Re: [Tails-dev] steghide
On Sun 2020-11-08 09:24:13 +0100, intrigeri wrote: > I would fully agree with this line of reasoning if the requested tool > (steghide) provided a nice UX for folks who are not particularly > tech-savvy. Unfortunately, it's a CLI tool. So it seems to me that > using steghide is harder, for most of our target users, than > installing it by hand (which one can do without using a terminal). I'm embarrassed to say that i hadn't looked into the usability of steghide itself when i wrote that response. I fully agree with intrigeri that any steganography tool should be usable by a "normal" computer operator before we consider its default inclusion in an end-user-focused OS like Tails. --dkg signature.asc Description: PGP signature ___ Tails-dev mailing list Tails-dev@boum.org https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] steghide
Hi, Daniel Kahn Gillmor (2020-10-27): > On Mon 2020-10-26 08:39:06 +0100, intrigeri wrote: >> At this point of the conversation, I would recommend users for whom >> this matters a lot to install their preferred steganography tool >> by hand (without Additional Software) whenever they need it, so that >> it leaves no traces and such attackers are left with no clue >> about potential steganography usage, and which tool could be used. > > A counterargument would be that if tails were to include it by default, > any tails user *could* use it without needing to do any extra work (or > even to figure out how to install it by hand "so that it leaves no > traces", which is not necessarily a simple job, as i'm sure everyone who > works on Tails knows). I would fully agree with this line of reasoning if the requested tool (steghide) provided a nice UX for folks who are not particularly tech-savvy. Unfortunately, it's a CLI tool. So it seems to me that using steghide is harder, for most of our target users, than installing it by hand (which one can do without using a terminal). > I'm a bit dubious about steganography anyway, so i don't really have a > side i'm strongly aligned with in this question. But i'll say that the > thing that Tails has done (and continues to do) is to make an OS where > the user *doesn't* need to know all kinds of fancy details to hide their > tracks. That's a real contribution, and if we think that steganography > is a useful part of that toolkit, then it seems like having sensible, > usable steganography tools easily available is sort of in the same vein. This makes sense to me. I would certainly approach this conversation very differently if a *usable* steganography tool is proposed :) Cheers! ___ Tails-dev mailing list Tails-dev@boum.org https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] steghide
On Mon 2020-10-26 08:39:06 +0100, intrigeri wrote: > At this point of the conversation, I would recommend users for whom > this matters a lot to install their preferred steganography tool > by hand (without Additional Software) whenever they need it, so that > it leaves no traces and such attackers are left with no clue > about potential steganography usage, and which tool could be used. A counterargument would be that if tails were to include it by default, any tails user *could* use it without needing to do any extra work (or even to figure out how to install it by hand "so that it leaves no traces", which is not necessarily a simple job, as i'm sure everyone who works on Tails knows). That doesn't really tell the attacker who is concerned about steganography *whether* steghide is in *use* in a given system, and i'd imagine any attacker who suspects steganography is in use on a tails system would guess that the approaches available in the debian archive are a reasonable thing to try anyway. I'm a bit dubious about steganography anyway, so i don't really have a side i'm strongly aligned with in this question. But i'll say that the thing that Tails has done (and continues to do) is to make an OS where the user *doesn't* need to know all kinds of fancy details to hide their tracks. That's a real contribution, and if we think that steganography is a useful part of that toolkit, then it seems like having sensible, usable steganography tools easily available is sort of in the same vein. --dkg signature.asc Description: PGP signature ___ Tails-dev mailing list Tails-dev@boum.org https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] steghide
Hi, anon via Tails-dev (2020-10-25): > Would it be possible to add steghide as tails default package ? > https://packages.debian.org/buster/steghide > > If the goal is to hide stuff (the persistent storage is not hidden), > I think it gives clues to attackers (who got access to persistent > storage) where to look next if this package can be seen as > "additional software". I hear this argument. Have you considered this possible rebuttal: If we include steghide by default, then an attacker who is familiar enough with Tails to be aware of Additional Software will surely be aware of the presence of steghide, and thus will have an almost as strong clue that it could be worth looking for data hidden with steghide, instead of data hidden using another of the several steganography tools available in Debian. ? At this point of the conversation, I would recommend users for whom this matters a lot to install their preferred steganography tool by hand (without Additional Software) whenever they need it, so that it leaves no traces and such attackers are left with no clue about potential steganography usage, and which tool could be used. Cheers! ___ Tails-dev mailing list Tails-dev@boum.org https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] steghide
Hello Would it be possible to add steghide as tails default package ? https://packages.debian.org/buster/steghide If the goal is to hide stuff (the persistent storage is not hidden), I think it gives clues to attackers (who got access to persistent storage) where to look next if this package can be seen as "additional software". Thank you___ Tails-dev mailing list Tails-dev@boum.org https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Steghide
Hi Damian, On 24.06.19 19:58, Damián Chaban wrote: > I was wondering whether you could add steghide to the next version. It's > compatible with Debian and I think it would fit in tails since it's used to > hide sensitive files. It's not that big of a deal but it would be nice to > have it there. Thanks for the suggestion. We do not want to bloat Tails too much for everyone, however, you can use our Additional Software Feature to install this package automatically every time you boot Tails: https://tails.boum.org/doc/first_steps/additional_software/index.en.html#index4h2 Cheers! u. ___ Tails-dev mailing list Tails-dev@boum.org https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] Steghide
I was wondering whether you could add steghide to the next version. It's compatible with Debian and I think it would fit in tails since it's used to hide sensitive files. It's not that big of a deal but it would be nice to have it there. ___ Tails-dev mailing list Tails-dev@boum.org https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
