Storing Very Large Files On Amazon's Unlimited Cloud Photo Storage

AmiMoJo writes: Last year Amazon started offering unlimited cloud storage for photos to customers who subscribed to its "Prime" service. Japanese user YDKK has developed a tool to store arbitrary data inside a .bmp file, which can then be uploaded to Amazon's service. A 1.44GB test image containing an executable file uploaded at over 250Mb/sec, far faster than typical cloud storage services that are rate limited and don't allow extremely large files.

This is why

[Anonymous Coward]

This is why we can't have nice things.

Re:This is why

[hawguy]

This is why we can't have nice things.

This is why Marketing shouldn't promise things that they can't deliver. They should know that "unlimited" has a specific meaning and if they don't mean it, they shouldn't promise it.

Re:This is why

[Anonymous Coward]

"Unlimited" does have a very specific meaning, and in this case it means unlimited photos, not unlimited steganography.

Re:This is why

[hawguy]

"Unlimited" does have a very specific meaning, and in this case it means unlimited photos, not unlimited steganography.

I happen to have a very extensive collection of photographs of static from my TV and I need someplace to store them.

Re:

[Nethemas the Great]

At 1.44GB/photo that must be one hell of a high-res TV.

Re: This is why

[LordKronos]

Even an old analog TV could give you a 1.44gb photo, when you consider slight variations in subpixel noise (remember...he said photo, not screenshot).

Now, on the other hand...the camera that takes 1.44gb photos is something that I might actually be interested in.

Re: This is why

[ShanghaiBill]

the camera that takes 1.44gb photos is something that I might actually be interested in.

Here it is [gizmag.com].

Re: This is why

[WarJolt]

"Unlimited" does have a very specific meaning, and in this case it means unlimited pornography, not unlimited steganography.

Fixed it for ya.

Re:

[kbg]

What difference does it make? If you store unlimited data instead of unlimited photos it is still unlimited so as for Amazon it makes no difference.
Unless of course Amazon really doesn't want you to actually use your "unlimited" storage, but then they should not call it "unlimited".

Re: This is why

[John Allsup]

If real people use it for real photos only, then practicality limits the amount of data to well within what Amazon can handle, and means users don't need to care about limits.

Re:

[JoeMerchant]

If real people use it for real photos only, then practicality limits the amount of data to well within what Amazon can handle

You don't know my wife: cell phone with 10MP camera, averaging 100 shots per hour when she's not taking video...

Re:

[dave420]

What difference does it make? If you consider the average filesize of a photo is a meg or so compared to over a gigabyte, you can see that there is rather a large difference. As not everyone would be uploading all the photos they will ever take at once, that means Amazon would be able to gradually increase the amount of storage dedicated to this service, reaping the benefits of decreasing storage price in the process, and the ability to take advantage of newer, larger capacity drives as they become availa

Re:

[Muad'Dave]

There's probably a clause in the agreement that allows them to use/sell your photos. If you're uploading data, they can't 'monetize' your data.

Re:

[Jason Levine]

I was talking to my wife about cloud backup options. Right now, we backup our computers to two external hard drives. In theory, one of these drives would be taken off-site, but in practice that never happens. I was looking at Backblaze and Amazon for backup. (I have about 1TB of files to backup.) My wife was concerned about Amazon because she feared that they would look through our uploaded data or something. Quite honestly, I don't think they would, but I have no proof that they wouldn't (it's imposs

Re:

[AmiMoJo]

"All you can eat", or in this case "all you can photograph" might be a better description. It's not unlimited, it's limited by your ability to consume food or take photos. They were clearly expecting the rate at which people could generate new photos to limit the amount they uploaded.

Now excuse me, I'm off to write a script that stores files in the low order bits of images captured from my webcam with the lens cap left on at 100ms intervals.

Re:

[luis_a_espinal]

"Unlimited" does have a very specific meaning, and in this case it means unlimited photos, not unlimited steganography.

Exactly. The fact we have to spell that shit out is scary. Bring back the dinosaurs, humanity has failed!

Re:

[superwiz]

It's not steganography. It's not data hidden in image. It's data wrapped in bmp header. Pretty simple solution actually. In fact, this would probably look like random noise picture if you tried to view it. Bmp's are just raster images (direct pixel data) with a very thin header in front of it. So anything can be stored as "pixel" data. Steganography usually refers to storing data along with image data (so it degrades the quality of image, but still would look like a real picture when viewed).

