Tails

From Hidden Wiki
Revision as of 15:22, 30 June 2020 by Ttol (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Unix Assembly language Mathematics Web development I2P
GhostBSD Assembly Programming Tutorial Statistics Django for Beginners MuWire
GUI Artificial intelligence Artificial neural network Machine learning Messenger
Tkinter Artificial intelligence Artificial neural network Machine Learning Mastery with Python Session

Tails or The Amnesic Incognito Live System is a security-focused Debian-based Linux distribution aimed at preserving privacy and anonymity.[1] All its incoming and outgoing connections are forced to go through Tor,[2] and any and all non-anonymous connections are blocked. The system is designed to be booted as a live DVD or live USB, and will leave no digital footprint on the machine unless explicitly told to do so. The Tor Project has provided financial support for its development.[3]


It's safe to use Tails or Whonix when you build your own darknet site since you can't use Tor Browser with "Safest" "Security Settings" on Freedom Hosting Reloaded or Daniel's Hosting.


If you use Tails, you'd better set up an administration password when you boot your laptop. Because sometimes you need root's permission to install some software. Normally, the administration password is disabled for better security.


See the Security article.

Security

During the shutdown process, Tails will overwrite most of the used RAM to avoid a cold boot attack.[4] An emergency shutdown can be triggered by physically removing the medium where Tails is installed: a watchdog monitors the status of the boot medium, and if removed then the memory erasing process will begin immediately. This should however only be used in an emergency situation because it could break the file system of the persistence volume, if set up.[4][5]


Persistency

Tails is by design amnesic. It lives in RAM and does not write to any other drive unless strictly specified. However, it is possible to set up an encrypted persistence volume (for example, within the USB Drive where Tails is installed) to save user data. It is also possible to instruct Tails to automatically install some additional software from the persistence drive, to load bookmarks for the Tor Browser, keep GPG keys or to keep configurations data for other applications. It is important to note, that the encrypted space could be detected by forensic analysis and is not hidden like in the case of VeraCrypt which offers plausible deniability and therefore should not be distinguishable from random data.[6]

Flaw in Tails’ video player to reveal the real IP address

  • Facebook Helped the FBI Hack a Child Predator

Facebook paid a cybersecurity firm six figures to develop a zero-day in Tails to identify a man who extorted and threatened girls.

June 10, 2020, 2:57pm

For years, a California man systematically harassed and terrorized young girls using chat apps, email, and Facebook. He extorted them for their nude pictures and videos, and threatened to kill and rape them. He also sent graphic and specific threats to carry out mass shootings and bombings at the girls' schools if they didn't send him sexually explicit photos and videos.

Buster Hernandez, who was known as “Brian Kil” online, was such a persistent threat and was so adept at hiding his real identity that Facebook took the unprecedented step of helping the FBI hack him to gather evidence that led to his arrest and conviction, Motherboard has learned.

The FBI and Facebook used a so-called zero-day exploit in the privacy-focused operating system Tails, which automatically routes all of a user's internet traffic through the Tor anonymity network, to unmask Hernandez's real IP address, which ultimately led to his arrest.

Hernandez was so notorious within Facebook that employees considered him the worst criminal to ever use the platform, two former employees told Motherboard. According to these sources, Facebook assigned a dedicated employee to track him for around two years and developed a new machine learning system designed to detect users creating new accounts and reaching out to kids in an attempt to exploit them. That system was able to detect Hernandez and tie different pseudonymous accounts and their respective victims to him, two former Facebook employees said.

The firm worked with a Facebook engineer and wrote a program that would attach an exploit taking advantage of a flaw in Tails’ video player to reveal the real IP address of the person viewing the video.

The FBI then got a warrant and the help of a victim who sent a booby-trapped video to Hernandez, as Motherboard previously reported.

https://www.vice.com/en_us/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez

Installation

USB flash drive vs. SD card

You can install Tails on a USB flash drive or an SD card. If you want to use a micro SD card, you can use a micro SD card reader to connect it to your laptop or desktop's USB slot.


