A new tool for the Chrome browser lets users encode messages directly into the photos they put on Facebook — whether it's a love note or the combination to a safe. It's an old-school technique that wasn't possible on the social network until now.
The tool, a Web browser extension called "Secretbook," uses a well-known method of cryptography known as digital steganography. It involves hiding bits of data in larger piles of "cover" data — and there are dozens of ways of doing it.
Hiding letters and numbers in a picture has been done for decades, with copiers, printers, and computer programs adding watermarks imperceptible to the human eye (or at least an untrained one). But the problem with hiding these messages in digital files is that when the files are enlarged, shrunk or converted to another format, the intricate arrangement of hidden bits gets disrupted and the message is unreadable. This happens all the time on Facebook, where your images are processed as soon as you upload them.
Owen Campbell-Moore, a software developer at Oxford University, created the browser extension to show that digital steganography can be made to work even on Facebook.
He worked out how to do it by duplicating as closely as he could the way Facebook compresses images uploaded by users. By doing it the same way, the changes made through the upload process are kept to a minimum. The message is also encoded into the image multiple times, so that even if each copy of the message is damaged, the message can be pieced together by checking one copy against another.
Ideally, the resulting image should be more or less indistinguishable from the original:
And because the message itself is encoded, no amount of fiddling with the image itself will yield anything but perhaps a string of useless characters. The only people who can decode the image are the ones with the cypher key, which will decode the message instantly.
Facebook declined to comment to NBC News about Secretbook, but noted that it's not much different from users applying other forms of cryptography. As for the content, if the only people who can read the secret messages are the sender and receiver, neither seems likely to report it to Facebook for review — and the hundreds of millions of photos being uploaded every day can't all be scrutinized for hidden data.
Devin Coldewey is a contributing writer for NBC News Digital. His personal websiteis coldewey.cc.