protection measure!
Parent
Re: (Score:3, Insightful)
This is probably what uuencode is for.
If I were a congressman, what would I do? (Score:3, Interesting)
Re: (Score:2, Informative)
What? (Score:5, Insightful)
No "steganography" tag yet?
Slashdot, I'm disappointed in you. :P
Re:What? (Score:5, Funny)
It's hidden in their header png.
Parent
Re:What? (Score:4, Insightful)
It's not steganography. It's an explicit PNG encoding of a torrent file. It's not a PNG of a kitten with a torrent hidden within so a casual viewer wouldn't realise.
Parent
Re:What? (Score:5, Informative)
I don't get why they can't just use the old trick of hiding a zip file in an image file. [wikihow.com]
Seems simpler, technology-wise, to me than encoding a torrent file as a PNG image, and all you would have to do to get the torrent file is change the extension on the file. Also seems safer. Unless this trick wouldn't be possible with .torrent files, that is?
Parent
Still limited (Score:5, Insightful)
Hosting a bunch of images doesn't do any good unless you have a text (or at least searchable) description of what you're downloading. Without context, warehoused information is useless. And these PNG files are just different representations of the same quasi-legal information (that is, they're still colored bits [sooke.bc.ca].
Re:Still limited (Score:5, Funny)
Obviously you have never visited 4chan.
Parent
Re: (Score:3, Insightful)
Most people prefer to keep things that way.
Re:Still limited (Score:5, Funny)
Yes, someone should invent a method for posting images on the internet and associating text with them.
Parent
wait wait wait... (Score:5, Funny)
I'm just utterly shocked.
Re:wait wait wait... (Score:4, Insightful)
All "The Man" needs to do is modify the image. Which is rather common practice anyways.
1. Insuring images are scaled properly.
2. Reconverted so the images will fit in the Database.
3. Insure you just have the image not a hack.
4. lossy compression to save storage space.
Parent
Re: (Score:3, Insightful)
Here we go with another technological arms race. How many image hosting sites will run the converter on all uploaded images and automatically reject those that contain an embedded file? Or just remove the steg and retain the basic image...
So the next step will be some sort of keyed steg, with the keys distributed on some sort of centralised webserver.... oh no, actually that might break. But luckily keys are quite small and can be widely distributed as long as the image sites don't get a hold of them. It's
Re: (Score:2)
you mean the pirates are going to continue to beat out "the man" and get away with it?
I believe Mr. Universe [wikipedia.org] expressed those very sentiments.
Re: (Score:3, Funny)
you mean the pirates are going to continue to beat out "the man" and get away with it?
I'm just utterly shocked.
Oh just wait, PNG's won't be around much longer.
Remember folks, when PNG's are outlawed only outlaws will have PNG's.
Just make sure your image hosting site... (Score:5, Insightful)
doesn't re-scale or tag your uploaded images first!
Re: (Score:2)
. . . or automatically convert the image to a .jpg.
Might Not Be a Problem (Score:2, Insightful)
Re: (Score:2)
Hmm, a binary picture like this one [ipernity.com]?
(Just a picture of a wrecked building run through a threshold filter)
Does that mean... (Score:2, Funny)
Why browser plugins? (Score:4, Interesting)
"The code is entirely open source and Michael Nutt told us that they are hoping for people to contribute to it by creating additional decoders supported by other browsers."
Ok, ok, I do understand that a browser plugin adds some convenience, but how about a stand-alone version (native executable, or maybe something like a Java, Python, Perl, or Lisp program [which would be cross-platform]), which I can just run either as a GUI, or even a command line. . .
png2torrent in.png out.torrent
(heck, the original torrent filename might be stored in the png, so you might only need to specify the input file, and optionally an output path/filename if you want to change the name or extract to a different directory).
Maybe a drag-and-drop icon on the desktop - drag the png to the icon, and it automatically creates the torrent on the desktop.
Won't work well (Score:2)
All sites hosting images will just be required to filter for those images which have torrents inside (it shouldn't be hard, just try to decode the torrent, and if you succeed, reject the image). Or alternatively, to implement software which destroys the included torrent before putting the image online.
Re:Won't work well (Score:5, Insightful)
All sites hosting images will just be required to filter for those images which have torrents inside (it shouldn't be hard, just try to decode the torrent, and if you succeed, reject the image).
