Difference between revisions of "Tails"

Jump to navigation Jump to search

Tails (view source)

Revision as of 07:23, 10 April 2020

7,481 bytes added ,  07:23, 10 April 2020
no edit summary
Line 9: Line 9:


See the [[Security]] article.
See the [[Security]] article.
==Security==
During the shutdown process, Tails will overwrite most of the used RAM to avoid a [[cold boot attack]].<ref name="memory-erasure">https://tails.boum.org/contribute/design/memory_erasure/</ref>
An emergency shutdown can be triggered by physically removing the medium where Tails is installed: a watchdog monitors the status of the boot medium, and if removed then the memory erasing process will begin immediately. This should however only be used in an emergency situation because it could break the file system of the persistence volume, if set up.<ref name="memory-erasure">https://tails.boum.org/contribute/design/memory_erasure/</ref><ref>https://tails.boum.org/doc/first_steps/shutdown/index.en.html</ref>
===Persistency===
Tails is by design amnesic. It lives in RAM and does not write to any other drive unless strictly specified. However, it is possible to set up an encrypted persistence volume (for example, within the USB Drive where Tails is installed) to save user data. It is also possible to instruct Tails to automatically install some additional software from the persistence drive, to load bookmarks for the Tor Browser, keep GPG keys or to keep configurations data for other applications. It is important to note, that the encrypted space could be detected by forensic analysis and is not hidden like in the case of [[VeraCrypt]] which offers [[plausible deniability]] and therefore should not be distinguishable from random data.<ref>https://tails.boum.org/doc/first_steps/persistence/configure/index.en.html</ref>


== Installation and use ==
== Installation and use ==
=== USB flash drive vs. SD card ===
=== USB flash drive vs. SD card ===
You can install Tails on a [[USB flash drive]] or an [[SD card]]. If you want to use a [[micro SD card]], you can use a [[micro SD card USB adapter]] to connect to your [[laptop]] or [[desktop]].
You can install Tails on a [[USB flash drive]] or an [[SD card]]. If you want to use a [[micro SD card]], you can use a [[micro SD card reader]] to connect it to your [[laptop]] or [[desktop]]'s USB slot.
 


A [[micro SD card]] is easier that a [[USB stick]] to hide from an [[agency]] or a [[law enforcement agency]].
A [[micro SD card]] is easier than a [[USB stick]] to hide from an [[intelligence agency]] or a [[law enforcement agency]].


=== Making a bootable USB stick ===
=== Making a bootable USB stick ===
Line 22: Line 34:
You can make a bootable USB stick by using [[Rufus]]. https://rufus.ie/
You can make a bootable USB stick by using [[Rufus]]. https://rufus.ie/


=== USB boot and choosing a language ===
=== Set USB boot ===
At [[UEFI]] or [[BIOS]], change the booting priority as [[USB]] is the first. And after boot, you can choose a language.
On [[UEFI]] or [[BIOS]]'s settings, change the booting priority as [[USB]] should be the first.
 
 
=== Tor Browser's Advanced Security Settings...: Safest ===
There are Standard, Safer, and Safest. The default option is Standard. Change it into Safest.
 
 
 
* Standard
At this level, all [[Tor Browser]] and website features are enabled.
 
* Safer
This level disables [[website]] features that are often dangerous. This may cause some sites to lose functionality.
 
[[JavaScript]] is disabled on all non-[[HTTPS]] sites; some fonts and math symbols are disabled; audio and video ([[HTML5]] media) are click-to-play.
 
* Safest
This level only allows website features required for static sites and basic services. These changes affect images, [[media]], and [[script]]s.
 
[[Javascript]] is disabled by default on all sites; some [[font]]s, [[icon]]s, [[math]] [[symbol]]s, and [[image]]s are disabled; audio and [[video]] ([[HTML5 media]]) are click-to-play.
 
https://tb-manual.torproject.org/security-settings/
 
== Startup options ==
Choose "Tails" of the Boot Loader Menu.
 
 
The "Tails (Troubleshooting Mode)" disables some features of the [[Linux]] kernel and might work better on some computers. You can try this option if you think you are experiencing errors related to hardware compatibility while starting Tails.
 
 
''[[Tails Greeter]]'' appears after the ''[[Boot Loader Menu]]'', but before the ''[[GNOME Desktop]]''.
 
=== Language & Region ===
==== Language ====
The default option is "English - United States".
 
==== Keyboard Layout ====
The default option is "[[English]] (US)". You don't have to change this option even if you're a fucking language user such as Chinese.
 
