Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Peekabooty, Camera/Shy Released

Posted by michael on Sun Jul 14, 2002 09:19 AM
from the carnivore-go-home dept.
Censorship
An anonymous (how appropriate) writer sends "Peek-a-Booty, a program designed to circumvent mechanisms (such as China's Great Firewall) limiting access to websites, has been open-sourced. It's listed as a "Beta" on SourceForge, but the Peek-a-booty website seems to encourage people to start using it." And Doug writes "PC World reports about a new tool to encrypt text with a click of the mouse and bury the text in an image. After posting an embedded image on a Web site, someone can notify intended recipients by e-mail with code words such as 'Go to this URL to see pictures from my birthday party.'"
+ -
unknown
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Peekabooty, Camera/Shy Released 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • What a shame (Score:1, Insightful)

    by Spazzz (577014)
    It's shame that software like this is even necessary, but with the way things are going, we'll soon need this software here in the good ol' US of A as well.
    • Isn't half of sourceforge beta products that work pretty well? I am running alot of stuff from CVS that's not even beta, but nightly builds...
      Just a thought

  • Birthday pics? (Score:5, Funny)

    by ocbwilg (259828) on Sunday July 14 2002, @09:25AM (#3881315)
    After posting an embedded image on a Web site, someone can notify intended recipients by e-mail with code words such as 'Go to this URL to see pictures from my birthday party.'"

    This product must have already been released since I've been getting emails like that for months now. "I just turned 18! Click here for hot pictures from my 18th birthday party! You won't believe how wild my barely 18 year old friends and I got that night!"

  • er... (Score:4, Funny)

    by david_g (24196) on Sunday July 14 2002, @09:26AM (#3881319)
    How are the chinese going to circumvent their firewall to be able to get this program that enables them to circumvent their firewall?
    • Since it is only 1.2 MB, it'll fit on a floppy, which would be very easy to slip through if needed, since I doubt they're going to destroy all incoming floppy disks in the mail. Or just disguise it like an AOL CD.

    • Well... (Score:3, Funny)

      by Greyfox (87712)
      Seeing as how they've been merrily spamming us for a while now, we could just return the favor, spamming everyone in china with copies of this program. Worst case, the Chinese government comes up with a solution to the spam problem...

    • As Usual (Score:2, Informative)

      by emkman (467368)
      People didn't actually read the website ...

      Users in countries where the Internet is censored do not necessarily need to install any software. They merely need to make a simple change to their Internet settings so that their access to the World Wide Web is mediated by the Peekabooty network.

    • Re:er... (Score:2, Informative)

      by paulbaranowski (592862)
      If someone sent you the IP address of a Peekabooty node (or any other proxy) to you, you could proxy through it to download Peekabooty for yourself. One of the main jobs of Peekabooty is to constantly find you new proxies to route through so that you dont have to constantly be getting IP addresses of proxies via email. So the bootstrap process requires a little manual labor, but after that it should require no intervention on your part.

  • That explains it! (Score:3, Funny)

    by MxTxL (307166) <mlutter AT gmail DOT com> on Sunday July 14 2002, @09:27AM (#3881325)
    I guess all those x10 ads were just a bunch of Chinese dissidents passing messages ICQ style.

  • Free sites already foil this, IIRC (Score:4, Informative)

    by wirefarm (18470) <jim@mmd[ ]et ['c.n' in gap]> on Sunday July 14 2002, @09:30AM (#3881332) Homepage
    Long ago, I tried hosting the images for a site on Geocities or Tripod or somewhere and the HTML page on my laptop and Ricochet modem. Worked OK, but I noticed one side effect that would seem to be relevant - these sites were re-compressing the images.
    If you take a jpeg and encode some data steganographically and later the compression is changed, wouldn't that effectively remove the steganographic information? (Correct me if I'm wrong.)

    Now, if I was trying to communicate with terrorists this way, pretty much the only safe way would be to put the 'birthday pics' up on a very popular free site - no way I'd post them anywhere that had my name connected to it.

    I don't know if the compression thing is common, but couldn't something like that be put pretty transparently into "The Great Firewall"?

    Cheers,
    Jim in Tokyo

    • Some of the watermarking vendors claim that their watermarks can survive recompression.

      Watermarks are like steganography in that both involve embedding information in a file that isn't immediately visible or audible.

      Of course watermarks are supposed to be easy to find, which is a big difference. Ideal steganoraphy should be undetectable without a secret key.

