<div dir="auto"><div><div class="gmail_extra"><div class="gmail_quote">On Feb 12, 2017 12:49, "Brian Candler" <<a href="mailto:b.candler@pobox.com">b.candler@pobox.com</a>> wrote:<br type="attribution"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="quoted-text">On 12/02/2017 20:40, Johannes Marbach wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I think this potentially increases the surface for an attacker. Even though the files are still securely encrypted, I wouldn't even want someone to know that I have e.g. a Visa credit card or a gmail account.<br>
<br>
</blockquote></div>
Otherwise known as "security through obscurity". This is not how pass works; if you need this, either do it at a different layer (e.g. encfs), or maybe a different tool is more appropriate.</blockquote></div></div></div><div dir="auto"><br></div><div dir="auto">To be fair this provides plausible deniability which does have value. For example the US government is threatening to start asking for social media accounts and possible passwords when entering the country. If you claim not to have an account but they search your computer and find the password entry you are going to be in trouble. </div><div dir="auto"><br></div><div dir="auto">That being said I agree that pass isn't the tool for this, or at the very least that you should be using a tool on top of pass. </div><div dir="auto"></div></div>