On 1/31/15, Benjamin Brewer <bbrewer@littledystopia.net> wrote:
... Pardon my ignorance about this, and I will do my own research, but do these hidden formattings/stego/call-home functions disappear, get mutilated, become broken when ‘converting’ such PDF documents to other document types
we can wax lyrical about all the ways to sanitize a boundary through constraint, perhaps twice over, to be sure? that said, consider a Qubes OS setup where conversion between formats (app domains) was always to least complicated, most easy to verify well formed, even constraint through omission type simplifications, then a PDF to plain-text 80 column by 42 lines per page fixed width ASCII printable only could probably be interpreted into sentences that would be a way to collaborate separately without excessively leaking information among participants, maybe. in other words, PDFs and similar rich, obfuscated types are the adversaries playground. does this mean all PDFs are compromised? Of course not. But if you're a target, a specific PDF of specific structure could very well be an effective honey token and target you precisely.
... via use of many ‘conversion’ tools (Calibre comes to mind instantly) or are these embedded organisms a persistent across any automated conversion routine?
consider a watermark, that resized half, still persists. this is the kind of meta leval manipulation of structure you may see in a rich document (PDF) that could still persist in some transformations. in other words, it depends on your threat model - who is tainting your documents in-line, silently, without your awares, and how complicated the formats and resulting transformations. as another example, this is why referencing even simplified subsets of text by a self certifying identifier, like afb1e384e450d644703ad96cdfe9f728be509854388687eb65b7c622e2f798a9 , e.g. bigsundaawafn36e.onion/shid/afb/1e3/afb1e384e450d644..5b7c622e2f798a9 , or http://sunshineeevvocqr.onion/bigsun/raw/afb1e384e450d644..5b7c622e2f798a9 which is the same paragraph in ascii no matter PDF or Word or HTML origin simplified to text paragraph. then, mutually un-trusting individuals collaborating from a distance, can use this shared address space as the base for cooperation. if that doesn't make sense, i will explain it better, later, :) best regards,