 
Tails includes "English ([[US]]), [[Chinese]] ([[Intelligent Pinyin]]), [[Japanese]] ([[Anthy]]), [[Korean]] ([[Hangul]]), [[Vietnamese]] (Unikey), Chinese ([[Chewing]])" keyboard layouts. After booting, you can choose among these keyboard layouts.
 
 
If you want to use [[ç]], [[œ]] and [[æ]] in [[French language]] or [[ä]], [[ö]], [[ü]] and [[ß]] in [[German language]], you should choose "Keyboard Layout" when you boot Tails.
 
 
If you choose Korean, you can switch between EN and 한 by pressing "[[Shift]] + [[space bar]]".
 
==== Formats ====
The default option is "United States - English".
 
 
The Formats option allows you to change the date and time format, first day of the week, measurement units, and default paper size according to the standards in use in a country.
 
For example, the USA and the United Kingdom, two English-speaking countries, have different standards:
 
 
{| class="wikitable"
|-
!
! USA
! United Kingdom
|-
| Date & time
| 3/17/2017 3:56 PM
| 17/3/2017 15:56
|-
| First day of the week
| Sunday
| Monday
|-
| Unit system
| Imperial
| Metric
|-
| Paper size
| Letter
| A4
|}
 
 
=== Encrypted persistence storage ===
If an encrypted persistence storage is detected on the [[USB stick]], an additional section appears in ''Tails Greeter'' below the '''Languge & Region''' section.
 
 
Show Passphrase
 
Enter your passphrase to unlock the persistent storage
 
Unlock
 
=== Additional Settings ===
You can see the + button at the same screen when you choose a language.
 
 
The default settings are safe in most situations. To add a custom setting, press the "+" button below.
 
==== Administration Password ====
Set up an administration password if you need to perform administrative tasks. Otherwise, the administration passworrd is disabled for better security.
 
 
Set an '''Administration Password''' to be able to perform administrative tasks like installing additional software or accessing the internal hard disks of the computer.
 
==== MAC Address Spoofing ====
[[MAC address spoofing]] hides the serial number of your network interface (Wi-Fi or wired) to the local network. Spoofing [[MAC address]]es is generally safer as it helps you hide your geographical location. But it might also create connectivity problems or look suspicious.
 
 
"On" is a default option.
 
Disable '''MAC Address Spoofing''' to prevent connectivity problems with your network interfaces.
 
 
If there is a network error, you can turn off [[MAC Address]] Spoofing. When your computer boots, choose the + button below Additional Settings and turn off [[MAC Address Spoofing]].
 
==== Network Connection ====
If your Internet connection is censored, filtered, or proxied you can configure a Tor bridge or a local proxy. To work completely offline, you can disable all networking.
 
 


=== Network error and MAC Address Spoofing ===
Change the '''Network Configuration''' to either:
If there is a network error, you can turn off [[MAC Address]] Spoofing. When your computer boots, choose the + button below Additional Settings and turn off [[MAC Address Spoofing]]. You can see the + button at the same screen when you choose a language.
* Connect directly to the Tor network (default).
* Configure a Tor bridge or local proxy:
:* If you want to use Tor bridges because your Internet connection is censored or you want to hide the fact that you are using Tor.
:* If you need to use a local proxy to acess the Internet.
:After starting Tails and connecting to a network, an assistant will guide you through the configuration of Tor.
* Disable all networking if you want to work completely offline with additional security.


== History ==
== History ==
Line 36: Line 170:


== Bundled software ==
== Bundled software ==
{{refimprove|section|date=June 2016}}
* [[GNOME]] desktop
* [[GNOME]] desktop