Re:This is why

[Aaden42]

If you read the full Cloud Drive Terms of Service, you'll find nothing in it that associates the word "unlimited" with "photos".

The Service provides storage, retrieval, management and access features and functionality for your photos, videos, and other files ("Your Files").
-- CloudDrive ToS [amazon.com]

Everything they've put in writing makes it clear that you're permitted to use unlimited storage to store whatever files you like, so long as you don't resell access, use it as the backing store for another cloud service, etc. Personal use == A-OK.

Re:This is why

[Aaden42]

And having now read TFS, I sheepishly rescind my previous post... This is the Prime photos thing, not the actual Cloud Drive storage thing. Previous post applies to Cloud Drive Unlimited. Yes, storing unlimited data for the photos only service is being a dick. Shell out the $60/year.

(And if you do, pushing ZFS backups into it is a thing I'm working on... zfs-acd-backup [github.com])

Re:

[bobbied]

Oh, what marketing promised they CAN do... Problem here is somebody figured out how to shove other data into containers that looked like images to the software. Don't worry, Amazon has some bright folks working for them, they will figure out how to filter out all this stuff.

Re:This is why

[bloodhawk]

I don't like Amazon, BUT they didn't say unlimited data. They said unlimited Photos. This is the type of abuse that basically ends up hitting legitimate users where limits being imposed will be the end result.

Re:

[Bing Tsher E]

Isn't it kind of a form of Net Neutrality for people to come up with ways to make sure that service providers can't sort and differentiate pricing for different sorts of content?

Re:

[Jason Levine]

No, because Amazon isn't your ISP. Your ISP isn't saying that you can upload unlimited photos but have a cap on everything else. Amazon is providing a service for a price. If you subscribe to Prime, you get unlimited Photos cloud backup but only a certain amount of space for all your other data. If you pay them $60 a year, you can get unlimited space for all types of files. This isn't involve Network Neutrality any more than having two products for sale on Amazon but only offering Prime 2 day shipping

Re:

[Actually, I do RTFA]

limits being imposed will be the end result.

Or conversion to a lossy format...

Re:

[AmiMoJo]

It's a photo of a binary file. Perhaps they need to be more specific by saying "only photos created by a camera", which would exclude people backing up their 3D renders etc.

Re:

[dave420]

A photo is only a picture made by a camera. You can't open up a hex editor, put in a BMP header and then mash keys and call the resulting file a photograph, as it was not taken by a camera. You can't call 3D renders photographs either, as once more they were not taken by a camera. If they had said "unlimited image storage", you'd have a point.

Re:

[radarskiy]

Since it is impossible to make a product impervious to aggressive jackasses with surpluses of free time in perpetuity, you have just eliminate the possibility of any product existing ever.

Re:

[Ecuador]

Oh, come on, consumers are furious when they get caught in a small technicality and now you are suggesting that it's Amazon's fault for not thinking "unlimited photos" can also mean "unlimited data posing as photos"? I mean, if somebody was storing many TB of their actual photos Amazon would have no right to say anything based of their promise, but this is not the same thing.

I've seen this before. I have a Kindle Keyboard which came with a nice little perk: it has a browser (experimental, very simple) and w

Re:

[urdak]

This is why we can't have nice things.

This is why Marketing shouldn't promise things that they can't deliver. They should know that "unlimited" has a specific meaning and if they don't mean it, they shouldn't promise it.

If they promised storing an unlimited number of photographs, it doesn't mean they need to promise that each photograph can be of unlimited size. The number of people who have 1 GB bona-fide photos is vanishingly small, and Amazon is of no obligation to serve them.
However, the next step from "abusers" would be, of course, to store huge files as many separate photos on Amazon.
But I'm not sure why "unlimited" is the point here. If they did limit it to 15 GB (like Google drive's free storage), the abusers could

Re:

[Anonymous Coward]

If your neighbor lets you store your go kart in his garage, it does not mean you get to park yours and the wife's mini vans in there as well.

BOOM. Car analogy :)

Re:

[amiga3D]

If you can make it look like a go kart I'd imagine you could get by with it.

