Neat little experiment! Delays between packets are not normally logged, so detecting this would be a challenge - any ideas of the best way to detect this sort of channel?
Interesting side note: If I recall correctly, a variant of this can be used to de-anonymise Tor connections if you have visibility over the entry and exit connections. Measure time and size relationships between packets and look for corresponding matching ones at the other end. Not 100% accurate, but with lots of connections it builds in confidence.
In theory the person running this protocol can just calibrate their settings until they are comfortably flying under the radar. You could make the "messages" less frequent which means someone trying to log the traffic will consume more bandwidth (increase the cost to log it) & tweak the algorithm to make it consume more CPU to decode/encode (making it difficult to "try" all the combinations of traffic to see if they happen to decode into something that matches a heuristic for a hidden message). Given a sufficiently large enough amount of "cover" bandwidth to hide in, and assuming your message is sufficient small, you'd be impossible to detect. Pretty brilliant.
Maybe the vibrations of our universe in "string theory" are some sort of message, too ;)
Interesting side note: If I recall correctly, a variant of this can be used to de-anonymise Tor connections if you have visibility over the entry and exit connections. Measure time and size relationships between packets and look for corresponding matching ones at the other end. Not 100% accurate, but with lots of connections it builds in confidence.