 | This is an
essay. It contains the advice or opinions of one or more Wikipedia contributors. This page is not an encyclopedia article, nor is it one of
Wikipedia's policies or guidelines, as it has not been
thoroughly vetted by the community. Some essays represent widespread norms; others only represent minority viewpoints. |
 | This page in a nutshell: This essay describes a general type of attacks that are hard to prevent using technical measures. It may be important to know about this type of steganography, to be able to spot it when it occurs in front of one's eyes. |
Using steganography, attackers may attempt to hide invisible text on any Wikipedia page. Contrary to HTML comments, this kind of text can be hard to spot even when editing the source code of the page.
Wikipedia's popularity and non-profit nature may cause it to be treated as a "harmless" website by firewall administrators and service providers. It may be accessible even in restricted work environments, and it may be accessible for free even in areas where internet access is otherwise very expensive. If only specific, whitelisted, websites can be reached from a computer, Wikipedia may already be included on the whitelist.
An attacker may be interested in permanently storing text, or even images or other files, on Wikipedia. This would violate Wikipedia's WP:NOTWEBHOST policy, and openly doing so might cause the page, file or revision to be deleted.
Base64 encoding, and similar techniques, make it possible to convert any file to text that can easily be added to any Wikipedia page. Even if this text has been removed from the page again, a permanent link to the previous revision can be used to retrieve the file. Revision deletion, or deletion of the page may be the only way to prevent access to the file. Using steganography, this text could be hidden in a way that avoids deletion. The hidden text might be removed or corrupted in later revisions, but a permanent link would still point to the original version of the file.
The fundamental idea of steganography is to hide information in a way that is as undetectable as possible by humans and/or computers. It is probably impossible to implement useful countermeasures against the general principle, but it may be possible to prevent specific types of abuse. See Phabricator ticket T190951 for more information.
| This is an
essay. It contains the advice or opinions of one or more Wikipedia contributors. This page is not an encyclopedia article, nor is it one of
Wikipedia's policies or guidelines, as it has not been
thoroughly vetted by the community. Some essays represent widespread norms; others only represent minority viewpoints. |
| This page in a nutshell: This essay describes a general type of attacks that are hard to prevent using technical measures. It may be important to know about this type of steganography, to be able to spot it when it occurs in front of one's eyes. |
Using steganography, attackers may attempt to hide invisible text on any Wikipedia page. Contrary to HTML comments, this kind of text can be hard to spot even when editing the source code of the page.
Wikipedia's popularity and non-profit nature may cause it to be treated as a "harmless" website by firewall administrators and service providers. It may be accessible even in restricted work environments, and it may be accessible for free even in areas where internet access is otherwise very expensive. If only specific, whitelisted, websites can be reached from a computer, Wikipedia may already be included on the whitelist.
An attacker may be interested in permanently storing text, or even images or other files, on Wikipedia. This would violate Wikipedia's WP:NOTWEBHOST policy, and openly doing so might cause the page, file or revision to be deleted.
Base64 encoding, and similar techniques, make it possible to convert any file to text that can easily be added to any Wikipedia page. Even if this text has been removed from the page again, a permanent link to the previous revision can be used to retrieve the file. Revision deletion, or deletion of the page may be the only way to prevent access to the file. Using steganography, this text could be hidden in a way that avoids deletion. The hidden text might be removed or corrupted in later revisions, but a permanent link would still point to the original version of the file.
The fundamental idea of steganography is to hide information in a way that is as undetectable as possible by humans and/or computers. It is probably impossible to implement useful countermeasures against the general principle, but it may be possible to prevent specific types of abuse. See Phabricator ticket T190951 for more information.