A micro SD card is easier than a USB stick to hide from an intelligence agency or a law enforcement agency.

Making a bootable USB stick

Download tails-amd64-4.3.img file from https://tails.boum.org/ . The USB image's size is 1.1 GB so you have to prepare at least a 2 GB USB stick or SD card.


You can make a bootable USB stick by using Rufus. https://rufus.ie/

Set USB boot

On UEFI or BIOS's settings, change the booting priority as USB should be the first.

Startup options

Choose "Tails" of the Boot Loader Menu.


The "Tails (Troubleshooting Mode)" disables some features of the Linux kernel and might work better on some computers. You can try this option if you think you are experiencing errors related to hardware compatibility while starting Tails.


Tails Greeter appears after the Boot Loader Menu, but before the GNOME Desktop.

Language & Region

Language

The default option is "English - United States".

Keyboard Layout

The default option is "English (US)". You don't have to change this option even if you're a fucking language user such as Chinese.


Tails includes "English (US), Chinese (Intelligent Pinyin), Japanese (Anthy), Korean (Hangul), Vietnamese (Unikey), Chinese (Chewing)" keyboard layouts. After booting, you can choose among these keyboard layouts.


If you want to use ç, œ and æ in French language or ä, ö, ü and ß in German language, you should choose "Keyboard Layout" when you boot Tails.


If you choose Korean, you can switch between EN and 한 by pressing "Shift + space bar".

Formats

The default option is "United States - English".


The Formats option allows you to change the date and time format, first day of the week, measurement units, and default paper size according to the standards in use in a country.

For example, the USA and the United Kingdom, two English-speaking countries, have different standards:


USA United Kingdom
Date & time 3/17/2017 3:56 PM 17/3/2017 15:56
First day of the week Sunday Monday
Unit system Imperial Metric
Paper size Letter A4


Encrypted persistence storage

If an encrypted persistence storage is detected on the USB stick, an additional section appears in Tails Greeter below the Languge & Region section.


Show Passphrase

Enter your passphrase to unlock the persistent storage

Unlock

Additional Settings

You can see the + button at the same screen when you choose a language.


The default settings are safe in most situations. To add a custom setting, press the "+" button below.

Administration Password

Set up an administration password if you need to perform administrative tasks. Otherwise, the administration passworrd is disabled for better security.


Set an Administration Password to be able to perform administrative tasks like installing additional software or accessing the internal hard disks of the computer.

MAC Address Spoofing

MAC address spoofing hides the serial number of your network interface (Wi-Fi or wired) to the local network. Spoofing MAC addresses is generally safer as it helps you hide your geographical location. But it might also create connectivity problems or look suspicious.


"On" is a default option.

Disable MAC Address Spoofing to prevent connectivity problems with your network interfaces.


If there is a network error, you can turn off MAC Address Spoofing. When your computer boots, choose the + button below Additional Settings and turn off MAC Address Spoofing.

Network Connection

If your Internet connection is censored, filtered, or proxied you can configure a Tor bridge or a local proxy. To work completely offline, you can disable all networking.


Change the Network Configuration to either:

  • Connect directly to the Tor network (default).
  • Configure a Tor bridge or local proxy:
  • If you want to use Tor bridges because your Internet connection is censored or you want to hide the fact that you are using Tor.
  • If you need to use a local proxy to acess the Internet.
After starting Tails and connecting to a network, an assistant will guide you through the configuration of Tor.
  • Disable all networking if you want to work completely offline with additional security.

How to use

Tor Browser's Advanced Security Settings...: Safest

There are Standard, Safer, and Safest. The default option is Standard. Change it into Safest.


  • Standard

At this level, all Tor Browser and website features are enabled.

  • Safer

This level disables website features that are often dangerous. This may cause some sites to lose functionality.

JavaScript is disabled on all non-HTTPS sites; some fonts and math symbols are disabled; audio and video (HTML5 media) are click-to-play.

