The extension, developed by Owen Campbell-Moore of Keble College, allows users to encode secret messages on pictures uploaded to Facebook. ‘Secretbook’ then dechipers the hidden text for those with the correct password 

Campbell-Moore told Cherwell, “About a year ago I discovered a really creepy US Air Force grant (af121-050) which was looking for a system to collect and extract meaning from conversations extracted from social media. The thought stuck with me that it is unclear precisely how much access the US government has to private data on social networks and hence better tools really need to exist to facilitate private communication online.” 

The extension, available from Campbell-Moore’s personal blog, has already been downloaded 7,000 times. A Mashable article covering the story has been tweeted almost 1,500 times.

In order to work, both the sender and the recipient must download the extension. Once downloaded any user who has the correct password can access the secret message on the image by pressing ctl+alt+a whilst viewing the correct photo.

Campbell-Moore developed the extension last year, in a project supervised by Professor Andrew Ker. Ker told Cherwell, “The app works by modifying a photo, invisibly, to hide a small amount of text (about one tweet), which only a person with the right password can decode. The main challenge in the project was to make sure that the message survives the process of being uploaded, when it is recompressed by Facebook.” 

In a blog post, Campbell-Moore explained, “The extension utilises a technique known as JPEG Steganography to hide secret messages in photos by making many visually imperceptible changes to encode the secret data.” 

The post continued, “Steganography tools have traditionally been complicated (and often command line based) so a core goal to this project was to make Steganography easy and accessible so more people can take advantage of the privacy it provides.”

The Daily Mail reported that the technology could be used by terrorists. However, Campbell-Moore’s blog stated, “This application is only suitable for casual users and is totally useless for serious applications such as terrorism since detection would not be difficult for organisations such as the NSA.” 

Facebook were unavailable for comment.