Pr0nBack!
Originally published 2006 in Atomic: Maximum Power Computing Last modified 11-Dec-2011.
Here's a modern truism for you: The more legal something is, the less backed up it'll be.
As curmudgeons like me have said on numerous previous occasions, data you haven't backed up is data you do not want. But the fact remains that a lot of people just don't do backups. Then they have some huge data loss disaster - thesis, accounts, passwords for everything, all gone. Then maybe they start making excellent backups, but they probably just start making half-assed backups that're better than nothing.
If your wicked reprobate of a cousin has illegally downloaded a bunch of music, movies, TV, software, game ROMs and art photos of drystone walls in Kentucky, though, the only reason he probably has to back any of them up is so that he won't have to download them again. Unless something's rather obscure (and sometimes even then), it'll always be out there waiting for re-download. And when a pirate does have to download something again, he may well find a better version available - DVD rips instead of TV rips, for instance.
It's like new-for-old-replacement insurance, with no premium.
One day, really broadband Internet connections and close-to-free storage and some encrypted and anonymised Freenet-ish hippy-trippy data-mist will let us all back up our stuff on everybody else's computers for free. But that unicorn-riding day isn't here yet, and will never never never be here if the big content companies that want to sell you "experiences" that don't come with any rights at all have anything to do with it.
In the meantime, every second joker suggests renaming accounts.zip as belgianmonkeypr0n.avi and making it available on all of your favourite P2P networks. The jokers that've thought this through more suggest you name the file WinServ03Datacenter.iso, because that increases the chance that lots of teenagers will download it and share it and never check to see whether it's really what it says it is. Debate continues.
You know what, though? That goofy idea could actually work, with a bit of fiddling.
A lot of illegally shared files, you see, are pretty darn large. And many of the things that people want to back up are, in comparison, small.
So the solution's simple enough: Backups embedded in P2P-shared files. Those files are what the filename says they are, so people will share them, but the backup data's in there too.
This could be done by fancy steganographic means, with the backed-up data hidden in audio or video files (have a play with Steghide if you're interested), but there's no reason to go to those lengths. All you need is file formats that allow arbitrary data to be tacked onto one end or the other, and there are plenty of those.
JFIF, commonly known as JPEG, is such a format. You can put whatever you like in the header block of a JPEG file (the standard EXIF extensions certainly do - little programs exist to let you fiddle with EXIF data). Programs that just display JPEG images will ignore the extra header data, even if there's ten times as much of it as there is image data, and just display the image.
Similarly, the ID3v2 tag standard lets you stuff as much extra data as you like into an MP3 file, all nice and legal-like. And you can also add pretty much whatever you want after the end of many files' actual data, published header/footer formats be damned.
If you store 500Mb of backed-up e-mail in one fake nude-celebrity pic then it's likely to attract a certain amount of suspicion, but it's easy to split data into multi-volume archives, encrypted if you like, and store it spread across many files. And all of my income tax files and tax software digital certificates and so on will fit very comfortably in a one-megabyte archive.
Tack that - suitably encrypted - onto a single video clip of unremarkable size and nobody's likely to notice.
This is not, of course, what you'd call a totally practical solution. Legality aside, if everybody tried it, you'd end up with thousands of different versions of every file on every P2P network, and people would still only bother sharing the smaller versions that didn't come with some bozo's password-Zipped high-school project as an appendix.
But, startlingly enough, "StegoBackup" actually could be pushed into some semblance of functionality. Legally, even, if you started out with public domain or otherwise free-to-distribute files and found people to share them.
Or, more realistically again, you could just set up backup-sharing collectives, where everybody gets assigned to one little pool of mixed backups from other members of their pool, and just leaves that file ticking away on their BitTorrent software. Actually, you and your friends could do that right all by yourselves, but you wouldn't have any way to update the files in the backup without starting a whole new one; it wouldn't be very difficult to hack up a version that knew how to just share a directory full of encrypted archives, though.
Personally, I think this is all very much worth the effort, just to screw with the Net-spying spooks. If they want to spy on everyone's sooper sekrit hidden encrypted files, let 'em have 'em - but make the content someone's first-year Actuarial Studies essay.