  • Safest

This level only allows website features required for static sites and basic services. These changes affect images, media, and scripts.

Javascript is disabled by default on all sites; some fonts, icons, math symbols, and images are disabled; audio and video (HTML5 media) are click-to-play.

https://tb-manual.torproject.org/security-settings/


GPG

Generate a pair of keys

Applications > Utilities > Passwords and Keys > File > New > PGP Key > Continue


  • Full Name

Name must be at least 5 characters long. You can use your phpBB ID as your name.

  • Email Address

Use random email address such as fjlt@jlg.goeri

  • Comment

Write any comments.

  • Encryption Type: RSA
  • Key Strength (bits): 2048

You can change 2048 to 4096 for making it safer.

  • Expiration Date

You can check "Never Expires" checkbox.



Passphrase for New PGP Key

Enter the passphrase for your new key twice.

Password:

Confirm:


Copy a public key

Applications > Utilities > Passwords and Keys > GnuPG keys


Click your pair of keys and "Edit > Copy". If you want to use your public key as your signature of your phpBB account, just paste it into the place for your signature.

Enable persistence

Without having persistence enabled, you won’t be able to save any data in Tails.

Under Applications > Tails, select Configure persistent volume. To use this option, your USB stick must have been created using the Tails Installer program. If you created your USB stick manually (as described above), you need to copy Tails over using another USB stick. The Tails installer is under Applications > Tails > Tails installer.

You will be asked to create a passphrase. Check out our guide on how to create secure passwords with Diceware in this book. Length is more important than complexity. You will be asked for this passphrase every time you start Tails.

You will also have to select which information you want Tails to remember. The less Tails remembers, the more secure you are, but you’ll have to remember more things yourself and set them up again each time you start Tails.

To seamlessly run all the features you will need in this guide we recommend selecting Personal Data, GnuPG, Pidgin, Network Connections, Browser Bookmarks, Bitcoin client, and Icedove.

Restart Tails with persistence and enter your passphrase. Remember that only the files in the folder named “Persistence” will be saved when you shut down your computer.

https://www.techradar.com/how-to/how-to-make-anonymous-payments-with-bitcoin


Set Up Electrum

The Bitcoin wallet is under Applications > Internet > Electrum Bitcoin Wallet.


Electrum is a lightweight Bitcoin wallet. That means it does not rely on its own copy of the blockchain (the immutable record of all Bitcoin transactions that ever took place), but instead relies on several other nodes.

Electrum screenshotA screenshot of the lightweight Bitcoin wallet Electrum.

To find out your balance, enter your Bitcoin address into a Blockexplorer.

For example, this is the Bitcoin address of the Edward Snowden Defense Fund:

1snowqQP5VmZgU47i5AWwz9fsgHQg94Fa

You can enter it into a Blockexplorer like Blockcypher (many more exist) to see its balance and all transactions associated with it.

Edward Snowden's Defense FundThe Edward Snowden Defense Fund in Blockcypher.

Create a new wallet by opening Electrum. A “standard wallet” will do fine. You will see 13 English words, which represent your wallet seed. This seed is more than just a password to your wallet. Anybody who has this seed can take your Bitcoins, so be careful about where you store these words.

To store your wallet seed words safely, you can create a new entry in your KeePassX database and paste them into the comment field, or you can write them on a piece of paper and lock it away. Either way, do not save it in a text file anywhere on an unencrypted drive.

Press proceed and enter your wallet seed into the next window, then choose a password, ideally by creating one with KeePassX. You will need this password every time you make a transaction.

Great! You can now receive and make Bitcoin payments. You can find your Bitcoin addresses and their balances under “Addresses.”

You can set up multiple wallets for your identity. You can create a new wallet for a single transaction if you so wish. Having separate wallets makes it easier to keep funds separate for accounting or privacy purposes.

https://www.techradar.com/how-to/how-to-make-anonymous-payments-with-bitcoin

Communicate via XMPP and OTR

Pidgin is a chat program. As anonymous email accounts are hard to come by, it might be easier to chat with your contacts using this tool. The only downside is that you cannot receive messages when you’re offline.

Pidgin is under Applications > Internet > Pidgin Internet Messenger.

Launch Pidgin. Add an account and choose XMPP as your protocol.

Pick a username, enter dukgo.com as the domain and pick a password, then tick the box Create this new account on the server. Close the window and connect to enable the new chat account in Pidgin. You may be prompted again to enter your username and password. Use KeePassX to create a secure and unique password.

PidginAdding a new pidgin chat account is as simple as a round of duck duck goose.

Your username@dukgo.com address can now be given out to your contacts. You will need to approve each individual contact before you can initiate a conversation with them.You have now set up XMPP chat (also called Jabber). Note: Even though username@dukgo.com looks like an email address, it is not an email address and cannot be used to receive messages while offline.

To chat securely, you need to use OTR encryption. Click on OTR > Start private conversation.

You can verify the integrity of the conversation by clicking on OTR > Authenticate Buddy.

The easiest way to reliably verify each other is to exchange each other’s fingerprints outside the chat. which you can see under Manual authentication. To share your fingerprint with other individuals, you can paste it into the signature on a message board, or publish it on your website.

https://www.techradar.com/how-to/how-to-make-anonymous-payments-with-bitcoin

History

Tails was first released on 23 June 2009. It is the next iteration of development on Incognito, a Gentoo-based Linux distribution.[7] The Tor Project has provided financial support for its development.[3] Tails has also received funding from the Debian Project, Mozilla, and the Freedom of the Press Foundation.[8]

Laura Poitras, Glenn Greenwald, and Barton Gellman have each said that Tails was an important tool they used in their work with National Security Agency whistleblower Edward Snowden.[9][10][11]

As of release 3.0, Tails requires a 64-bit processor to run.[12]

Bundled software

Networking

  • Tor with: Stream isolation, regular, obfs2, obfs3, obfs4, and ScrambleSuit bridges support.
  • NetworkManager for easy network configuration
  • Tor Browser, a web browser based on Mozilla Firefox and modified to protect anonymity with:
    • Torbutton for anonymity and protection against JavaScript with all cookies treated as session cookies by default;
    • HTTPS Everywhere transparently enables SSL-encrypted connections to a great number of major websites
    • NoScript to have even more control over JavaScript
    • uBlock Origin to remove advertisements.

It is to note, that due to the fact that Tails include uBlock Origin (compared to the normal Tor Browser Bundle), it could be subject to an attack to determine if the user is using Tails (since the userbase for Tails is less than the Tor Browser Bundle) by checking if the website is blocking advertising.[13]

Encryption and privacy software

Users can install any other software which is present in Debian GNU/Linux, either through APT (Tails provides three repositories) or dpkg.[14][15]

One may choose among a large number of languages and keyboard layouts when the system is booted.

