That's true. I guess that in this case, your best bet is (assuming you don't have something so illegal to hide, that they do want to expend large amount of resources on you) to just go security by obscurity, and have some kind of obscure custom steganography that's not widely used.
And for PGP - I though that there's a difference between signing and encrypting a message, and when you only encrypt and don't sign, they can't attribute the message to you, assuming they don't have your private key or the original plaintext? Or is it possible to attribute a encrypted message using only public key and cyphertext?