      Then there's the question of whether the watermarking vendors are, uh, exaggerating.

      Wide use of stego technology could lead to a brand new kind of censorship. Any secret policeman could claim that any file contained contraband. "Attention all citizens! The file 'Los Angeles Police.mpg. contains encoded attack orders from Osama bin Laden! If you know anyone who has it, denounce them to your neighborhood committee immediately!"
      • They're not exaggerating. Watermarking can survive [columbia.edu] printing and scanning in addition to many manipulations. I know I tried it once just to see -- it's a weird feeling to put a watermark in something, save it as a jpeg, print it out, wrinkle up the paper, recan it, and still be able to get the watermark out of it. I don't know about steganography, but if the process is similar your information should survive.
    • FWIW, free sites do this because they're being abused. There are Japanese warez groups that upload fake JPGs and GIFs, with valid headers, that contain nothing but warez. They have some custom program that assembles the pictures and uncompresses them. I've yet to see the actual program, but I've seen the massive amounts of bandwidth this sort of thing costs.

      Really, in a case I know about, warez ends up being about 30% of a "free hosting" site's traffic. (With naked kiddies taking up the rest of the majority).

  • Am I missing something? (Score:5, Interesting)

    by FreeLinux (555387) on Sunday July 14 2002, @09:35AM (#3881349)
    From the description at the Peek-a-Booty site it seems to me that it is nothing more than open proxies running SSL. While I understand their stated goals, the whole project seems redundant.

    First, the project assumes that the governments are using a NOT list. This is a big assumtion. I would think that control freaks like the Chinese government would more likely use an ALLOW list. A small list of governmet sanctioned sites. This would, of course, negate Peek-A-Booty.

    If the government is in fact, using a NOT list, there are already countless open proxies continually popping up all over the place. This makes me think that the whole project is redundant.
    • Allow list would probably be way too much work, you mean people would just sit there visiting and decides whether these pages are gonna be allowed or not?

      I always thought if you want information bad enough, you can just sign up for an ISP account offshore, sure long distance is gonna cost you, but then again, you can see access all the information you want.

    • Re:Am I missing something? (Score:5, Insightful)

      by helarno (34086) on Sunday July 14 2002, @11:24AM (#3881663) Homepage
      Last time I checked, they used a NOT list and it was a very small list. For mainstream use, you could pretty much access anything you wanted with the exception of a couple of news sites like CNN and sometimes, NYT. The blocking was erratic though ... some months the sites were reachable, other days, they were perfectly fine. Of course, I'm sure a few dissident sites are blocked, but since I don't view those on a daily basis, I wouldn't know.

      But it's really a non-issue. Even 4 years ago, all the internet cafes I visited by default went through a proxy that pretty much allowed you to view whatever you wanted. Knowledge of how to circumvent the blocks were very common among the younger audience. I'm sure it's even more prevalent today. For China, at least, this project isn't really relevant.
      • I want to reemphasize the point made in the parent: "For China, at least, this project isn't really relevant." The "hactivist" crowd has never been any good at doing their homework, and this is just the latest example.

        The Chinese government DOESN'T EVEN BLOCK THE GOOGLE CACHE. Any site that's blocked, you just look it up in Google, and hit the "cached" link. They did block Google, once, for about a week, until popular outrage made them give it up.

        That should give you an idea of just how "terrified" they are by the so-called threat the Internet poses to their hold on power. What they're really afraid of are the tens of millions of affluent, educated, urban Internet users rising up in revolt if their favorite toy gets taken away from them.

        That, and the hundreds of millions of undereducated, underemployed peasants and factory workers who don't have a future, and barely enough to eat, much less Internet access.

    • Their implementation of their current firewall is very loosely implemented as it is up to each carrier in each city to do the blocking. They are currently rolling out a much improved system that will enable them to completely control and/or replace content, as referenced by several stories on slashdot. The attractive thing about SSL proxies is that they either allow SSL or deny it completely - making this arrangement very attractive. Of course, there's nothing that will prevent them from declaring this product illegal, which, unlike the US has serious ramifications if you're found violating a state security law. Additionally, they could just deny all traffic that doesn't run through their proxies. China currently mandates that a site must have approval for a site to be hosted in China. It's a small step to require companies to buy an SSL cert from China in order to reach a quarter of the world's market in the coming years. Bottom line - it will be a constantly evolving war between the freedom seekers and the freedom takers.
    • From the peekabooty FAQ:

      Do you think that your efforts to create Peekabooty will cause censoring countries to change their filtering policy from 'default-allow' to 'default-deny', that is, instead of blocking 'bad' sites it will instead only allow 'good' ones?

