The goal of this research was to demonstrate that JPEG steganography can be performed on social media where it has previously been impossible,” Campbell-Moore tells Danger Room. He says he spent about two months spread out over the last year working on the extension as a research project for the university.
The extension is only available for the Google Chrome browser — Campbell-Moore cites its developer tools and popularity — and the messages are restricted to 140 characters. Less certain is what Facebook thinks; a spokesman declined to comment. But it’s still the first time anyone’s managed to figure out how to automate digital steganography — the practice of concealing messages inside computer files — through Facebook, the world’s biggest social media platform. Unlike cryptography, which uses ciphertext to encrypt messages, steganographic messages are simply hidden where no one would think to look.
How to do
1.Go the link secret book chrome store
2.Click add to chrome
Creating a new secret message
- Securely share a password with the friend you wish to communicate secretly with.
- While on Facebook press ctrl+alt+a to activate the secret system.
- Use the dialogue to create an image. Upload this new image to any album on Facebook or post it on your friend's wall.
- Note that sending secret messages via messaging is not yet implemented
- Attempt to receive the message from the image you just uploaded in case an error occurred!
- Optional: Mention your friend in a comment or the description to ensure they know to check it for a message.
Receiving a secret message
- While looking at an image on Facebook press ctrl+alt+a to activate the secret system.
- Enter your shared password to receive the secret message.
Secretbook has to be subtle. It uses Google Chrome’s web extension platform, since Facebook’s in-house apps publicly list their users — which would defeat the purpose of a secrecy tool. Since the extension runs through a web browser without a server connection, the users can’t be detected by network analysis. It’s also hard for Facebook to block or remove permissions, as the extension doesn’t rely on a Facebook API key.