On Mon 2020-10-26 08:39:06 +0100, intrigeri wrote:
> At this point of the conversation, I would recommend users for whom
> this matters a lot to install their preferred steganography tool
> by hand (without Additional Software) whenever they need it, so that
> it leaves no traces and such attackers are left with no clue
> about potential steganography usage, and which tool could be used.
A counterargument would be that if tails were to include it by default,
any tails user *could* use it without needing to do any extra work (or
even to figure out how to install it by hand "so that it leaves no
traces", which is not necessarily a simple job, as i'm sure everyone who
works on Tails knows).
That doesn't really tell the attacker who is concerned about
steganography *whether* steghide is in *use* in a given system, and i'd
imagine any attacker who suspects steganography is in use on a tails
system would guess that the approaches available in the debian archive
are a reasonable thing to try anyway.
I'm a bit dubious about steganography anyway, so i don't really have a
side i'm strongly aligned with in this question. But i'll say that the
thing that Tails has done (and continues to do) is to make an OS where
the user *doesn't* need to know all kinds of fancy details to hide their
tracks. That's a real contribution, and if we think that steganography
is a useful part of that toolkit, then it seems like having sensible,
usable steganography tools easily available is sort of in the same vein.
--dkg
