Text Steganography Hider
Hide secret messages or watermarks in plain text using Unicode homoglyphs, trailing whitespace (SNOW-compatible), Unicode spaces, or inter-word spacing. AES-256-GCM encryption + Reed-Solomon error correction. 100% client-side.
Paste Your Cover Text
The visible text your recipient will read. Your secret message is invisibly embedded inside it using whitespace or character substitution.
Cover text length determines capacity. Longer = more hiding capacity. Use a natural-looking excerpt — news articles, Wikipedia paragraphs, or email text. The tool calculates capacity based on your chosen method.
🔒 Runs locally — your text never leaves your device
How to Hide a Message in Plain Text (5 steps)
- Paste your cover text — the visible text that people will actually read
- Enter your secret message or upload a file — optionally encrypt with AES-256-GCM
- Choose your encoding method (Homoglyph for best stealth, Trailing Whitespace for SNOW compatibility) and your target platform
- Run the Robustness Test to confirm your watermark survives your target platform's transformations
- Download — the output text looks identical but carries your hidden payload with optional error correction
Text Steganography Methods — Stealth vs Compatibility
| Method | Technique | Platform Compatibility | Best For |
|---|---|---|---|
| Unicode Homoglyph | Substitutes Latin letters with visually identical Cyrillic/special Unicode chars (a→а, e→е, o→о) | High stealth — survives copy-paste, survives PDF export; destroyed by NFC normalization | Best stealth, leak detection, enterprise watermarking |
| Trailing Whitespace (SNOW) | Appends spaces/tabs at end of each line. SNOW-compatible — decodable by standard stegsnow tool | Stripped by Gmail, GitHub — survives plain text, PDF, file transfer | CTF challenges, SNOW-compatible files, plain text files |
| Unicode Whitespace | Replaces ASCII spaces with Unicode thin/hair/en/em spaces (4 variants = 2 bits per space) | Survives Gmail, Google Docs — stripped by Outlook Unicode normalization | High capacity, email/docs platforms |
| Inter-Word Spacing | Encodes data by using single space (bit 0) or double space (bit 1) between words | Stripped by Google Docs autocorrect — survives plain text, most email clients | Simple, human-readable method for plain text environments |
| AES-256-GCM Encryption | PBKDF2 (100k iterations) + random salt + 12-byte IV. Payload encrypted before embedding | +44 byte overhead | Add password to make payload unreadable even if extracted |
| Reed-Solomon Error Correction | RS-10/20/30 — adds XOR parity shards to recover from partial text corruption | +11–43% overhead | Watermarks that must survive partial editing or OCR processing |
Frequently Asked Questions
What is the difference between this tool and the Invisible Text Hider?
The Invisible Text Hider uses zero-width Unicode characters (completely invisible, zero width). This tool uses structural methods — modifying whitespace patterns and substituting visually identical letters (homoglyphs). Structural methods survive across more platforms and are harder to detect without specialized tools, but they do not work in all contexts.
Which method has the best stealth?
Unicode Homoglyph substitution — it replaces Latin characters with visually identical Cyrillic and special Unicode characters. The text reads and renders identically in virtually all fonts. It survives copy-paste, PDF conversion, and most platform normalizations. The only risk is NFC Unicode normalization, which some databases and messaging systems apply. The Robustness Test will warn you if your target platform uses NFC.
Is this SNOW-compatible?
Yes. The Trailing Whitespace method is 100% compatible with the standard stegsnow tool — you can encode a message here and decode it with `stegsnow -C file.txt` on Kali Linux, and vice versa. Enable AES-256-GCM encryption here if you need stronger encryption than stegsnow's ICE cipher.
How does per-recipient batch watermarking work?
You provide a list of recipients and a master secret. For each recipient, the tool uses HMAC-SHA-256 to derive a unique 64-bit ID. That ID plus the recipient name is embedded as the hidden payload. All documents look identical. If one leaks, paste it in the decoder — it extracts the ID and tells you exactly which recipient it came from.
What does Reed-Solomon error correction do?
It adds redundant parity data to your payload so that even if part of the text is edited or corrupted, the decoder can reconstruct the full payload. RS-10 survives 10% data loss, RS-20 survives 20%, RS-30 survives 30%. Recommended for homoglyph watermarks that might be partially overwritten.
Does the output text look different?
No. For homoglyph and whitespace methods, the text appears pixel-for-pixel identical when rendered in any standard font. Trailing whitespace is invisible. Double spaces between words may be slightly noticeable if someone looks very carefully, but appear normal in most reading contexts.
Will this survive sending through Gmail?
Depends on method. Homoglyph and Unicode Whitespace survive Gmail. Trailing Whitespace is stripped by Gmail. The Platform Selector shows method compatibility per platform, and the Robustness Test simulates each transformation before you send.
Is my text uploaded anywhere?
Never. All encoding runs entirely in your browser using pure JavaScript string operations and the Web Crypto API. Your text never leaves your device.