Real-World Steganography Against Content-Based Censorship in Modern Chat Applications
No ratings
Presented at Real World Crypto 2026 by
As people's communications move to the digital sphere, chat applications become a major target of content-based censorship. Previous work shows that various applications with millions of users have filtered, and then dropped, user messages containing "sensitive words". Given the regulatory restrictions, circumvention within the censored application is necessary. Several works propose steganographic circumvention schemes leveraging the recent development of generative models. These schemes embed sensitive information inside inconspicuous outputs generated by LLMs and provide formal guarantees of undetectable circumvention as indistinguishability, i.e., the generated stego text is statistically indistinguishable from benign model output without embedded information. In this talk, we show that, surprisingly, there exists a significant gap between theoretical security guarantees in LLM-based steganographic schemes and the empirical undetectability when applying these schemes into the real-world circumvention scenario. To bridge this gap, we propose Oolong, an orchestrated protocol that can work with any LLM-based steganographic coders in a "plug-in-and-go" manner. To examine the effectiveness and security of our design, we conduct, to the best of our knowledge, the first empirical evaluation of steganographic circumvention systems using conversation data from the real world. The goal of our talk is to share our learnings on the design considerations necessary for bridging this gap and to encourage exchanges on several challenges remaining open towards real-world deployment.