> Because if they know your method, you can't hide anything
This is not accurate.
> If I am misinterpreting you, please give an example that fits your definition.
Here is an example:
One of the earliest and most popular methods of doing stego in the internet age is hiding messages in lossless images. Lets say you choose to hide messages in Asian pr0n pics (as opposed to Chinese spam :). You do this by changing the least significant bits (LSBs) in the image to your message.
Now, being new to stego you decide to directly put your message, "Bush is a wanker!", in plain text in the LSBs of the image. Going by our assumption that the attackers know your method, they know to look in every Asian pr0n pic you post to alt.binaries.pictures.erotica (a.b.p.e), and look in the LSBs for the message. And, lo and behold, they spot your message right off the bat. Ashcroft releases the hounds, and you are busted.
Five years later, after getting out of the hard labor camps, you are a little wiser, so you decide to encrypt your message with pgp first. You send off a few more Asian pr0n pics (APPs) with the LSBs containing your encrypted message to a.b.p.e. So, since the attackers know your method, they know to look in the LSBs of your APPs in a.b.p.e and they see your encrypted message. They don't know what it says, but your sending it is enough for them to throw you in jail for suspected terrorism (since we all know only terrorists use stego or crypto), and use rubber hose cryptoanalysis to get your encryption key out of you.
You swear to yourself that next time, you will hide the very existance of an encrypted message. While spending another five years in the gulag, you have a brainstorm that the way you can do this is to strip the telltale pgp header off of the encrypted message. That way, what will be left is "just noise". You write a program to do this, and call it StealthPGP. So, now, you know the drill: plaintext -> PGP -> StealthPGP -> LSB(APP) -> a.b.p.e But, they know your method, and so they know that even though the LSBs of the APPs in a.b.p.e. may look, to the untrained eye, like "noise", they can still do statistical analysis of that "noise" and compare it to the "noise" in the LSBs of the APPs that they took themselves (so that they know their source is pure). And, lo and behold, one of the APPs you sent to a.b.p.e. has a non-standard LSB signature. You must be hiding something. An honest citizen has nothing to hide. Off to the gulag you go!
Your time in the gulag is not wasted, however, and you come out determined to give it one last shot. This time you are going to make sure encrypted, stripped, LSBs of the APPs will be statistically and otherwise indistinguishable from the "ordinary" APPs seen in a.b.p.e. You do this by writing the SuperMegaTriStega program. So now we have: plaintext -> PGP -> StealthPGP -> SMTS -> LSB(APP) -> a.b.p.e. Now all the APPs you send to a.b.p.e. are indistinguishable in every way from "ordinary" APPs, even though they know your method. So you have won!
Of course, there is no SuperMegaTriStega program that can guarantee that a message that is run through it is completely statistically and otherwise indistinguishable from the data it is hiding in. It's always possible that some new stegoanalysis technique will be able to uncover some anomaly. But it's the ideal of indistinguishability that stego programs aim for.
[ Parent ]