Re:

[dave420]

If the two minivans took up the same space as a go-kart, sure. As we are talking about two minivans and not a go-kart, your point is rather specious.

Re:

[mark-t]

Except he was not talking advantage of the service as advertised, he was taking advantage of the fact that binary data can be encoded into something that looks like a photo to software, and using a service that was supposed to only be used for photos to host arbitrary data.

Now if they had offered unlimited storage for any data, you'd be right

Re:

[JesseMcDonald]

taking advantage of the fact that binary data can be encoded into something that looks like a photo to software

Not just to software; the encoding looks like a photo to humans, too. It may not be a stunning landscape or an entrancing self-portrait, but even a photo of pure noise is still a photo.

Re:

[tnk1]

I would be amused if they implemented a check for this and then simply said, "we're sorry, it appears your image was very large and might have been corrupted during upload. Please check your file and try again "

Re: This is why

[tburkhol]

I don't think this would be too hard to implement. If they compress the images before storing, they can just reject any "image" that fails to compress beyond some threshold. They wouldn't even necessarily need to do any screening: use a slightly lossy compression algorithm, images wouldn't look any different, but data would be useless.

Re:

[Applehu Akbar]

You could try claiming that your file is the Raw format for some limited-edition camera they have never heard of.

Re:

[JazzLad]

Anyone who touches my images without my express permission is going to have a problem. Not all of us are using camera phones. Now if they compress it to see if it can be compressed and then delete their copy, yeah, sure, that's fine - don't touch my originals.

Re: This is why

[Anonymous Coward]

They offered storage for photos. Data disguised as a .bmp file is not a photo. That's abuse.

Re:

[dave420]

Image != photo. So no. They are not photos, but images of pure static, as you admitted.

Re:

[spire3661]

Since you insist on playing a stupid semantic game, please define your terms and then compare and contrast the difference between and image and a photo as it relates to the discussion at hand.

Re:

[MobileTatsu-NJG]

Abuse happens when you go way out of your way to test their boundaries. Think about that a bit the next time you complain about things like drone registration.

Re:

[spire3661]

While i agree with you in the practical, i disagree in principal. Part of being human is forcing authority to show its hand to see the limits of its force. How authority responds to that is an indication of the type of society you are living in. You can only swing the Hammer of the State so hard. Finding out how hard the State will actually swing it is dangerous, but important work. For the record i think the Drone registration is an INCREDIBLY heavy handed approach and will instill fear and doubt more than

Re:

[Fwipp]

It's more like they took all your pots & pans, telling you they were going to grind them up later because they're iron-deficient. "But you said I could have all the food I wanted!!"

Re:

[Nutria]

If I told my friend they were welcome to the food in my kitchen, that would obviously mean they were welcome to cook themselves a meal at my house

No, it's not obvious.

not that they were welcome to take all my food instead of buying their own groceries.

That's exactly what (you are) welcome to the food in my kitchen means.

Re:

[Albanach]

That's exactly what (you are) welcome to the food in my kitchen means.

I'm guessing you don't have many friends. Over the years I have told countless people that they are welcome to the food in the fridge or kitchen. Not one has interpreted that as meaning they are welcome to leave the pantry empty.

Re:

[Nutria]

We, as humans dealing with other humans, assume that they will act with a modicum of sense. But there are a jillion leeches out there who don't, so it's no one's fault but ours for saying (you are) welcome to the food in my kitchen instead of the just-as-friendly you're welcome to a meal in my kitchen.

And businesses love screwing people over with fine print, so they deserve every bit of screwing over that they get from non-existent fine print.

Re:

[rmdingler]

I said that today in our local purveyor of news print.

Somehow, our city had run Uber out of town, so that we can now be delivered here, but not from here.

This is the adult world scenario where one guy asses it up for all the guys.

Oblig: Yes. In this statistical example, girls are guys, too.

Re:

[JoeMerchant]

.bmp, .png and most any other lossless image format being auto-translated to .jpg in 3...2...1....

Re:

[mark-t]

They can't forbid me from uploading images.

One way that immediately comes to mind is that they could limit the service to jpgs only, and only respect jpgs that use at least some lossy compression, which would be useless for storing any binary data with fidelity.

Also, they could discontinue the service as a free one entirely.

The options they have for forbidding you from uploading are far greater than the options you have for trying to get around them.