Which just makes for an arms race, and one where the pirates can be more reactive than the authorities. Create new encoding methods, encode into different formats (MP3, JPEG, HTML, whatever).
Parent
Re: (Score:3, Insightful)
Which is totally inconvenient for user that has to keep up with it... *AA wins with every step of arms race because users need to adapt.
Andre regardless of images, there is more trouble: But they still need channel to share those files with public ... and to organize them and allow searching ... or you end up with closed communities of people who share them between themselves and network with other similar communities, which hinders casual torrent downloading.
Which basically means *AA gets what they wanted
What's the point? (Score:3, Insightful)
If you're trying to post torrents into a web board that won't let you, wouldn't it be easier to encode the torrent to ASCII somehow? Say, MIME or yEnc? I mean, you want people to find the .torrent, so there's no point in hiding it with steganography.
Re:What's the point? (Score:4, Informative)
Say, MIME ...?
I think you mean base64.
As for hiding it, I think that's sort of the point behind this scheme.
Parent
Re: (Score:3, Insightful)
If the public can find it, so can the middleman. What am I missing?
PNGs?! (Score:5, Funny)
OMG, who uses PNG files?! The compression routine is rubbish! I'm going to use this technology, but I'm going to convert the files to JPEG before I upload them. When people see how much smaller the file is that they have to download, they'll quickly move over to my way of thinking.
An example.. (Score:5, Informative)
Re: (Score:3, Funny)
Wow! It's a schooner.
The REAL Da Vinci Code (Score:3, Funny)
4chan banned similiar images (Score:5, Interesting)
Re:4chan banned similiar images (Score:4, Interesting)
Nonsense. You just run it through the exact same torrent-data-extractor process that the end-user would use.
Parent
Why limit it to torrents? (Score:5, Informative)
I built a utility that can be used for the same purpose back in april. http://cosmodro.me/blog/2009/apr/11/smuggle-improved/
It's a small flash movie that can encode files into pngs and decode them back. It's not limited to torrents, so you can encode any file that's less than about 16MB.
Not really steganography... (Score:4, Insightful)
Steganography hides data in an innocuous-looking "carrier" signal; e.g., a photo from your vacation; it's about hiding in plain sight. These images are not pictures of anything, and very obviously represent just a bunch of bits shoved into an image. It's the difference between a spy sending the message "So, I hear the Yankees won the other day" to communicate "assassinate the prime minister" to his partner, and sending the message "ENCRYPTED: XLAIHOIUHLEGDHGDLHSLKJHDGS" to his partner. The former avoids suspicion; the latter arouses it.
Better would be to just shove the torrents into some "reserved" or "metadata" portion of the image format, say somewhere in the header, or after the last byte of the image data (or similar; I'm not super familiar with the implementation details of these formats).
!steganography (Score:4, Insightful)
This must be a different use of "hiding" that I'm aware of, which apparently means 'make it blatantly obvious that this image is encoding something'. The point of steganography is that the image doesn't appear to have any hidden data in it.
So I suppose there might be some use for this, but it's not about to fool any hosting provider that dislikes torrents.
full rounded pr0n (Score:3, Funny)
Forums can use it too (Score:3, Insightful)
Why can't a forum owner scan all uploaded images for torrents using the same technology?
Similar to Spore (Score:4, Interesting)
Re: (Score:3, Interesting)
Re: (Score:3, Informative)
This is for encoding the .torrent file. Not whatever it points to.
For example, I just found a torrent file for Terminator Salvation - 14kB
Re: (Score:3, Insightful)
Re: (Score:3, Informative)
Filename extensions are a form of metadata, and I don't think it sets a good precedent to lie in the metadata for a file. It's bad enough that we have Windows hiding filename extensions from the user, and encouraging people to just double-click on a file to launch the associated app. This just seems like asking for more problems, as people try to double-click on mjthriller.png and it launches - and crashes - IE.
I know, I know... This is Slashdot, nobody reads the article. But could you at least read the summary?
They aren't re-naming a file. They aren't just dropping the .torrent extension and replacing it with .png The resulting file isn't going to run any malicious code or do anything bizzarre.
They're encoding the bits of the .torrent file in a .png image. It actually creates an image. Looks like some kind of abstract/modern art kind of thing... Blocks of bright colors. You could open it with any graphics