Re: [Tails-dev] steghide

Hi,

Daniel Kahn Gillmor (2020-10-27):

> On Mon 2020-10-26 08:39:06 +0100, intrigeri wrote:
>> At this point of the conversation, I would recommend users for whom
>> this matters a lot to install their preferred steganography tool
>> by hand (without Additional Software) whenever they need it, so that
>> it leaves no traces and such attackers are left with no clue
>> about potential steganography usage, and which tool could be used.
>
> A counterargument would be that if tails were to include it by default,
> any tails user *could* use it without needing to do any extra work (or
> even to figure out how to install it by hand "so that it leaves no
> traces", which is not necessarily a simple job, as i'm sure everyone who
> works on Tails knows).

I would fully agree with this line of reasoning if the requested tool
(steghide) provided a nice UX for folks who are not particularly
tech-savvy. Unfortunately, it's a CLI tool. So it seems to me that
using steghide is harder, for most of our target users, than
installing it by hand (which one can do without using a terminal).

> I'm a bit dubious about steganography anyway, so i don't really have a
> side i'm strongly aligned with in this question. But i'll say that the
> thing that Tails has done (and continues to do) is to make an OS where
> the user *doesn't* need to know all kinds of fancy details to hide their
> tracks. That's a real contribution, and if we think that steganography
> is a useful part of that toolkit, then it seems like having sensible,
> usable steganography tools easily available is sort of in the same vein.

This makes sense to me. I would certainly approach this conversation
very differently if a *usable* steganography tool is proposed :)

Cheers!