A browser extension called Secretbook allows anyone using Google Chrome to secretly embed a message in a JPEG image uploaded to Facebook. The contents of the 140 character message can only be viewed if you know the corresponding password, according to the program’s creator.
The extension was created by 21-year-old Oxford University computer science student (and former Google intern) Owen Campbell-Moore as part of a school project. Campbell-Moore said the goal of the two-month long project was to demonstrate that JPEG steganography can be performed on social media – a platform where it has previously been impossible.
The student admitted that there are already tools for steganography in JPEGs but they always required the images to be transmitted exactly as they are. When you upload a photo to Facebook, the social networking site automatically recompresses it – rendering the secret message useless.
To get around this, Campbell-Moore replicated Facebook’s recompression algorithm. Now when someone encodes a message into an image, the extension automatically compresses the photo just like Facebook would to preserve the hidden message. The extension is also said to make a lot of minute changes to add redundancy so when Facebook recompresses it, damage to the hidden message is minimal.
Anyone – even a terrorist – could use the extension to share messages with others although the creator warns that it’s not entirely foolproof. He said that someone could write an algorithm to detect manipulated images which may limit Secretbook’s use to hobbyists and researchers.