Feeds

Website combines spam with encryption

Hide your secrets in rubbish

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

At last! A positive use for spam.

A website has been set up, called Spam Mimic, where users can embed encrypted messages in spam in order to disguise the fact confidential data is been exchanged.

Steganography, or the technique of burying encrypted text in other files, such as pictures, in order to disguise the fact confidential messages are been exchanged, is almost as old as cryptography itself.

However using spam to achieve this gives the idea an interesting spin. Spam Mimic gives access to a short program that will encrypt a short message into spam and back again - the sentence outputs vary depending on the message being encoded.

The site explains why spam is a better method to hiding messages than pictures or movie clips.

"There is tons of spam flying around the Internet. Most people can't delete it fast enough. It's virtually invisible."

The site adds "real spam is so stupidly written it's sometimes hard to tell the machine written spam from the genuine article", an argument we find it very hard to disagree with.

Here's how it works: go to the site and choose 'encode' from the menu, and type in a short message into the text box and press enter. This generates a secret message buried in spam, which you can then be cut and pasted into an email client.

The person receiving the message can use the site's decode option to recover the original message.

The site also has a higher purpose - forcing government surveillance systems, such as Echelon, to scan through Terabytes of spam on the off chance that some of them may contain encrypted messages of interest to the authorities. These are the kind of ideas behind the 1999 Jam Echelon Day, explained in more detail here.

We're not sure how strong the encryption engine behind the site is. Also to use the service you would have to agree with someone in advance about either the email a spam encrypted message would come from or its subject line.

All in all, we think it's an interesting idea rather than useful to, say, civil right activists, who might want to disguise their use of encryption from security agencies. That said, the idea that activists might instead be arrested for sending unsolicited commercial email is unlikely...®

The essential guide to IT transformation

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
Founder (and internet passport fan) now says privacy is precious
TROLL SLAYER Google grabs $1.3 MEEELLION in patent counter-suit
Chocolate Factory hits back at firm for suing customers
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
Sit tight, fanbois. Apple's '$400' wearable release slips into early 2015
Sources: time to put in plenty of clock-watching for' iWatch
Facebook to let stalkers unearth buried posts with mobe search
Prepare to HAUNT your pal's back catalogue
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?