Author: Daniel Kahn Gillmor Date: To: intrigeri, anon, The Tails public development discussion list Subject: Re: [Tails-dev] steghide
On Mon 2020-10-26 08:39:06 +0100, intrigeri wrote: > At this point of the conversation, I would recommend users for whom
> this matters a lot to install their preferred steganography tool
> by hand (without Additional Software) whenever they need it, so that
> it leaves no traces and such attackers are left with no clue
> about potential steganography usage, and which tool could be used.
A counterargument would be that if tails were to include it by default,
any tails user *could* use it without needing to do any extra work (or
even to figure out how to install it by hand "so that it leaves no
traces", which is not necessarily a simple job, as i'm sure everyone who
works on Tails knows).
That doesn't really tell the attacker who is concerned about
steganography *whether* steghide is in *use* in a given system, and i'd
imagine any attacker who suspects steganography is in use on a tails
system would guess that the approaches available in the debian archive
are a reasonable thing to try anyway.
I'm a bit dubious about steganography anyway, so i don't really have a
side i'm strongly aligned with in this question. But i'll say that the
thing that Tails has done (and continues to do) is to make an OS where
the user *doesn't* need to know all kinds of fancy details to hide their
tracks. That's a real contribution, and if we think that steganography
is a useful part of that toolkit, then it seems like having sensible,
usable steganography tools easily available is sort of in the same vein.
This message was posted to the following mailing lists: