Jump to content

Wikipedia:Steganography

From Wikipedia, the free encyclopedia

Using steganography, attackers may attempt to hide invisible text on any Wikipedia page. Contrary to HTML comments, this kind of text can be hard to spot even when editing the source code of the page.

Possible motivation

[edit]

Wikipedia's popularity and non-profit nature may cause it to be treated as a "harmless" website by firewall administrators and service providers. It may be accessible even in restricted work environments, and it may be accessible for free even in areas where internet access is otherwise very expensive. If only specific, whitelisted, websites can be reached from a computer, Wikipedia may already be included on the whitelist.

An attacker may be interested in permanently storing text, or even images or other files, on Wikipedia. This would violate Wikipedia's WP:NOTWEBHOST policy, and openly doing so might cause the page, file or revision to be deleted.

Base64 encoding, and similar techniques, make it possible to convert any file to text that can easily be added to any Wikipedia page. Even if this text has been removed from the page again, a permanent link to the previous revision can be used to retrieve the file. Revision deletion, or deletion of the page may be the only way to prevent access to the file. Using steganography, this text could be hidden in a way that avoids deletion. The hidden text might be removed or corrupted in later revisions, but a permanent link would still point to the original version of the file.

Technical countermeasures

[edit]

The fundamental idea of steganography is to hide information in a way that is as undetectable as possible by humans and/or computers. It is probably impossible to implement useful countermeasures against the general principle, but it may be possible to prevent specific types of abuse. See Phabricator ticket T190951 for more information.