Table of Contents
Fetching ...

StegoStylo: Squelching Stylometric Scrutiny through Steganographic Stitching

Robert Dilworth

TL;DR

The paper addresses privacy risks in stylometry and proposes adversarial stylometry with steganography to obscure authorship. It strengthens the TraceTarnish framework with modular enhancements (synonym substitution, privacy-oriented translation) and evaluates zero-width steganography to obfuscate stylistic fingerprints. Empirical results using the stylo imposters() workflow show that targeted injections can shift verification scores across decision thresholds, with obfuscation achievable at $33%$ coverage and diminishing returns beyond $77%$. The work highlights serious privacy implications and argues for defensive measures to empower vulnerable writers while acknowledging the dual-use nature of stylometry. Overall, it provides a roadmap for both exploiting and defending against stylometric analysis in the wild.

Abstract

Stylometry--the identification of an author through analysis of a text's style (i.e., authorship attribution)--serves many constructive purposes: it supports copyright and plagiarism investigations, aids detection of harmful content, offers exploratory cues for certain medical conditions (e.g., early signs of dementia or depression), provides historical context for literary works, and helps uncover misinformation and disinformation. In contrast, when stylometry is employed as a tool for authorship verification--confirming whether a text truly originates from a claimed author--it can also be weaponized for malicious purposes. Techniques such as de-anonymization, re-identification, tracking, profiling, and downstream effects like censorship illustrate the privacy threats that stylometric analysis can enable. Building on these concerns, this paper further explores how adversarial stylometry combined with steganography can counteract stylometric analysis. We first present enhancements to our adversarial attack, $\textit{TraceTarnish}$, providing stronger evidence of its capacity to confound stylometric systems and reduce their attribution and verification accuracy. Next, we examine how steganographic embedding can be fine-tuned to mask an author's stylistic fingerprint, quantifying the level of authorship obfuscation achievable as a function of the proportion of words altered with zero-width Unicode characters. Based on our findings, steganographic coverage of 33% or higher seemingly ensures authorship obfuscation. Finally, we reflect on the ways stylometry can be used to undermine privacy and argue for the necessity of defensive tools like $\textit{TraceTarnish}$.

StegoStylo: Squelching Stylometric Scrutiny through Steganographic Stitching

TL;DR

The paper addresses privacy risks in stylometry and proposes adversarial stylometry with steganography to obscure authorship. It strengthens the TraceTarnish framework with modular enhancements (synonym substitution, privacy-oriented translation) and evaluates zero-width steganography to obfuscate stylistic fingerprints. Empirical results using the stylo imposters() workflow show that targeted injections can shift verification scores across decision thresholds, with obfuscation achievable at coverage and diminishing returns beyond . The work highlights serious privacy implications and argues for defensive measures to empower vulnerable writers while acknowledging the dual-use nature of stylometry. Overall, it provides a roadmap for both exploiting and defending against stylometric analysis in the wild.

Abstract

Stylometry--the identification of an author through analysis of a text's style (i.e., authorship attribution)--serves many constructive purposes: it supports copyright and plagiarism investigations, aids detection of harmful content, offers exploratory cues for certain medical conditions (e.g., early signs of dementia or depression), provides historical context for literary works, and helps uncover misinformation and disinformation. In contrast, when stylometry is employed as a tool for authorship verification--confirming whether a text truly originates from a claimed author--it can also be weaponized for malicious purposes. Techniques such as de-anonymization, re-identification, tracking, profiling, and downstream effects like censorship illustrate the privacy threats that stylometric analysis can enable. Building on these concerns, this paper further explores how adversarial stylometry combined with steganography can counteract stylometric analysis. We first present enhancements to our adversarial attack, , providing stronger evidence of its capacity to confound stylometric systems and reduce their attribution and verification accuracy. Next, we examine how steganographic embedding can be fine-tuned to mask an author's stylistic fingerprint, quantifying the level of authorship obfuscation achievable as a function of the proportion of words altered with zero-width Unicode characters. Based on our findings, steganographic coverage of 33% or higher seemingly ensures authorship obfuscation. Finally, we reflect on the ways stylometry can be used to undermine privacy and argue for the necessity of defensive tools like .
Paper Structure (8 sections, 6 figures, 1 table)

This paper contains 8 sections, 6 figures, 1 table.

Figures (6)

  • Figure 1: The structure of our paper, wherein the text has been compromised through the application of TraceTarnish.
  • Figure 2: A screenshot of our IDE showing the scenario's corpus alongside the adversarial and clean samples processed with the stylo package's imposters() function; the resulting authorship-verification scores lend credence to our attack, demonstrating its validity within the adversarial stylometry domain.
  • Figure 3: The output of the stylo package's imposters() function showing the inverse setting--here the clean sample is used as the test text, whereas in the previous figure the adversarial sample served that role.
  • Figure 4: The sample texts comprising our new corpus assess injection optimality, addressing the questions: at what point does injection become effective, and what is the minimal degree of injection needed to achieve authorship obfuscation?
  • Figure 5: The imposters()'s results for our injection-optimality experiment.
  • ...and 1 more figures