• frongt@lemmy.zip
    link
    fedilink
    English
    arrow-up
    35
    arrow-down
    21
    ·
    2 days ago

    That’s not what steganography is. There is no hidden message here.

    • WesternInfidels@feddit.online
      link
      fedilink
      English
      arrow-up
      44
      arrow-down
      2
      ·
      2 days ago

      Your assertion baffles me. The CC client is sending information about its execution context back to Anthropic HQ in a sneaky, obfuscated way that most people wouldn’t notice.

      If that’s not a hidden message, if that’s not steganography, what is?

      • frongt@lemmy.zip
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        11
        ·
        2 days ago

        It’s not sending it back. It’s essentially watermarking the output, so that it can be identified if it appears somewhere unexpected.

        • GamingChairModel@lemmy.world
          link
          fedilink
          English
          arrow-up
          39
          ·
          1 day ago

          It modifies the prompt, aka the input, not the output. It is smuggling 3 bits of secret user/session data in a wrapper that doesn’t look like it contains that data. As the article explains:

          So the marker becomes part of the system context sent to the model.

          This is a normal timestamp on a prompt:

          Today's date is 2026-07-11.

          But if your system timezone is a Chinese mainland timezone, it looks like:

          Today's date is 2026/07/11.

          Then, if your base URL includes a keyword like “deepseek,” it silently replaces the apostrophe from a ' to a ʼ:

          Todayʼs date is 2026-07-11.

          Or if the base URL has one of the domains on the list, like any .cn domain, it replaces the apostrophe with another apostrophe character:

          Today’s date is 2026-07-11.

          And if it has both a URL and a keyword on the watchlist, the prompt context includes:

          Todayʹs date is 2026-07-11

          That’s 3 bits of information: does this system have a mainland Chinese time zone, does the base URL contain a known keyword (associated with Chinese AI competitors) or a known domain (associated with mainland China or its major tech companies). And it sneaks it on by without making it obvious.

          That’s steganography.

    • billwashere@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      ·
      2 days ago

      Yeah I thought steganography was hiding messages in images.

      Ok I just looked it up, apparently it can be anything. Images, audio, video, or even text.

      I remember I had this Perl module once that would convert passwords into a binary string and then convert that string into spaces and tabs. Looked like a blank file. I guess that was technically steganography.

      • frongt@lemmy.zip
        link
        fedilink
        English
        arrow-up
        14
        arrow-down
        7
        ·
        2 days ago

        No, that’s encoding. If you hid that message inside another message, that would be steganography.

        • wonderingwanderer@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          7
          ·
          2 days ago

          It is a message hidden in a message. The hidden message is the binary password, and the container message is “[blank]

          • Tetsuo@jlai.lu
            link
            fedilink
            English
            arrow-up
            1
            ·
            16 hours ago

            If i understand correctly it is a message within a blank file. So it is not steganography, I suppose.

            At least I dont think a seemingly blank file would pass as a valid message.

            That’s what I think is defining for steganography is that it is deceptive because you might not assume another secret message is hidden within the original message.

            • wonderingwanderer@sopuli.xyz
              link
              fedilink
              English
              arrow-up
              1
              ·
              13 hours ago

              The decoy container could be literally anything. Sure good steganography would be hidden in something that looks real, like a jpeg or a music file, because it gives it a reason for existing at a glance. That’s not to say it couldn’t be a blank plaintext file, it just might arouse more suspicions and be subjected to more scrutiny