Scrub sekritpost from images

[Chiiruno]

I actually like image sekritposting, but instead of retarded autism wars, let's just scrub it on upload receive.

[Chiiruno]

Also has the benefit of cleaning images gucas upload.

[RMiko]

Sounds good, should be easy enough to do, I'll see what I can do tomorrow.

[Chiiruno]

I already assigned myself to it.

[RMiko]

Yeah, just as I finished my comment, oh well.

[Chiiruno]

Doesn't really rule out stenography as anon mentions, but not much we can do about that.

[RMiko]

Well, image secret posting using the script is literally just plaintext at the end of file, and I dont think the people making the script would ever do anything more complicated than that. So its not really a problem.

[chiya-chan]

Make it an auto ban too. Anyone who changes the original image hash (and thus lose tag mappings) deserves death.

[RMiko]

There is still the problem of stolen images

[Chiiruno]

No need for auto-ban, since server can just scrub it. Stenography will be hard, if not impossible to detect though.

[Chiiruno]

people making the script would ever do anything more complicated than that

I'm tempted to do that for the userscript, for shits and giggles.

[RMiko]

Chiiru no!

[chiya-chan]

They can just simply change the format to bypass the server scrubbing. Don't even need steganography.

[Chiiruno]

That's a good point. Any thoughts on a more wide sweep to detect and scrub sekritposts in the image, and hopefully return the hash back to normal?

[chiya-chan]

I'm not familiar with image formats, but maybe there's some header information you can use to determine where the file should end, and compare that to where it actually ends. Worst case scenario, you could try parsing the file like a decoder would, and compare the expected end to the actual end. But that's a lot of work and probably not worth it.

[Chiiruno]

Well, the userscript adds plaintext at the end of the file like @RMiko said, here's two examples from two files. (in plaintext)

• test004secret
• test3005secret

note the 004 and 005, that seems to be an indicator along with the "secret" plaintext. I'll have to look into the actual userscript and how it works, though.

[chiya-chan]

The "secret" plaintext is just a magic to identify that the image contains sekrittext. The 3 digits before "secret" is the length of the sekrittext. And the text before the digits is the actual sekrittext.

[Chiiruno]

Right now, a quick fix would be to just quickly identify the magic, and if it exists, check if there's a number inbetween 000 and 999 and remove all of that along with whatever the number of characters before it is as indicated by the number.

[Chiiruno]

To make this server performant, I'll just check the first ~50 characters of the beginning and end of the file right now.

[chiya-chan]

of the beginning

I don't think there's much point in that.

[Chiiruno]

Minimal overhead to prevent simply changing the position to the (easily detectable by userscript) beginning of the image.

[chiya-chan]

I'm pretty sure putting it at the beginning would break the image. The end is the only place they can put it without breaking it.

[Chiiruno]

Alright, fair enough.

[bakape]

I'm pretty sure putting it at the beginning would break the image. The end is the only place they can put it without breaking it. Or in the meta information.

On Thu, 25 Apr 2019, 02:11 チルノ, notifications@github.com wrote:

Alright, fair enough.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/bakape/meguca/issues/1050#issuecomment-486460639, or mute the thread https://github.com/notifications/unsubscribe-auth/AB347MA7NH6GJMRFXW4DK5TPSDSJRANCNFSM4HIIJJPA .