upvote
The trouble with pictures is that when you share them online the platform will likely compress them before serving them to others, spoiling your steganography. I think text-in-text is the way to go. Decrypt that recipe for brownies into the actual message. For example: https://arxiv.org/abs/2510.20075
reply
One can host their own private or semi-private forum, chat server, chan board, etc... and choose not to re-encode the images and/or permit .tar .7z .zip archives and so on. Keep the bots away with basic auth to minimize skiddie risk to platform RCE's.

It's unlikely people can move their friends to their own platform but the best way I have found is to call it a "fall-back" platform for when Discord and others are temporarily offline. Get people used to the idea that is the place to share things they do not want leaked when the big platform 3rd parties expose files. The admin can encrypt the storage and periodically zero out files and zero out empty space for privacy.

People with slightly higher opsec may choose to block mobile proprietary devices.

reply
Joining a private space that's set up for steganography, or facilitating such a space either by self hosting or by logging in somewhere as an administrator, is sort of at odds with the nothing-to-see-here approach that steganography takes. An adversary that has compromised one message can then use whatever metadata is intrinsic to that space to suss out which other plaintexts might contain a secret, and which other humans might be exchanging secrets in that place.

The ideal hiding space would be visible to the public, and indistinguishable from a mountain of other material that's visible to the public--especially if they don't have to log in to see it. That way if a message is found, the search for co-conspirators doesn't narrow at all.

reply
In that case I think you may be out of luck as most platform change the images. Sometimes they just remove exif data but some compress or optimize in their view the images. In that case maybe find a public site that allows archive files.
reply
My point is that text is a better medium for this anyhow.
reply
What I don't understand is, what kind of legitimate criminal would not use such techniques? Are bank robbers planning things out on iMessage? If so, presumably they won't be criminals for very long. Therefore these types of initiatives only impact the innocent and inept but still active criminals.
reply
The purpose of these efforts is not to catch criminals, at least not primarily, it’s to map the spread of “dangerous” ideas and the networks behind them. In other words, to prevent effective political change.

Found a new problematic meme? Someone leaked a video of you taking a bribe? Someone published a photo of damage from a missile strike? Add it to the database of forbidden media and quickly track down the source.

reply
They'll make sure to catch just enough criminals that when you say it's all bullshit some snooty waste of oxygen on HN can say "well akshually" and link you to some cherry picked news story that makes it all look like a good thing because they caught some small time house painter dumping waste paint in the sewer or nabbed someone for selling vapes to teenagers.
reply
The past has shown that “legitimate” criminals tend to be more careless and have a poorer technical understanding than you’d think.

This is not a defense of surveillance, just that your argument doesn’t hold as well as you might believe.

reply
Security is the reason given to us since most of us are too trusting or dumb to look any further into it. It becomes clear security isn't what they're doing it for after giving it more than a few minutes of thought
reply
Epstein used Gmail
reply
True!
reply
That's an excellent take.

Unfortunately, verified devices will close that loophole.

reply