      This is very similar thinking as to what happened prior to WWII. The good guys let Germany invade its neighbors because they didn't want something REALLY bad to happen. If an evil madman tells you that you have to choose which of two people he is going to kill, it is still the madman's fault that someone is dead no matter which one you choose. If a government switches over to an allow-only system, this helps the cause even further. What we want is an end to censorship. The only way that is going to happen is that the government stops censoring its own people. The people have to make that happen. Not only is censorship possible, but total 1984-style control and monitoring is possible, and China in particular is heading in that direction as fast as it can. One of the benefits of Peekabooty is that it is bringing awareness to thousands of people around the world about the issues.

      In any event, a country has to overcome some major obstacles to switch to an allow-only system: 1) It's a lot of work with a lot of administration headaches (there are way more good web sites than bad ones), 2) the 'allow' list is bigger than a 'deny' list, which puts more strain on hardware that already cannot handle the load, 3) economic reasons (the cash doesn't flow if the commercial web sites are blocked), and 4) it will cause unrest.

      • 5) Sites which are considered 'good' can be quickly changed to be actually 'bad'. In other words, if you allow "pink fuzzy bunny's home page [uga.edu]", after spending 6 months making sure it's not got any bad content and none of the images appear to contain messages, then the next day the owner can upload a picture of fuzzy bunny with a secret message.

  • Snake Oil (Score:5, Informative)

    by cperciva (102828) on Sunday July 14 2002, @09:44AM (#3881361) Homepage
    This "steganography tool" is no more than snake oil.

    Rather than using a more advanced method of steganography, this tool packs data into the least significant bits of the image. Simple, easy, and incredibly obvious. This is to steganography what ROT13 is to encryption -- if you use it for anything important, people will laugh at you.

    In fact, this is the worst kind of snake oil, because it is not only ineffective, but also dangerous. The administrators of the Great Firewall Of China (for example) could very easily detect files encoded with this software; using it would then be akin to waving a red flag and shouting "hey, I'm doing something I don't want you to know about". Bad steganography is worse than no steganography, because it highlights the fact that you're trying to hide something.

    • Re:Snake Oil (Score:2, Insightful)

      by phaxkolumbo (572192)
      This might sound like a stupid question (but then again I'm no steganography expert), but how exactly is packing the data in LSB's obvious?

      Doesn't that become obvious only after the inclusion of headers and such? I mean that the distribution of 1's and 0's in an image should be pretty much the same, regardless of any hidden data.

      The article is pretty light on technical details, so no answers from there.
        • Why would this necessarily reduce the number of colors in the picture? Wouldn't that depend on the data stream you are encoding into the picture? I mean if you decide to put each consequtive 2 bits of your data stream into the last two bits of each byte, then number of different colors would depend on the percentages of the 4 different combinations of two bits. All you have to do then is massage your data stream to be sufficiently random. Any good compression scheme should do that.
    • there are many tools which allow you to hide things in images. there is already "Steganotools" (i forget the website) and programs like "Camoflage" that hide files inside of other files, or append them on the end as junk.

      if you really want secrecy, you can move to things like "DriveCrypt", which makes containers you can mount as new drives. but these containers have no header, and being compressed and encrypted, it's impossible to distinguish them from purely random data unless you know the strong passphrase.

      the idea of hiding data in the LSB of pictures (or mp3's for that matter) is old. just better hope that no one else has a copy of the original file! if you choose specific pictures where the LSB is statistically random enough, there is nothing that says you can't hide data there securely. the simplest way for short messages is to run MD5 (or some other hash) on your passphrase, and XOR the resulting digest on your message to produce your cyphertext. then just replace the LSB's in your image file.

      just make sure you replace all your LSB's or else an attacker can detect that there is something hidden.

      the only thing new about this particular tool is that it uses a browser plugin to decrypt the picture by double clicking on it. that sounds insecure to me.

      drivecrypt lets you install the program entirely on removable media, so you don't have strange stego tools installed on your computer when the Red Police come busting down your door...

      just my $.02.

      muerte

  • This stuff needed in USA (Score:4, Insightful)

    by WCMI92 (592436) on Sunday July 14 2002, @10:12AM (#3881436) Homepage
    I can see a growing need for this kind of thing in the USA, as we allow the Megacorp cartels like the RIAA/MPAA to chop off and "firewall" so to speak, the individual.

