W3C home > Mailing lists > Public > public-credentials@w3.org > July 2020

Re: Weekend Project: DID MEME

From: Orie Steele <orie@transmute.industries>
Date: Mon, 27 Jul 2020 15:13:15 -0500
Message-ID: <CAN8C-_LBUvMw1U46a9KqUA8SS9Ph0dVAURPRgME4mNi=u8++TA@mail.gmail.com>
To: Daniel Hardman <daniel.hardman@evernym.com>
Cc: Heather Vescent <heathervescent@gmail.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
I didn't use this library because it's AGPL
https://github.com/zeruniverse/CryptoStego... but it is resilient to
compression :)

My goal was not to make something that would be resilient to compression,
because the content is stored on IPFS by content ID...
So it was not a concern for this project.

There is a similar issue with watermarking, you want to watermark an image,
but you don't want to regrade its quality, and most critically, you don't
want anybody to be able to remove the watermark...

You can find the papers by searching "Resilient Watermarking" :)

OS

On Mon, Jul 27, 2020 at 2:55 PM Daniel Hardman <daniel.hardman@evernym.com>
wrote:

> A challenge with encoding info in images is that they are lossy. One of
> the reasons why Facebook rewrites all uploaded graphics is to precisely to
> eliminate steganography...
>
> On Mon, Jul 27, 2020 at 1:46 PM Heather Vescent <heathervescent@gmail.com>
> wrote:
>
>> A++ use of digital steganography. (I recently did a deep dive research
>> into steg = digital steg for espionage uses.) In addition to being used for
>> malware bot commands, the baddies use it to transmit trade secrets.
>>
>> LOVE IT Orie!
>>
>> On Mon, Jul 27, 2020 at 10:44 AM Orie Steele <orie@transmute.industries>
>> wrote:
>>
>>> On the weekends, I get to work on whatever I want :)
>>>
>>> Inspired by the new `did:twit` method, recently registered here:
>>> https://github.com/w3c/did-spec-registries/pull/90
>>>
>>> I created `did:meme` (not registered yet...)
>>>
>>>
>>> https://didme.me/did:meme:1zgswzdje885tzr8408m37sjmaa0sthw265ty6hmwzmau48kd809zzrgra4w5w
>>> https://github.com/OR13/didme.me
>>>
>>> Obviously this is kind of a joke... However, I think there may be some
>>> interesting technical firsts here, and if they are not firsts, I'm sure
>>> readers of this mailing list will be able to correct me.
>>>
>>> 1. First use of bech32 to encode a did identifier
>>>
>>> In order to make the DIDs look different from IPID / IPLD / IPFS /
>>> IPNS... I transformed them using bech32.
>>>
>>> 2. First use of a covert channel for a verifiable data registry.
>>>
>>> The image (meme) contains the multi codec representation of the public
>>> key (same as is used by did:key)...
>>>
>>> This means that the did document is recovered from data stored in an
>>> image. (not encrypted!)... this technique is called
>>> https://en.wikipedia.org/wiki/Steganography
>>>
>>> It is useful when you need to exchange messages without it being obvious
>>> that you are doing so, for example:
>>> https://twitter.com/didtwitt3r/status/1285446654112350209
>>>
>>> Sadly this technique is often abused by the baddies, to hide botnet
>>> command and control traffic on public platforms...
>>>
>>> However, I would not consider steganography to be inherently good or
>>> evil... it's just another way of encoding (not encrypting).
>>>
>>> Finally, the data goes on the public IPFS network... so thanks to
>>> https://infura.io/ for making it possible to make this demo on a public
>>> github pages backed website.
>>>
>>> Regards,
>>>
>>> OS
>>>
>>> --
>>> *ORIE STEELE*
>>> Chief Technical Officer
>>> www.transmute.industries
>>>
>>> <https://www.transmute.industries>
>>>
>>
>>
>> --
>> Heather Vescent <http://www.heathervescent.com/>
>> Co-Chair, Credentials Community Group @W3C
>> <https://www.w3.org/community/credentials/>
>> President, The Purple Tornado, Inc <https://thepurpletornado.com/>
>> Author, The Secret of Spies (Available Oct 2020)
>> Author, A Comprehensive Guide to Self Sovereign Identity
>> <https://ssiscoop.com/>
>> Author, The Cyber Attack Survival Manual <http://amzn.to/2i2Jz5K>
>>
>> @heathervescent <https://twitter.com/heathervescent> | Film Futures
>> <https://vimeo.com/heathervescent> | Medium
>> <https://medium.com/@heathervescent/> | LinkedIn
>> <https://www.linkedin.com/in/heathervescent/> | Future of Security
>> Updates <https://app.convertkit.com/landing_pages/325779/>
>>
>

-- 
*ORIE STEELE*
Chief Technical Officer
www.transmute.industries

<https://www.transmute.industries>
Received on Monday, 27 July 2020 20:13:41 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:01 UTC