Hi, anon via Tails-dev (2020-10-25): > Would it be possible to add steghide as tails default package ? > https://packages.debian.org/buster/steghide > > If the goal is to hide stuff (the persistent storage is not hidden), > I think it gives clues to attackers (who got access to persistent > storage) where to look next if this package can be seen as > "additional software".
I hear this argument. Have you considered this possible rebuttal: If we include steghide by default, then an attacker who is familiar enough with Tails to be aware of Additional Software will surely be aware of the presence of steghide, and thus will have an almost as strong clue that it could be worth looking for data hidden with steghide, instead of data hidden using another of the several steganography tools available in Debian. ? At this point of the conversation, I would recommend users for whom this matters a lot to install their preferred steganography tool by hand (without Additional Software) whenever they need it, so that it leaves no traces and such attackers are left with no clue about potential steganography usage, and which tool could be used. Cheers! _______________________________________________ Tails-dev mailing list [email protected] https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
