> On Apr 19, 2025, at 3:20 PM, GreyFedora via Tails-dev <tails-dev@boum.org> > wrote: > > How come no tools included in Tails to remove PII from database files or data > masking software to protect confidential sources in whistleblowing or leaking?
Hi! I'm not a Tails maintainer, but I can take a stab at answering this question based on observations of this mailing list. A real Tails maintainer can give you a more definitive answer. 1. Generally the Tails maintainers want to only add software that is *already* packaged in Debian. Thankfully, metadata-cleaner meets this requirement. 2. That software must be maintained. That's a problem. On 2025-01-23 in message "Metadata Cleaner is looking for a new co-maintainer" it was noted that "Unfortunately, the future of Metadata Cleaner is compromised: it has no active maintainer anymore." 3. Generally the Tails maintainers are trying to strike a balance. They want to provide enough 'general use" functionality so you don't *have* to install anything else, but each package they add potentially adds new attacks, so they don't want to add *too* much. Details below. I hope that helps. --- David A. Wheeler === Details === Currently you can get this functionality by installing the package metadata-cleaner, which is a GTK GUI frontend for mat2. I've never used it, and I have no idea how good it is. A few comments here: https://www.omglinux.com/metadata-cleaner-app-for-linux/ I suggest you investigate it, examining its results, and report back on how well it works. It'd be great if you could find or create a test suite to see how well it really *does* remove metadata. That would address point 1. I don't know if anyone has stepped up to implement point 2. That matters obviously :-). You could also investigate how much more code it adds & whether or not this is widely-needed functionality, meeting point 3. I could see this software meeting the bar for point 3 ("it is widely useful for intended users"). Reporters would often need this in particular to justify claims while shielding sources. I could *especially* see an argument for it if the Tails developers take additional steps to harden the software (e.g., implement bubblewrap on some of the lower-level functions and/or recompile some C code with hardened options like those identified by OpenSSF). _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
