W3C home > Mailing lists > Public > public-credentials@w3.org > July 2020

Re: Weekend Project: DID MEME

From: Heather Vescent <heathervescent@gmail.com>
Date: Mon, 27 Jul 2020 12:44:33 -0700
Message-ID: <CA+C6qMzUMxi-8MEU0F8gm7nzA4rrdcjpARRy6V_kF9KMacnjsA@mail.gmail.com>
To: Orie Steele <orie@transmute.industries>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
A++ use of digital steganography. (I recently did a deep dive research into
steg = digital steg for espionage uses.) In addition to being used for
malware bot commands, the baddies use it to transmit trade secrets.


On Mon, Jul 27, 2020 at 10:44 AM Orie Steele <orie@transmute.industries>

> On the weekends, I get to work on whatever I want :)
> Inspired by the new `did:twit` method, recently registered here:
> https://github.com/w3c/did-spec-registries/pull/90
> I created `did:meme` (not registered yet...)
> https://didme.me/did:meme:1zgswzdje885tzr8408m37sjmaa0sthw265ty6hmwzmau48kd809zzrgra4w5w
> https://github.com/OR13/didme.me
> Obviously this is kind of a joke... However, I think there may be some
> interesting technical firsts here, and if they are not firsts, I'm sure
> readers of this mailing list will be able to correct me.
> 1. First use of bech32 to encode a did identifier
> In order to make the DIDs look different from IPID / IPLD / IPFS / IPNS...
> I transformed them using bech32.
> 2. First use of a covert channel for a verifiable data registry.
> The image (meme) contains the multi codec representation of the public key
> (same as is used by did:key)...
> This means that the did document is recovered from data stored in an
> image. (not encrypted!)... this technique is called
> https://en.wikipedia.org/wiki/Steganography
> It is useful when you need to exchange messages without it being obvious
> that you are doing so, for example:
> https://twitter.com/didtwitt3r/status/1285446654112350209
> Sadly this technique is often abused by the baddies, to hide botnet
> command and control traffic on public platforms...
> However, I would not consider steganography to be inherently good or
> evil... it's just another way of encoding (not encrypting).
> Finally, the data goes on the public IPFS network... so thanks to
> https://infura.io/ for making it possible to make this demo on a public
> github pages backed website.
> Regards,
> OS
> --
> Chief Technical Officer
> www.transmute.industries
> <https://www.transmute.industries>

Heather Vescent <http://www.heathervescent.com/>
Co-Chair, Credentials Community Group @W3C
President, The Purple Tornado, Inc <https://thepurpletornado.com/>
Author, The Secret of Spies (Available Oct 2020)
Author, A Comprehensive Guide to Self Sovereign Identity
Author, The Cyber Attack Survival Manual <http://amzn.to/2i2Jz5K>

@heathervescent <https://twitter.com/heathervescent> | Film Futures
<https://vimeo.com/heathervescent> | Medium
<https://medium.com/@heathervescent/> | LinkedIn
<https://www.linkedin.com/in/heathervescent/> | Future of Security Updates
Received on Monday, 27 July 2020 19:44:59 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:01 UTC