Re:This is why

[ImprovOmega]

There are absolutely ways to stash file data in lossy compressed JPG files. You just have to have some knowledge of the file structure to know what bits are less significant and will mess up the file less. I personally wrote a steganography tool for JPEG-2000 files for a graduate school project - it just stored data in the least damaging sections of the file. The resultant files were still perfectly legal image files, lossy compressed, and minimally visually damaged.

Now if Amazon were to *transcode* every submission then you would be boned. But that would eat up a fair amount of overhead in processing time.

Re:

[mark-t]

Now if Amazon were to *transcode* every submission then you would be boned. But that would eat up a fair amount of overhead in processing time.

Overhead, yes. But not a substantial amount if only very simple mechanisms are used. It can probably be encoded about as fast as it is being uploaded.

Re:

[notsoclever]

You can also just store the data in a less-efficient way using QR codes or other such encodings that allow you to recover the data from the patterns of the pixels. And you can split large data files up into many many smaller chunks, and even store the index for the chunks in another image file.

Re:This is why, because y has a long tale

[TheRealHocusLocus]

I personally wrote a steganography tool for JPEG-2000 files for a graduate school project - it just stored data in the least damaging sections of the file. The resultant files were still perfectly legal image files, lossy compressed, and minimally visually damaged.

Kudos for the hands-on. I was fascinated some years ago with progressive GIF overlays and coded some stuff to produce them, not so concerned with stenography and hiding the presence of a message, but more with novel ways of presentation.

One example was embedding a public key into a GIF image. Starting with a standard base image and palette that was the same for everybody, like a shiny golden key floating over a smooth blue gradient... the key bits encoded as a series of overlays that when displayed, made th

Re:

[AmiMoJo]

You can actually just append data to a JPEG file and it will still open in most apps.

As for transcoding, if they are storing the images losslessly (they support BMP and PNG) then transcoding shouldn't hurt the data stashed this way.

Re:

[mark-t]

Obviously they were not previously doing any lossy transcoding or else this would not have worked at all. However, if they are going to continue to offer the unlimited photos service for free, they will have to do something to that effect to prevent future abuse, and explicitly warn users that picture quality may be slightly degraded, and to not use the service where any requirement for pixel-perfect fidelity exists

Re:

[darkain]

You mean the same way that EXIF data is stored???

Re:

[superwiz]

If they don't do actual manipulation of the images themselves, then you can always put any data you want in the payload parts of the file.

Re:

[xeoron]

I don't know about you, but most of the Prime stuff I order comes UPS or FedEx Ground or via USPS that FedEx or UPS gave to them. They don't send all things 2 day air, thus saving them a lot of money, on top of that huge discounts they get from the carriers due to their shipping volume.

Re:

[dave420]

But they have expressly forbidden it, as the service is for photos not images. If there was no camera involved in the production of the image, it's not a photo. They are not to blame for you not understanding the difference between "image" and "photo".

Re:

[Bert64]

And cause users to use inefficient steganography instead, thus using even more data...

YDKK

[turkeydance]

almost a Japanese Zipper: YKK

Viddler Account

[retroworks]

My org had dozens of videos housed at Viddler.com's "free hosting" while it lasted. Viddler had trouble being free a couple of years ago and sent a big bill we couldn't pay. When we asked were our videos deleted, Viddler tech support said they existed... somewhere... in Amazon.

Timothy's Revenge

[Nethead]

First the article with the luser asking help desk question and now this with the link in Japaneses.

I think that with the new overlords Timothy has gone full honey badger on us.

Re:

[mysidia]

For all I know.... if there is a download link; it's a malware bait.

Re: Timothy's Revenge

[bill_mcgonigle]

timothy has been trolling you guys hard for years. You feed him every. single. time. and sell ad impressions for him while doing so. No wonder the new boss decided to keep him on - his click rate must be fabulous by now with highly refined trolling techniques.

Re:

[Nethead]

Yeah Bill, some advice from someone that waited until Thursday to sign up for an account unlike those of us that saw the future and signed up on Tuesday back 18 years ago!

I agree totally with what you say, but, like me, you are still in the comments here. We are both sad bastards. Can I buy you a drink sometime?

Re:

[Nethead]

Okay, the preview showed the "snark" tag that I put on the first line but the published one didn't show that. Now I look like an asshole. Damn you to hell slashcode!

