If you’ve ever wanted to tweet secret messages to your followers, there is now an app for that. Matthew Holloway has built and shared a web program which will allow you to hide text in your tweets.

The tool, which bears the less-than-catchy moniker, steg-of-the-dump.js  uses the ancient art of steganography to conceal your secrets. It replaces the text of the overt message with characters that appear almost identical, but actually store the covert message. The second half of the tool decodes the hidden message back into plain text.

tweet secret messages_1

What’s Under The Hood

These substitute characters are known as homoglyphs, for example, the Greek letter “Α”, the Latin letter “A”, and the Cyrillic letter “А”. All of these look very similar in many fonts, but each represents something different in Unicode. Homoglyphs, and there are many in Unicode (as well as near-homoglyphs),  have already created some security concerns, with the advent of internationalized domain names. Characters that can’t be distinguished from each other can be used to spoof domain names and facilitate phishing and other nasty web exploits.

steg-of-the-dump.js will actually work on any method of transmitting text (as long as the text itself stays intact) and so, could be used for emails and other communications, though, Holloway cautions, it’s code is likely to be corrupted by Facebook.

Steganography: A Brief History

Steganography (from the Ancient Greek steganos (στεγανός), meaning “covered, concealed, or protected”, and graphei (γραφή) meaning “writing”) is hardly new. The term was first used in 1499, but its first documented use was, in fact, in Ancient Greece. Wax tablets were, at the time, a common medium for writing. Herodotus documented the story of Demaratus, who wrote a warning about an impending attack on the wooden surface of the tablet, before the wax was applied.

Other examples of physical steganography include messages written in invisible ink, inscribed on the bodies or scalps of messengers, written on yarn which is woven into the messenger’s clothing, and written in the area of an envelope to be covered by a postage stamp.

Jumping forward to modern times, digital steganography was in use long before Holloway let us tweet secret messages from his website. There are numerous ways to hide data within other data. These include techniques which insert code into the binary code of such diverse files as graphics and even sound files. The images look normal, and the audio sounds right, but, if you’re looking for it, the message are there to be decoded.

It’s Not Truly Secure Though

And therein lies both the weakness and the strength of steganography, which hides secrets…out in the open. Holloway is quick to caution that his tool is not encryption. Whatever you can encode using the program can just as easily be decoded by anyone who finds it – if they know they’re looking for it. As such, it doesn’t provide the greatest of security, and is really more of a toy or a diversion.

Holloway has also built some more serious productivity tools, including doctored.js and Docvert, a cool program which converts word processor files (like .doc) into open standard formats like HTML or XML.

While you can now tweet secret messages, please remember that they’re not encrypted or inherently secure. So don’t use this to transmit your bank account info, your passwords, the secret egg salad recipe, or any other sensitive information that you don’t want to have falling into the wrong hands. But on the other hand, if there’s nothing in your tweet that suggests that there’s anything hidden there, it’s likely that no one will discover it. And as anyone who has read Poe’s “The Purloined Letter” knows, sometimes the best place to hide something important is right out in plain sight.

Tweet Secret Messages: steg-of-the-dump.js
Twitter: Matthew Holloway

About the author

Fred Scholl

I'm an unabashed enthusiast of all things Android, open-source, and technology in general. I'm also an avid music lover and musician, playing guitar, bass, keyboards, and a host of other stringed instruments.