Line 42: Line 175:
* [[Tor (anonymity network)|Tor]] with: Stream isolation, regular, obfs2, obfs3, obfs4, and ScrambleSuit bridges support.
* [[Tor (anonymity network)|Tor]] with: Stream isolation, regular, obfs2, obfs3, obfs4, and ScrambleSuit bridges support.
* [[NetworkManager]] for easy network configuration
* [[NetworkManager]] for easy network configuration
* [[Tor Browser]], a web browser based on [[Firefox|Mozilla Firefox]] and modified to protect your anonymity with: Torbutton for anonymity and protection against [[JavaScript]], all cookies are treated as session cookies by default; [[HTTPS Everywhere]] transparently enables [[Transport Layer Security|SSL]]-encrypted connections to a great number of major websites, [[NoScript]] to have even more control over JavaScript, [[uBlock Origin]] to remove advertisements.
* [[Tor Browser]], a web browser based on [[Firefox|Mozilla Firefox]] and modified to protect anonymity with:  
** Torbutton for anonymity and protection against [[JavaScript]] with all cookies treated as session cookies by default;
** [[HTTPS Everywhere]] transparently enables [[Transport Layer Security|SSL]]-encrypted connections to a great number of major websites
** [[NoScript]] to have even more control over JavaScript
** [[uBlock Origin]] to remove advertisements.
It is to note, that due to the fact that Tails include uBlock Origin (compared to the normal Tor Browser Bundle), it could be subject to an attack to determine if the user is using Tails (since the userbase for Tails is less than the Tor Browser Bundle) by checking if the website is blocking advertising.<ref>https://tails.boum.org/doc/about/fingerprint/index.en.html</ref>
* [[Pidgin (software)|Pidgin]] preconfigured with [[Off-the-Record Messaging|OTR]] for end-to-end encrypted [[instant messaging]]
* [[Pidgin (software)|Pidgin]] preconfigured with [[Off-the-Record Messaging|OTR]] for end-to-end encrypted [[instant messaging]]
* OnionShare for anonymous filesharing
* [[Mozilla Thunderbird|Thunderbird]] email client with [[Enigmail]] for [[OpenPGP]] support
* [[Mozilla Thunderbird|Thunderbird]] email client with [[Enigmail]] for [[OpenPGP]] support
* [[Liferea]] [[feed aggregator]]
* [[Liferea]] [[feed aggregator]]
Line 49: Line 188:
* Electrum, an easy-to-use [[bitcoin]] client
* Electrum, an easy-to-use [[bitcoin]] client


===Encryption and privacy===
===Encryption and privacy software===
* [[LUKS]] and [[GNOME Disks]] to install and use encrypted storage devices, e.g. for [[USB sticks]]
* [[LUKS]] and [[GNOME Disks]] to install and use encrypted storage devices, e.g. for [[USB sticks]]
* [[GNU Privacy Guard|GnuPG]], the GNU implementation of [[OpenPGP]] for e-mail and data encryption and signing
* [[GNU Privacy Guard|GnuPG]], the GNU implementation of [[OpenPGP]] for e-mail and data encryption and signing
Line 57: Line 196:
* GNOME [[virtual keyboard]] as a [[Countermeasure (computer)|countermeasure]] against hardware [[Keystroke logging|keyloggers]]
* GNOME [[virtual keyboard]] as a [[Countermeasure (computer)|countermeasure]] against hardware [[Keystroke logging|keyloggers]]
* MAT to anonymize [[metadata]] in files
* MAT to anonymize [[metadata]] in files
* [[KeePassX]] [[password manager]]
* [[KeePassXC]] [[password manager]]
* GtkHash to calculate [[checksum]]s
* GtkHash to calculate [[checksum]]s
* Keyringer, a command line tool to encrypt secrets shared through [[Git (software)|Git]]
* Keyringer, a command line tool to encrypt secrets shared through [[Git (software)|Git]]
* Paperkey, a command line tool to back up OpenPGP secret keys on paper
* Paperkey, a command line tool to back up OpenPGP secret keys on paper
* DeepOnion wallet, an anonymous cryptocurrency using Tor network
* DeepOnion wallet, an anonymous cryptocurrency using Tor network
Users can install any other software which is present in Debian GNU/Linux, either through APT (Tails provides three repositories) or [[dpkg]].<ref>{{cite web
| url          = https://tails.boum.org/contribute/APT_repository/
| title        = APT repository
| date        = 7 October 2019
| website      = tails.boum.org
| access-date  = 7 October 2019
| archive-url  = https://web.archive.org/web/20190925050831/https://tails.boum.org/contribute/APT_repository/
| archive-date = 25 September 2019
| url-status    = live
}}</ref><ref>{{cite web
| url          = https://tails.boum.org/doc/about/features/index.en.html
| title        = Features and included software
| date        = 7 October 2019
| website      = tails.boum.org
| access-date  = 7 October 2019
| archive-url  = https://web.archive.org/web/20190823092502/https://tails.boum.org/doc/about/features/index.en.html
| archive-date = 23 August 2019
| url-status    = live
}}</ref>


One may choose among a large number of languages and keyboard layouts when the system is [[Booting|booted]].
One may choose among a large number of languages and keyboard layouts when the system is [[Booting|booted]].
Line 309: Line 468:
* [[phpBB]]
* [[phpBB]]
* [[IprediaOS]] ([[Ipredia]])
* [[IprediaOS]] ([[Ipredia]])
* [[IBHost]]


== References ==
== References ==
Do
14

edits

Retrieved from "http://hiddenwep33eg4w225lcdwcez4iefacwpiia6cwg7pfmcz4hvijzbgid.onion/index.php?title=Special:MobileDiff/29049"

Navigation menu