FAQ

Privacy & Security

Does the recipient need to log into Nostr?

For posts (kind 1): No. They can use Detect on the image without logging in. For DMs (kind 4): Yes. DMs are NIP-04 encrypted; only the account you sent the message to can decrypt the content.

Do I need the network to receive content from an image?

No. Detect works entirely offline. The data comes from the image, not from Nostr relays.

Is my data stored on a server?

When you use local/offline mode, everything stays on your device. Relay sync is optional and only happens when you turn Network ON. The anonymous key (if you don't log in) is stored only locally.

Who can decrypt an embedded image?

• Open mode (any Stegstr user): Anyone with Stegstr can Detect and decrypt. The app uses a fixed derived key.
• Recipients mode: Only the listed pubkeys (and the sender) can decrypt. You must include your own pubkey if you want to open it later.

What if I'm not in the recipients list?

You'll get an error: "You are not a recipient of this stego image." Only people whose pubkeys were added when the sender chose recipients-mode can decrypt.

Compatibility

What image formats are supported?

Stegstr embeds only in PNG. The DWT-based steganography requires lossless data. JPEG and other lossy formats will corrupt the hidden payload. Avoid re-compressing or editing the image after embedding.

Can I use Stegstr images with other Nostr clients?

The stego format (DWT, magic, encryption) is Stegstr-specific. Other clients would need to implement the same decode logic. The events inside are standard Nostr events, so once extracted, they're compatible with any Nostr client.

Does it work on mobile?

Yes. The Android app in mobile-android/ supports full Detect and Embed flows, including recipients-mode encryption. iOS is not yet supported.

Can I crop or resize an embedded image?

Stegstr uses tile-based redundancy: the payload is repeated in 256×256 tiles. A cropped image may still decode if a full tile remains. Heavy cropping, resizing, or re-encoding can corrupt the data.

Technical

How much data can I hide in an image?

Capacity depends on image size. With DWT (3 bits per 2×2 block per channel), a 256×256 tile holds ~6 KB. A 1000×1000 image has multiple tiles; total capacity is roughly (w/2)×(h/2)×3 bits. Encryption and JSON add overhead.

What is DWT vs LSB?

Stegstr uses DWT (Haar 2D) steganography, not raw pixel LSB. Data is embedded in the LSB of wavelet coefficients (LH sub-band), which tends to be more robust and less visible. See How It Works.

Can images be detected as containing stego data?

DWT-based embedding can potentially be detected by statistical analysis. For casual use, the modifications are visually imperceptible. For high-security scenarios, consider the threat model and that the image format (PNG, size) may signal that stego is possible.

Why does the app need even-dimension images?

The Haar 2×2 wavelet requires even width and height. Stegstr automatically crops by one pixel if needed before encode/decode.

Usage

Can I embed for both "any user" and "specific recipients"?

You choose one mode per embed: either open (any Stegstr user) or recipients (specific pubkeys). You cannot combine both in a single image.

What happens to my local posts when I log in?

When you first turn Network ON after logging in, they are re-signed with your Nostr key and published to relays once. They then appear on Nostr. Local-only content before that stays in the app until you sync.

How do I add recipients when embedding?

In the Embed flow, select "Only these people" (or equivalent) and add Nostr pubkeys (npub or hex). Include your own pubkey if you want to open the image later on another device.

Getting Help

See the GitHub repository for issues, source code, and build instructions. Check How It Works and Nostr Integration for technical details.