blackmail / real world stego use

Ed Gerck egerck at
Wed Aug 27 10:36:01 EDT 2003

A guy in Google can do it. In short, if Bob would set up (or use
internally) a www cache, reachable as a public service, which
cache quickly downloads all the pages of several sites by multiple
HTTP connections, the desired image being among them, and do
this for a time window that overlaps the desired target time, then
the desired image can be seen almost in real time by Bob,

OTOH, it is possible that the dutch man was traced not by a one
time download of the image but by many attempts to find it,
since the upload time of the image to the site was not exactly
known to him and time was of essence. In this case, the required
tracing capability would NOT need a large capability for packet
recording and correlation. It would just include finding 100's
(or 1000's) of identical access occurrences in surfola's incoming
server traffic, after surfola's server was tagged from the website's

The lesson seems to be that, like with other security tools,
anonymizing tools also need to be correctly used. Providing an
action pattern can break an anonymizer -- to identify is to look
for coherence.

Ed Gerck

bear wrote:

> That is a model that does not permit realtime communication,
> meaning that monitoring may be impossible to escape for
> realtime activities such as web browsing.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list