Blog Post

Software Uses Twitter, Flickr to Let Dissidents Send Secret Messages

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

In an attempt to make it easier for dissidents in countries such as China and North Korea to communicate without fear of government sanctions, researchers at Georgia Tech have developed software that can hide information inside messages posted to Twitter and other social networks, as well as in images that can be uploaded to photo-sharing sites such as Flickr and Picasa. The researchers plan to unveil the program — known as Collage — and a related research paper at the Usenix security conference next month.

Some dissidents in China and other countries communicate using external proxy servers and anonymous-proxy software such as the open-source Tor program. But these require administration of a server, and can be detected and disabled or blocked by governments and security forces. By hiding communications in Twitter messages and images uploaded to photo-sharing sites, the researchers — Sam Burnett, Nick Feamster and Santosh Vempala — say that they hope to get around some of these issues:

Oppressive regimes and even democratic governments restrict Internet access. Existing anti-censorship systems often require users to connect through proxies, but these systems are relatively easy for a censor to discover and block. This project offers a possible next step in the censorship arms race: rather than relying on a single system or set of proxies to circumvent censorship firewalls, we explore whether the vast deployment of sites that host user-generated content can breach these firewalls.

The software is made up of two distinct parts, according to a copy of the paper the research team plans to present at Usenix: there is a “message vector layer” that embeds the content in the Twitter message or photo — what the group calls a “cover traffic” — and a “rendezvous mechanism” that allows various parties to publish and retrieve the embedded messages once they are downloaded from Twitter or Flickr or some other social network. The researchers say their method won’t allow the sending of large files, but will allow the transmission of short text files or other communications.

Ironically, the software uses a data-encryption method called “steganography” to hide text inside images and other files, which is the same process that the Russian spy ring recently broken by U.S. authorities used to pass secret messages and files to each other while they were disguised as American citizens. Collage, which is written in Python, uses an image steganography tool called Outguess, and a text steganography tool called Snow. The program also makes use of web-browser automation software that allows Collage to simulate a user’s behavior in filling out forms, clicking buttons, etc., so that the content can be transmitted.

The researchers admit that it is likely the governments of various countries where the software might be used could discover the hidden messages and then block either specific users or social networking sites such as Twitter and Flickr (China has blocked access to Twitter on a number of occasions, including the recent anniversary of the Tiananmen Square riots). But they say in their paper that they hope most governments will be unwilling to block these services for very long, and that “the use of user-generated content to pass messages through censorship firewalls will survive, even as censorship techniques grow increasingly more sophisticated.”

While the software will make it easier for dissidents to disguise their communications and send information without being detected, however, it will also make it easier for others to smuggle information as well — including software pirates, child-porn distributors and other unsavory characters. But the downsides of the technology might be worth it if they help citizens evade persecution by repressive governments.

Related content from GigaOM Pro (sub. req’d.): As Cloud Computing Goes International, Whose Laws Matter?

Post and thumbnail photos courtesy of Flickr user Faithful Chant

19 Responses to “Software Uses Twitter, Flickr to Let Dissidents Send Secret Messages”

  1. People saying that flickr or Twitter is blocked in this or that country are missing the point.

    These kind of tools can be used in any public forums or photo sharing sites. Will China or Iran really block all forums and all photo sharing sites? They might as well turn off the Internet for all their citizens.

  2. I strongly suspect that the bad actors already have access to this kind of technology, so this application is truly more beneficial to repressed people. Ultimately, though, I predeict that through a combination of government and commercial interests, the Internet as we know it now will be shut down and replaced by walled gardens run by each of the major service providers, with very restrictive gateways between the providers.

  3. Anonymous

    Er, I live in China. twitter is blocked here, and flickr has been also, from time to time.

    Do they think the Chinese government has any qualms about blocking western websites, regardless of the content?

  4. WD Milner

    This is a variation on a theme. Steganography as a means of passing encrypted communications is nothing new, to either the security/crypto community, or to governments. What this does, is, perhaps, make it a little easier to implement.

  5. Our firm ( helps address the issue of electronic free speech in censored environments slightly differently. Users simply encrypt their communications (Google Mail, Facebook postings, Tweets) with a free Browser Plugin with their own keyword. They then send the message as usual. Only those recipients who know the private encryption keyword can read it.


    Free Download

  6. Michael

    Very good article, Mathew.

    As a security expert, I see this technology from both sides.

    Since there is no way to limit the use of Collage to oppressed dissidents, I am very concerned that it only enables bad actors to more easily send secret messages as well. Now that the technological heavy lifting has been done by others, really anyone using Collage can communicate secretly. From middle school bullies to freedom fighters. From street gangs to political prisoners. For each deserving group, there is a dangerous opposite side that now has easy access to this technology.

    One can argue that now the likes of Twitter and Flickr will see much more traffic from sites in Virginia looking inside the content, but those groups would only be looking for significant threats to the security of our nation and others. Anything else that could be harmful to commerce or individuals on a small scale would be discarded by these groups as outside of their charters. Yet those who are the targets of the bad actors will have an even tougher time locating these communications because of the new comm path created by Collage that eliminates easily collected sources like IM chats and e-mails, leaving them with little or no evidence to use in a court of law should the crime rise to that level.

    Further, you cannot fix the problem by creating a list of authorized users, because that list’s existence endangers their safety if it were to be revealed or leaked.

    I believe that people who are silenced by oppressive regimes deserve the right to communicate their plight. To generate support for their cause and get the truth to the outside world. But the necessary lack of controls over this technology has not only given them the voice they deserve, but also opened up a whole new opportunity for criminals who dare us to find any evidence of their participation in the crime.

  7. coolrepublica

    And now those countries know how they do it so they can freely block the whole country from accessing twitter and flickr. Thanks dissidents for ruining a good thing for everybody.

    • Sequoia

      Thanks a lot dissidents, thanks to your struggle for political freedom, I can’t share artistic photos of my dog with people in china. Ask yourself, dissidents: was it worth it?