    Remember the Napster trial? The infamous statement by a RIAA honcho "We will firewall them at their PC"? And then go read the story just below this one where AOLTW's RoadRunner is port blocking Kazaa.

    I find it very interesting phinisophically, that the net result of "Big Government (Communist)" and "Big Business (Capitalist)", when left unrestrained by civil law that is supposed to protect and affirm the rights of the individual, produce the SAME RESULTS!

    In the communist system, as China is, the governmment IS the corporation. It makes up "laws" as it goes along, always to benefit those in power. In the USA, we've allowed corporations to achieve similar results by the fact that our Congress and Presidents are passing and signing laws WRITTEN BY THEM, as the DMCA and CBDTPA are.

    Unfortunately for the tyrants, both governmental and corporate, there are a lot of Thomas Paine's in the world, and they tend to be creative people. Hence this program that lets you circumvent firewalls.
      • "Why do we claim to be an enlightened nation, yet actively trade with China? They need us much more than we need them."

        Two reasons:

        1. The extreme on the left in this country, the ones who's religion is government, LIKE China and wish the USA were more like it...

        2. The megacorporations, who's religion is cheap labor.

        Yet another stunning example that the extreme right and extreme left produce the SAME results, ultimately.

        BTW, I don't necessarily agree that Communism is extreme Republicanism, I think socialism/communism are left wing totalitarianism. Right wing totalitarianism would be something more akin to what exists in the middle eastern Islamic fundamentalist states.

        Much as I am devoted to my religion (Christianity), I DO NOT want priests running the country, if you catch my drift.

        But they both produce similar results, an oppressed people whom have no individual rights or choices.

        "One of the slogans for communism is that with everyone equal, there is no slavery and no discrimination. If you look at it, all but those in the high levels of government are slaves. If you look at it, all but those in the high levels of government are discriminated against."

        Communism is state slavery. Where there is no individual liberty, nor right of private property, the State owns everything, and therefore, everybody. Should it surprise anyone that in EVERY so called "egalitarian" system, which Marxist-Lenninism-Maoism purports to be, that some (the few elites) are "more equal than equal".

        Our own system is the same way, looking at the easy access the rich have to legislation, but has the virtue of not having YET opressed the average individual to the extreme of a communist state.

        YET being the operative word. Legislatively, we are headed there. Rapidly. Not at the behest of government, but at the behest of the CORPORATIONS...

        I see things like Peakabooty as 21st century civil disobedience. Sooner or later, a rebellion of the individual against the collective WILL happen, or else we will become nothing more than uniformed drones in the collective.
  • Camouflage [camouflagesoftware.com] can hide any file(eg mp3) inside any other file like a picture or a word document. The created file will look and act normal but might be a little big.

  • I propose a new form of steganography (Score:3, Interesting)

    by phaxkolumbo (572192) <phaxkolumbo&gmail,com> on Sunday July 14 2002, @10:22AM (#3881470)
    How about putting hidden messages in spam? Nobody bothers with those anymore, anyway.

    Here's an example:
    ***SNORING KEEPING YOU FROM A GOOD NIGHT SLEEP ?***
    tHIs proDuct has been featureD on national tv.doEs sNoring keep you up at night?
    tired of having to sleep in separate rooMs bEcauSe of Snoring?
    just tired of being tired becAuse of someone's snorinG?
    tired of hEaring how your snoring kept someone up all night?
    There is a safe, natural solution to your snoring problem...

    And so on...

    The steganographic schema could be a bit more advanced in the production version, but i think the basic idea is good enuff for a start.
  • Peek-a-booty seems to be simply reinventing the Crowds project [att.com]. Why?
    • Perhaps because the crowds software hasn't been updated since 1998, the server in the default configuration refuses connections and there's no support or development mailing lists nor public cvs. Crowds is "only" 3301 lines of Perl, entirely feasible to reimplement if they disagreed with some crowds design decision, didn't want the Perl dependency, or simply wanted to write it themselves. If crowds had a significant user base they should've thought about implementing its protocol, but it doesn't seem to. Perhaps someone should fork crowds and put it on sourceforge (after pinging the original authors).
  • I am confirming that the GFOC (Great Firewall of China) do not block the Peekabooty websites..... YET
    Not that I really need this - I don't do anything that I need to hide from the Chinese government, Sure they block my access to Geocities and BBC but I don't see that as a bad thing.
    - HeXa

  • Picture encryption (Score:2, Informative)

    by fylloxera (592613)
    For Mac OS X Pict encrypt for free ......download at www.pariahware.com. It's a easy program, and requires no geeks. Hides text messages in gif and jpegs.

