Website combines spam with encryption
December 15, 2000
Someone has finally found a positive use for spam.
A website has been set up, called Spam Mimic, where users can embed encrypted messages in spam in order to disguise the fact confidential data is been exchanged.
Stenography, or the technique of burying encrypted text in other files, such as pictures, in order to disguise the fact confidential messages are been exchanged, is almost as old as cryptography itself.
However using spam to achieve this gives the idea an interesting spin. Spam Mimic gives access to a short program that will encrypt a short message into spam and back again - the sentence outputs vary depending on the message being encoded.
The site explains why spam is a better method to hiding messages than pictures or movie clips.
"There is tons of spam flying around the Internet. Most people can't delete it fast enough. It's virtually invisible."
The site adds "real spam is so stupidly written it's sometimes hard to tell the machine written spam from the genuine article", an argument we find it very hard to disagree with.
Here's how it works: go to the site and choose 'encode' from the menu, and type in a short message into the text box and press enter. This generates a secret message buried in spam, which you can then be cut and pasted into an email client.
The person receiving the message can use the site's decode option to recover the original message.
The site also has a higher purpose - forcing government surveillance systems, such as Echelon, to scan through Terrabytes of spam on the off chance that some of them may contain encrypted messages of interest to the authorities. These are the kind of ideas behind the 1999 Jam Echelon Day, explained in more detail here.
We're not sure how strong the encryption engine behind the site is. Also to use the service you would have to agree with someone in advance about either the email a spam encrypted message would come from or its subject line.
All in all we think it's an interesting idea rather than of much use to say, civil right activists, who might want to disguise their use of encryption from security agencies. That said, the idea that activists might instead be arrested for sending unsolicited commercial email is itself hardly likely...
John Leyden, The Register