One interesting idea: make a png compressor that doesn't change the image at all; instead, it encodes the torrent's data in the decisions made by the DEFLATE compressor, so a stenographic image merely looks like it was encoded with a slightly suboptimal DEFLATE implementation.
Simple example: you're coding a match against a previous block and can choose one of two previous blocks to match against. If the bit of the torrent file to be encoded is "0", you use the closer of the two blocks, if it's "1" you use the farther.
All you have to do decoder-side to emulate this is to decode the whole PNG, then go "encode" it again and see what decisions were made in the original PNG file and one by one decode the bits to an output torrent file.
You'd probably need a pretty big PNG file (at least a few hundred kilobytes, if not a meg).
I think a better solution is to adjust the color slightly. You can easily get 3 or 4 bits of encoded data for every pixel in the image. Just take the least significant bit of the red, green and blue colors. You go from 16.7 million to 2 million colors, but that shouldn't be a problem. The human eye cannot see the difference anyway. Only in perfect gradients that kind of difference can maybe be noticed, so then the solution is to pick grainy pictures.
Photos (especially of poorly lit environments) should be perfect. They're very grainy by nature, so it will be especially difficult to trace where the data resides. Because you can hide so much data in the image, you can get very creative with where and how you do the encoding.
So it will be difficult to detect visually, but isn't this rather trivial to find algorithmically? Not that I know much about cryptoanalysis, but it seems to me that this is a very weak form of steganography.
It's reasonably hard to detect if just the least significant bit is random, but if you do the last three significant bits you don't even need an algorithm--you can see the jagged, broken histogram.
How about a filter that takes ordinary images, but turns them into low-light photos? Or just turns them into grainy photos? The grain can then be shifted around for purposes of the encoding.
I was actually thinking about this last night as a means of hiding text or pictures.
I would just round each pixel's R, G, and B values off to either even or odd. Even stands for 0, odd for 1. That gives you three bits per pixel and hopefully would be very hard to detect visually with, for example, a nature photograph.
Then you just encode another image in 8-tone grayscale at the same size. That's what I was after, I haven't done the calculation for how large an image you'd need to encode real files.
Spore actually does this with the PNG files from the "Sporepedia". You can actually import an image of the creature you want from the Sporepedia webpage and the playable 3D creature will appear in the game! http://news.ycombinator.com/item?id=703719
As other posters have mentioned, this is advertising more than it sells. It's merely encoding a torrent in a PNG in an obvious way. The idea that it "can't be searched for" is true only on the assumption that search engines will index on content of a page. Obviously a popular hid.im format will attract search engine specialization.
This is not steganography, it's merely an obscure variant of the .torrent file format.
I believe the claim that hidim is steganography comes from the title of hackernews link. The site itself claims to represent torrents as .png, but not to disguise them.
The claim that this will frustrate search engines is true, in the sense that no one is looking for this format at the moment; obfuscating with an awkward format is a short term dodge.
It seems to me that the likelihood of a real search engine adding special image analysis on crawl, just for this, is vanishingly small.
Not to mention you can also insert these PNGs into other images, too - like sig images, as the page suggests.
People can pick away at it all they want, but the fact remains that it's a huge innovation in distributing torrents without running the risk of coming up in search when Interested Parties google the torrent name. And it works great now for this purpose.
Nothing on this earth is guaranteed to work forever, so that's hardly a damning flaw.
Exactly right. You could just rename a .torrent to .png and you'd essentially have the same thing. Granted, said png wouldn't be viewable, but neither are truly "hidden in plain site" which is what I think of when I hear "hiding data in an image file." To me, that evokes the idea of still having a viewable photograph that doesn't let on that it's hiding data within.
Everyone complaining about the fact that the torrent info is not well hidden and suggesting steganography seems to be missing the point. Stego is not suitable for what is effectively an attempt to broadcast information; if you hide the torrent info too well then the only people who can find it are those who know the key, which is begs the question* of why you don't just create a private tracker. By encoding the info using a well-known scheme you get a bit of security by obscurity, which is probably good enough for most use-cases, while maintaining the useful property of getting the info easily dispersed. Until google images, flickr, and other sites start filtering this info you can create a parasitic tracker just by picking a couple of popular tags and handing out a script that will crawl the sites and decode images to get torrent seeds.
*yes, I know this is the improper vulgar usage of the phrase, sue me.
Just never use BTQ -- 'raises the question' is perfect for your use, and 'is a circular argument' or 'assumes what it purports to prove' both work for the rare times when you actually need to say that.
That's not very well hidden. The PNG file format is a tagged file format, which has several "ancillary chunks" which a torrent file could easily be stuffed into (since torrents are a glorified text format).
There's no need to jam it into the image channel itself and produce this thing that's obviously a hidden message.
Interesting take; it'd be a little bit more interesting if you could supply a source image and steganographically hide the torrent within it, so it didn't look so suspicious..
But this format is so easy to decode, that existing search engines could crawl for such torrents very easily. In order for this to be really useful, there needs to be some steganography involved.
As someone who has actually done this before, it's pretty easy. PNG has R,G,B, and A. So you can effectively get 4 bits per pixel on Least Significant Bit Substitution.
You can fit a lot of data into image, whether plain text or binary, depends solely how you encode the data.
If you use a complex picture its basically impossible to detect visually, even if you enhance the lsb's.
What works pretty well for detection is doing chi square analysis, but even then, if you fill the rest of the bits with random data, that method fall short.
I don't really see how this is an effective means of transferring and/or sending torrents. The .torrent isn't illegal or something to worry about, its downloading the files it points to that "sometimes" is.
I don't understand the point of this. The torrent file is just a tiny stub - you can hide it in any sort of data file. If you want to send the torrent to a few people securely, encrypt and email it. The huge amount of P2P traffic on your network is still going to give you away.
Simple example: you're coding a match against a previous block and can choose one of two previous blocks to match against. If the bit of the torrent file to be encoded is "0", you use the closer of the two blocks, if it's "1" you use the farther.
All you have to do decoder-side to emulate this is to decode the whole PNG, then go "encode" it again and see what decisions were made in the original PNG file and one by one decode the bits to an output torrent file.
You'd probably need a pretty big PNG file (at least a few hundred kilobytes, if not a meg).