I wrote about this possibility last year

[bsmuir]

Here is my research...

Steganography & Amazon Cloud Drive:

http://bsmuir.kinja.com/stegan... [kinja.com]

Tivo style broadcast data encoding?

[swb]

Tivo used to distribute some data at night on a TV channel. I caught it one night in a fit of insomnia, it looked like a video stream comprised of QR codes. I'm guessing the Tivo box recorded it and then decoded the full frames and then stored whatever the data stream was.

Like QR codes, the "data" would seem fairly impervious to scaling and resampling provided that the "bits" or white/black blocks were large enough to survive downsampling. You wouldn't really care if they converted them to compressed ima

Too complicated

[mariushm]

Seems quite complicated.

If Amazon doesn't convert the images, he could just upload a PNG file with a lot of information stored in ancillary chunks... the png specification even allows creating custom/developer chunks which should be ignored by any parser that doesn't understand them (for compatibility with future versions of the standard)

For example, just abuse the hell out of iTXt or zTXt chunks in the format : http://www.libpng.org/pub/png/... [libpng.org]

For private chunks, see this bit : http://www.libpng.org/pub/png/... [libpng.org]

same data 1 year later?

[pz]

Back in the day, when I worked as a dev at a social networking site, we would resample old photos that hadn't been accessed in over some threshold (let's say it was 1 year, for the sake of argument). Anything older than the threshold would get re-encoded in JPEG to a poorer representation in order to save storage space.

So what stops Amazon from doing the same thing? Do their TOS say they won't?

Non-image data under those circumstances become pretty much useless, even if packaged so that they appear to be an image of off-station TV reception. Once you include a lossy recompression, your data are no longer data, but noise for real.

Obligatory

[U2xhc2hkb3QgU3Vja3M]

Japanese user YDKK has developed a tool to store arbitrary data inside a .bmp file, which can then be uploaded to Amazon's service.

Do you want new terms of service? Because that's how you get new terms of service.

Unlimited files for $60/yr

[pz]

If you take the trouble to read through Amazon's TOS, and click to their actual rates, you can buy unlimited storage for photos, videos, AND ARBITRARY FILES for only $60 per year. Not only that, but Prime gets you 5 GB of videos and non-photo files for free.

Going through all the hassle of specially encoding your data files so that they masquerade as photos seems like a heapload of time better spent earning $60 so that you don't have the long-term headaches and potential for being banned from Amazon's service that such abuses flirt with. You want a real backup service? Buy it, it isn't expensive.

Backblaze, a darling of Slashdot, is only $50 per year. It isn't worth the hassle or time to beat the system for such low prices. Amazon Glacier is $0.007/GB/month. Both systems offer encrypted storage. Why work hard when someone else has done the figuring out for you?

Re: Unlimited files for $60/yr

[Anonymous Coward]

Yup, I have over 650 gigs (and growing) of 3d 1080p home videos. If my house catches fire or I'm robbed I won't lose them.

I don't get that kind if throughout though. Uploading 50 gigs of videos takes overnight and a lot of that time is a mysterious delay between the video uploads themselves. I'm guessing the glacier service can't save them fast enough and I have to wait for them to save entirely before I can move to the next video.

Re:

[jabuzz]

One might argue that if ones house burnt down then ones insurance can pay for the cost of recovering from Glacier.

Re:

[account_deleted]

Comment removed based on user account deletion

This is how cheaters think

[Theovon]

I teach graduate CS courses at a university, and we get the occasional cheater. Sometimes, the cheating is blatant three students just turned in exactly the same work. However, there are occasions where we suspect cheating, but they did a good job of disguising it. Of course, they do poorly on exams. If those students would spend their time and energy on learning the material, they would learn something and get a good grade.

Re:

[AmazingRuss]

That sounds kind of cool too.

Compression

[mejustme]

Just wait until they turn on their automatic convert-to-low-quality-JPEG functionality. :) All your .BMP files will be converted to 400 KiB .JPG files. Hope your executable is OK with lossy compression.

A friend of mine did something similar

[hackertourist]

to get around an overbearing corporate firewall that forbade not only executables, but archives containing executables as well. In order to be able to e-mail new versions of a program that the overbearing company had bought, he wrote a program that packed the .exe code in a BMP file.