  • As usual... everyone is missing the point. (Score:3, Interesting)

    by GuNgA-DiN (17556) on Sunday July 14 2002, @03:37PM (#3882588)
    Sure the Peekabooty website talks about free speech in China, blah, blah, blah.... Everyone here is arguing about whether the Chinese will block Peekabooty and whether it will be an effective tool for freedom of speech. But, the REAL point of this software isn't to help the Chinese -- it's to help us poor saps in the Good Ole US of A! Think about it: since 9/11 our Government has gotten more and more oppressive. They have taken away freedoms that we used to take for granted. But, if the developers of Peekabooty came right out and said: "this is used to circumvent the assholes in Homeland Security" they would get a visit from the NSA/FBI/CIA etc.. They picked an oppressive regime (like China) to talk about this tool. But, substitute the letters USA for CHINA and you will begin to see the truth.

    Another nice benefit of this tool will be the developement of secure, anonymous P2P networks. Look at all the shit in the news lately about how ISP's are cutting off KaZaa. And, how Ranger Online [rangerinc.com] is tracking down Gnutella users. The RIAA/MPAA Gestapo is out to get us and take us down. New tools like Peekabooty and FreeNet will help to insure that these organizations will never, EVER shut down the free-flow of information on the Net. Peekabooty is a dagger that is aimed right at the heart of corporate America! It says: "You think you can take over the Net? Ha! Fuck you and the horse you rode in on!". This just proves to them that we can always defeat them with technology regardless of how much money they have!

  • is being released soon, according to Wired [wired.com]. It will be interesting to see how this works in conjunction with Peek-a-booty.
    • It's now available to the masses and very easy to use. This means that almost anyone can make use of it, and not have to know very much about it.

    • Re:uh yeah (Score:1, Funny)

      by Anonymous Coward
      With new AOL Steganographer 8.0, embedding hidden text in images has never been easier! "All my friends and family use AOL Steganographer!" Now you can, too!

    • Re:hmm (Score:2, Insightful)

      by Anonymous Coward
      >uhm yeah, make it easy for the terrorists...

      Cars make it pretty easy for terrorists to build a car bomb. Ryder trucks make it pretty easy for terrorists to fill one with ANFO. Should we stop making cars? Should we stop renting trucks? Buses make good targets for suicide bombers. Should our metropolitan areas stop offering bus service?

      I don't mean to pick on you personally, but I'm getting damn tired of the argument that we shouldn't do this or that because it might make something easier for a terrorist. Just because there are assholes in the world doesn't mean there aren't people with legitimate uses for new technology.

    • Re:hmm (Score:2, Funny)

      by 2g3-598hX (586789)
      No, don't worry. Echelon is going to start downloading images from the internet now. Ha..the NSA is gonna end up with the biggest pr0n collection in the world...now, people, don't take that as a challenge.

    • Re:excuse (Score:2, Funny)

      by GigsVT (208848)
      What if goatse.cx has been used for passing stego messages all along? I mean why else would some guy put up a random sick picture on a domain, and people would constantly post links to it.

      I bet there is a secret code in anonymous Slashdot posts that set off notification to pick up the newest version of gap.jpg off of goatse.cx.

      For example:

      Dirty Gnu Hippie: The plan is ready, go get new instructions.

      BSD is dying: Abort mission, pick up new instructions from hick.org.

      Alan Thicke: Mission sucessful, drinks in safe house tonight

      After all, who is going to run checksums on something silly like the goatse guy? :)
    • People are posting nodes at the discussion site [peek-a-booty.org]. Peekabooty apparantly needs some kind of gnutella style peer discovery or peer reflectors. Of course, those would then become blocked...

    • Re:Great... (Score:3, Insightful)

      by geekd (14774)
      Lets write some more utilities so that drug runners and crazies can send undetectible messages to eachother with great ease.

      What's the difference between criminals and "legitimate" political dissidents? To the governments of the world, nothing.

      I'm sure King George thought Washington and Jefferson were "crazies".

      I'm sure the British government thought Ghandi was a criminal. They put him in jail several times.

      The price of a truly free country is that "drug runners and crazies can send undetectible messages to eachother with great ease". This has to be so that future Ghandis and Mandellas can do so also.

      Or we can just shut everybody up. Yeah, lets do that. Let's start with you.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.