How to Hide Text in an Image: LSB Steganography Explained
To hide text in an image, open the free Steganography Tool, upload a carrier photo, type your secret message, and click Encode & Download. The tool rewrites the least significant bit of each pixel to carry your message and outputs a PNG that looks identical to the original. To read it back, switch to Reveal mode and upload the encoded file. Encoding and decoding both run 100% in your browser.
What is steganography?
Steganography is the practice of hiding a message inside another file so that only someone who knows to look can find it. Where encryption scrambles a message but advertises that a secret exists, steganography hides the very existence of the message. The word comes from the Greek steganos (covered) and graphein (to write), and the technique predates computers by centuries: invisible ink, microdots, and null ciphers are all steganography.
Digital images are the perfect modern carrier because they contain millions of pixels, and tiny changes to pixel values are invisible to the human eye.
How LSB steganography works, bit by bit
Every pixel in an RGB image stores three numbers between 0 and 255, one each for red, green, and blue.
In binary, 255 is 11111111. The rightmost bit is the least significant bit
(LSB): flipping it changes the channel value by exactly 1, an imperceptible difference.
An LSB encoder converts your message to binary (for example, the letter A is
01000001) and writes those bits, one at a time, into the LSB of successive pixel
channels. Eight channels carry one character. A modest 1000×800 photo has 2.4 million channels, which
is room for roughly 300,000 characters, an entire novel chapter inside one holiday snapshot, with zero
visible change.
Decoding reverses the process: read the LSB of each channel in order, group them into bytes, and convert back to text until the terminator marker appears.
Why the output must be PNG
This is the step that trips most people up. JPG compression is lossy: it re-encodes the image in frequency space and rewrites pixel values wholesale, which obliterates the least significant bits and the message with them. PNG compression is lossless, every pixel survives bit-for-bit. That is why the Privacy Pix steganography tool always exports PNG, and why you must never re-save or re-compress the encoded file before decoding. Watch out for messaging apps too: WhatsApp, Instagram, and most social platforms recompress images on upload, which destroys hidden data. Send encoded images as documents/files rather than photos.
Hide a message in a photo: step by step
- Pick a carrier image. Larger and busier is better; detailed textures hide statistical traces well.
- Open Hide mode in the steganography tool and upload the carrier.
- Type the secret message. Anything from a password hint to a full document (you can Base64-encode small files into text first with the Base64 converter).
- Encode & download. You get a PNG that is visually identical to the original.
- Verify. Switch to Reveal mode and upload your encoded PNG to confirm the message extracts cleanly before sending it anywhere.
Why doing this in the browser matters
Think about what a server-side steganography site sees: your carrier image and your secret message, together, attached to your IP address. That defeats the entire purpose. A client-side tool performs the bit manipulation in your browser's memory using the Canvas API; the message and the image never cross the network. This is the same privacy model as every tool on this site, from the EXIF remover to the privacy blur tool.
Legitimate uses for image steganography
- Invisible watermarking: photographers embed ownership claims that survive screenshots of the visible image.
- Leak tracing: distributing uniquely-marked copies of a document image reveals which copy leaked.
- Journalist and activist communication in environments where visible encryption draws attention.
- Digital dead drops: passing credentials or notes through public image hosts without flagging that a secret exists.
- CTF challenges and education: steganography puzzles are a staple of security competitions.
For a broader tour of the concept, including its history and detection (steganalysis), read the complete steganography guide.
Limitations you should know
Plain LSB steganography hides the message from casual observers, but it is not encryption. Anyone who suspects the image and runs an LSB decoder can read the text. For sensitive content, encrypt the message first and hide the ciphertext; then an extractor recovers only gibberish without the key. Also remember that image metadata can betray you independently of pixel data, so strip EXIF with the metadata remover before sharing a carrier image.
Try It Yourself
Hide a Message in an ImageFrequently asked questions
Can hidden text be detected?
Statistical steganalysis can sometimes detect that LSBs look "too random," especially with long messages in small images. Short messages in large, noisy photos are practically undetectable.
How much text fits in one image?
About one character per 8 color channels; a 12-megapixel photo can hold over 4 million characters in theory. In practice, keep messages short relative to image size to stay statistically invisible.
Does cropping or resizing destroy the message?
Yes. Any operation that changes pixels, resizing, cropping, filters, recompression, corrupts or destroys the hidden data. Encode as the final step, after all editing.
Is this the same as a visible watermark?
No. A visible watermark deters reuse; steganography hides information. Use the watermark tool for visible marks and steganography for invisible ones, or combine both.