I thought we already had this ability?

[wardrich86]

I thought we could already do this? I remember hiding .rar archives in .jpg images. Is Amazon able to detect this magic?

Re:

[hawguy]

A better tool would be to split the data among smaller files. A 1.44 GB BMP is sure to attract attention. 1440 one MB jpegs isnt. Am I right? Peeps?

I think it's easier to validate that a JPG file is really a JPG than a BMP, or at least it's harder to store arbitrary data in a JPG and still have it decodable as a JPG.

So just store the data as 1 MB BMP's or TIFF's.

Re:

[mysidia]

I think it's easier to validate that a JPG file is really a JPG than a BMP

You can start with a real image, then modulate the pixels by the data.

Also, you can make it a lossless JPEG.

I think the reason to just use BMP is because it's less processing and computing time required (More efficient, and less space will be wasted too).

Re:

[Blaskowicz]

What a pain it was to convert a BASIC game from bottom-up to top-down. In the end that game never worked on my computer anyway. Should have gone for a rewrite :)

Re:

[dmbasso]

Wrong, that should be 1000 x 1.44MB BMPs. At least then they could say "they're floppy disk images!"

Re:

[quenda]

My floppy disks only hold 360K, you insensitive clod.

Re:

[rmdingler]

Yes. Millions of Slashdotters are literally shutting down internet communication as we know it while spreading the news... and eating hot grits off'n the Portman.

Re:

[bobbied]

Google translate is your friend..... Well... Ally.... Um... Ok.. Go learn your Japanese.

Re:Another new low for Slashot

[U2xhc2hkb3QgU3Vja3M]

I don't read Japanese, I just look at the cartoon drawings of school girls being super-friendly with the tentacle monsters.

Re:

[gnupun]

Isn't it time ISPs started offering symmetric speed DSL? Then we could upload/download those photos through our own home servers without needing the privacy-invading cloud servers. With the current pathetic upload speeds in most home DSL plans, it's difficult to download anything big from a home server.

Re:

[Blaskowicz]

It is available if you don't mind it being a symmetric 2 Mbps, or "up to" 5 Mbps.
Bond four phone lines if you can afford it, but that's some hundreds euros/dollars a month.

Too damn expensive. If you can get cable internet that's highly asymmetrical but with 3 Mbps upload, that wouldn't be bad.
We just need fiber, alas fiber suffers from what I'd call the "last 100 meters problem", not just the last mile problem. As a society we're too cheap to wire the flats and homes themselves even though there is fiber lu

Re:

[bobbied]

And it's going to be pretty easy to figure out how to tell the difference between an image and something else... If Amazon starts to have space problems, you can bet they will be quick to find and delete such junk...

Re:

[baegucb]

Amazon: your 1.44 GB files don't seem to be photos, and violate TOS. So we deleted them. I'm sorry, they were your only backups? Oh, you are right, a movie is a series of photos. And they were of you and your girlfriend? We'll try and recover them and we will all try to determine if they violate the TOS.

Re:

[bobbied]

Oh there are things in an image that you won't see in some data stuffed into an image container. It's not that hard, a little time consuming and processing intensive perhaps, but not that bad. Consider that they only really need to find that 1-2% who are doing this, abusing their terms of service and just toss them, one could even do it manually for awhile... Hire a bunch of folks to look at a "picture" and tell me if it's really a picture... Heck, make it a CAPTCHA task... Just start with the biggest fi

Re: This is why we can't have nice things.

[LordKronos]

And they've already got a way to do so cheaply
https://www.mturk.com/mturk/we... [mturk.com]

Re:

[JoeMerchant]

Consider that they only really need to find that 1-2% who are doing this

I think you overestimate the geek potential in the world... sure, maybe 1-2% of their users _could_ muster the technical skills to make this happen, but of them, I doubt even 1% would bother - putting the true abuse rate down around 1/10,000 or more.

Re:

[jrumney]

1) It's a BMP file. No genuine photos use BMP as a primary format.
2) Its huge. Bigger than is reasonable with any available consumer or professional camera.

In this case, it is trivially easy to write software to distinguish this "hack" from genuine photos.

Re:

[dudpixel]

That's interesting. I wonder if that's why Google offers unlimited photo storage but at lower res?

Re:

[bazmail]

Link or it didn't happen