I don't know where you got the idea that nation states are the only ones who use cryptography. Plenty of activists, along with other non-state actors do so all the time.
We're not talking about users, we're talking about attackers and developers. Why would users have anything to do with our discussion?
Plenty of cryptography is also designed by individuals not in the service of any nation state (as far as we know, anyway). In fact, some argue that such encryption is more trustworthy than encryption developed by nation states themselves.
Developed by academics, but tested by both academics and the government. The testing is the thing that's actually important.
I can't speak for any and all activists. It's really up to them to acquire such expertise or get advice from people who have such expertise.
The point is that the technical expertise is not available. It's not up to them. It's not available. What you suggest they do is not possible.
That said, the problem here is no different from figuring out which encryption to use. So your criticism applies equally to encryption as it does to steganography.
Nope. Get back to me when we get government backed standards and recommendations for anonymity (hint: we have them for crypto).
"We're not talking about users, we're talking about attackers and developers. Why would users have anything to do with our discussion?"
Actually, in the message you responded to, I was specifically talking about users. I've been talking about users of crypto/stego all along!
They're the ones who take virtually all of the risk. The people who write the crypto/stego often aren't even in the same country, and they do their development in countries where crypto/stego are perfectly legal.
So I don't know why you started talking about developers all of a sudden.
However, I thought you might have switched subjects, so I specifically addressed crypto development in my second paragraph.
"Developed by academics, but tested by both academics and the government. The testing is the thing that's actually important."
That testing is only worthwhile if your threat model does not include the government itself, which has a vested interest in breaking all encryption, whether or not it has been "certified" by them.
"The point is that the technical expertise is not available. It's not up to them. It's not available. What you suggest they do is not possible."
How is it not available? There are plenty of people who design and analyze stego. There's your expertise.
"Get back to me when we get government backed standards and recommendations for anonymity (hint: we have them for crypto)."
That testing is only worthwhile if your threat model does not include the government itself, which has a vested interest in breaking all encryption, whether or not it has been "certified" by them.
The government also has a vested intrest that the cryptography used by itself and its citizens be reasonably secure, else industrial espionage and other similar activities become trivial. Note that the NSA approved AES for the protection of Top Secret information. If you want to argue the NSA deliberately let the majority of classified information in the United States be protected by a flawed algorithm you're going to have to provide some proof.
How is it not available? There are plenty of people who design and analyze stego. There's your expertise.
The people that are good at building and designing crypto and stego (Are there any good stego systems? Doubt it.) systems are outside the paygrade of most companies, nevermind activists. The expertise is not available.
--
Your arguments are disconnected from reality and don't really have any particularly notable knowledge of this domain. This conversation has been a net loss, and judging by your average of ~2 karma per comment, other people seem to agree. I'll let you have the last word if you'd like it, but please refrain from wasting so much space in the future.
We're not talking about users, we're talking about attackers and developers. Why would users have anything to do with our discussion?
Plenty of cryptography is also designed by individuals not in the service of any nation state (as far as we know, anyway). In fact, some argue that such encryption is more trustworthy than encryption developed by nation states themselves.
Developed by academics, but tested by both academics and the government. The testing is the thing that's actually important.
I can't speak for any and all activists. It's really up to them to acquire such expertise or get advice from people who have such expertise.
The point is that the technical expertise is not available. It's not up to them. It's not available. What you suggest they do is not possible.
That said, the problem here is no different from figuring out which encryption to use. So your criticism applies equally to encryption as it does to steganography.
Nope. Get back to me when we get government backed standards and recommendations for anonymity (hint: we have them for crypto).