Thanks to a new Chrome extension, Internet users can now encode secret messages straight into photos that they upload to Facebook. The user can encode any message they want, such as a cute love note, or the combination which opens a safe. While the process of encoding information into an image, called steganography, has been around for decades, using it wasn’t possible on Facebook until this new tool came out.
The browser extension is called “Secretbook” and is available for Google’s Chrome browser. The secret message is encoded under bits of data designed to cover it up, which makes it very difficult for someone looking at a picture to see if it has a secret message in it.
Inserting hidden numbers and letters in a picture has been done in the past by software, printers or copiers which insert watermarks that are very difficult to see with the naked eye. Even though it is possible to hide messages in a digital file, a problem occurs when these images get converted to a different format or resized. The hidden message gets disrupted in the process and therefore becomes impossible to read. This is what happens on Facebook, due to the fact that as soon as a user uploads an image, it is automatically processed by the social networking site.
The browser extension was created by Owen Campbell-Moore, who works as a software developer at Oxford University. He created this extension as a way of proving that despite what Facebook does to process uploaded images, it is still possible to insert hidden messages in them.
He figured out a way to make digital steganography work on the social networking site by trying to duplicate the way Facebook applies image compression to any picture uploaded by a user. As his extension compresses the images in a way that is very similar to what Facebook does, there are very few changes which are actually made during the upload process. The hidden message gets inserted into the image several times, which means that even if each instance of the encoded message has been damaged, it can still be put back together by comparing each copy.
As the message is encrypted, even examining the actual data contained in the image file will yield nothing useful. Only someone who has the proper cypher key can decode the message quickly by using the extension.
When asked by journalists about Secretbook, Facebook declined to give any comments, but nonetheless stated that the use of the browser extension is not much different from other encryption tools already available. As accessing the secret message embedded in a picture requires not only to have Secretbook installed, but to also enter the correct cypher key, the only people that will have access to the content of the message are the sender and the intended recipient. As hundreds of millions of images get posted to Facebook every single day, it is highly unlikely that they would start scrutinizing each and every upload to see if it contains encoded data.