V2 mode uses 8 zero-width Unicode characters (3 bits per symbol), producing the shortest payload. Best for most platforms.
Try an example:
The cover text is visible to everyone. Your secret is hidden inside it as invisible zero-width Unicode characters.
0 chars
Keep it short — longer messages create more zero-width characters, increasing detectability
Add passphrase layer (XOR obfuscation on top)
The receiver must enter the same passphrase to decode
Result
Encoded message will appear here.
Paste any text to reveal hidden messages inside it.
Zero-width characters are completely invisible — you can't tell by looking. Try one of these pre-encoded examples:
The text will look completely normal even if it contains a hidden message
Message was encoded with a passphrase
Hidden Message
Decoded message will appear here.
.txt & .md
.html & .xml
.csv
{} .json
100% client-side
Drop a text file here or click to browse
.txt · .md · .html · .xml · .csv · .json
This ID will be invisibly embedded throughout the file. Keep it unique per recipient or distribution copy.
Drop the file to inspect or click to browse
.txt · .md · .html · .xml · .csv · .json
How Zero-Width Steganography Works
What is zero-width steganography?
- A technique for hiding secret messages inside ordinary visible text
- Uses invisible Unicode characters — zero-width spaces, joiners, and separators
- Unlike encryption, it hides the existence of a message, not just its contents
- The cover text looks and reads completely normally to any human reader
V2 vs Binary mode
- V2 (default): uses 8 zero-width chars — 3 bits per symbol, shorter payload
- Binary: uses only ZWSP (U+200B) and ZWNJ (U+200C) — 1 bit per symbol
- Binary payloads are 4× longer but survive aggressive Unicode stripping (e.g. some SMS gateways, aggressive sanitisers)
- Always use the Round-Trip test to verify your target platform before relying on either
Platform compatibility
- Twitter/X and Facebook strip zero-width characters — messages will be lost in both modes
- WhatsApp may strip some rarer chars — Binary mode is safer here
- Email, Telegram, Discord, and plain text files generally preserve all ZW chars
- Use the Round-Trip test to verify any platform before relying on it
Good use cases
- Hiding watermarks in shared documents to track leaks
- Easter eggs in web pages, GitHub READMEs, or blog posts
- Puzzles and alternate reality games (ARGs)
- Learning about Unicode, text encoding, and digital steganography
Passphrase obfuscation layer
- The optional passphrase applies XOR obfuscation to the message bytes before they are encoded as zero-width characters
- Without the matching passphrase, decoding produces garbled output — the hidden message is unreadable even to someone who knows steganography is present
- XOR obfuscation is not cryptographic encryption and should not be treated as such — it adds obscurity, not security
- For genuinely sensitive content, encrypt with GPG or AES-256 first, then encode the ciphertext here with a passphrase on top
Zero-Width Steganography — Frequently Asked Questions
Is zero-width steganography secure?
- No — it's obfuscation, not encryption. Pasting into any decoder reveals the message.
- For real security: encrypt with GPG or AES first, then hide the ciphertext here.
- The optional passphrase adds XOR obfuscation but is not cryptographically strong.
Which Unicode characters are used?
- V2: ZWSP (U+200B), ZWNJ (U+200C), ZWJ (U+200D), Word Joiner (U+2060), Invisible Times (U+2062), Invisible Separator (U+2063), Invisible Plus (U+2064), BOM/ZWNBS (U+FEFF)
- Binary: only ZWSP (U+200B = bit 0) and ZWNJ (U+200C = bit 1) — the most universally preserved pair
How do I decode a steganography message?
- Paste the text into the Decode tab above. Use Auto-detect mode and StegZero's decoder will automatically find and extract any hidden zero-width Unicode message — both V2 and Binary formats.
Is my data sent anywhere?
- No. Everything runs in your browser via JavaScript.
- No text is ever sent to a server — not even anonymised telemetry.
- The full source code is open on GitHub for independent verification.
How does file watermarking work?
- The watermark ID is encoded as zero-width characters using the V2 engine
- Characters are distributed across safe text positions — avoiding JSON values, CSV numbers, etc.
- The original file content is completely unchanged — only invisible characters are added
- Upload a suspected leaked copy to the Verify pane to instantly extract the watermark ID
Can StegZero decode Steghide files?
- No — Steghide is an image and audio steganography tool that hides data inside JPEG/BMP/WAV files. StegZero handles text steganography using invisible Unicode characters.
- If you have a Steghide-encoded image, you need the
steghidecommand-line tool or a dedicated image steg decoder — not StegZero. - If you have text that looks normal but may contain a hidden message, you're in the right place — paste it into the Decode tab above.
- Other tools StegZero doesn't cover: Snow (whitespace steganography), OpenStego, and MP3Stego.
How to decode a hidden text message
- Step 1: Copy the text you suspect contains a hidden message — it will look completely normal
- Step 2: Click the Decode tab above and paste the text into the input field
- Step 3: Click Decode — StegZero auto-detects V2, Binary, and legacy formats
- Step 4: If the message was encoded with a passphrase, toggle the passphrase option and enter it before decoding
- Use the Detect tab to check whether any zero-width characters are present before decoding