Release history

Template:Version
Release history
Version[16] Release date[16] Notes
Template:Version Template:Dts
  • Unreleased, but listed in official changelog
Template:Version Template:Dts
  • First public release.[17]
  • The project was called Amnesia.[17]
Template:Version Template:Dts
Template:Version Template:Dts
Template:Version Template:Dts
Template:Version Template:Dts
  • Last release as "amnesia"[16]
Template:Version Template:Dts
  • First release since the project was renamed to The Amnesic Incognito Live System.[16][18]
Template:Version Template:Dts
  • Unreleased versions: 0.6~1.gbpef2878 (Sep 26), 0.6~rc2 (Sep 29), 0.6~rc3 (Oct 2)
Template:Version Template:Dts
Template:Version Template:Dts
Template:Version Template:Dts
  • Unreleased versions: 0.7~rc1 (Mar 11), 0.7~rc2 (Mar 25)
0.8, 0.8.1, 0.9, 0.10, 0.10.1, 0.10.2, 0.11, 0.12, 0.12.1, 0.13, 0.14, 0.15, 0.16, 0.17, 0.17.1, 0.17.2, 0.18, 0.19, 0.20, 0.20.1, 0.21, 0.22, 0.22.1, 0.23
Template:Version[17] Template:Dts
  • 36th stable release.[17]
1.0.1, 1.1, 1.1.1, 1.1.2, 1.2, 1.2.1, 1.2.2, 1.2.3, 1.3, 1.3.1, 1.3.2, 1.4, 1.4.1
Template:Version[19] Template:Dts
  • Disabled access to the local network via the Tor Browser.[19]
1.5.1, 1.6
Template:Version[19] Template:Dts
  • Replaced the Claws Mail email client with Icedove, which is based on Mozilla Thunderbird.[19]
  • Enabled booting Tails in offline mode, with networking disabled.[19]
1.8, 1.8.1, 1.8.2 (last version to fit 2GB flash drive)
Template:Version[20] Template:Dts
  • It used Debian 8 as its base and included a new Gnome shell desktop environment, systemd, and a new installation process.[20]
2.0.1
Template:Version[19] Template:Dts
  • Enabled viewing DRM-protected DVDs.[19]
  • Added a new “Onion Circuits” interface for viewing Tor routing information.[19]
2.2.1, 2.3
Template:Version[19] Template:Dts
  • Automatic account configuration of Icedove, harden kernel and firewall, update the DRM and Mesa graphical libraries.[21]
  • New version of Tor Browser.[19]
Template:Version[22] Template:Dts
Template:Version[23] Template:Dts
Template:Version[24] Template:Dts
Template:Version[25] Template:Dts
Template:Version[26] Template:Dts
Template:Version[27] Template:Dts[27]
Template:Version[28] Template:Dts[28]
  • The last version to include I2P
Template:Version[29] Template:Dts[29]
Template:Version[30] Template:Dts[30]
Template:Version[31] Template:Dts[31]
Template:Version[32] Template:Dts[32]
Template:Version[33] Template:Dts[33]
Template:Version[34] Template:Dts[34]
  • 3.4 fixes the widely reported Meltdown attack, and includes the partial mitigation for Spectre
Template:Version[35] Template:Dts[35]
Template:Version[36] Template:Dts[36]
  • 3.6 adds a new lock screen feature that, when enabled, can be unlocked with the administrator password that was set when tails booted up. Otherwise, you can set up a password to unlock your screen when locking your screen for the first time.
  • Install drivers for the Video Acceleration API to improve the display of videos on many graphics cards.
Template:Version[37] Template:Dts[37]
Template:Version[38][39] Template:Dts[38]
Template:Version[40][41] Template:Dts[41]
  • Firefox 60.2, major release; will include VeraCrypt support and major Additional Software Packages improvements.[41]
Template:Version[42] October 3, 2018[42]
  • Update Tor Browser to 8.0.2. This fixes 2 critical security vulnerabilities in JavaScript in Firefox.
  • Update Thunderbird to fix these same vulnerabilities.[43]
Template:Version[44] October 23, 2018
  • Hide the PIM option when unlocking VeraCrypt volumes because PIM won't be supported until Tails 4.0. (#16031)
  • Rename the buttons in the confirmation dialog of Tails Installer to Install (or Upgrade) and Cancel to be less confusing. (#11501)
  • Update Linux to 4.8.
  • Update Tor Browser to 8.0.3.
  • Update Thunderbird to 60.2.1.
Version Release date Notes

In mainstream media

On 3 July 2014, German public television channel Das Erste reported that the NSA's XKeyscore surveillance system contains definitions that match persons who search for Tails using a search engine or visit the Tails website. A comment in XKeyscore's source code calls Tails "a comsec mechanism advocated by extremists on extremist forums".[45][46]

On 28 December 2014, Der Spiegel published slides from an internal NSA presentation dating to June 2012 in which the NSA deemed Tails on its own as a "major threat" to its mission, and when used in conjunction with other privacy tools such as OTR, Cspace, RedPhone, and TrueCrypt was ranked as "catastrophic," leading to a "near-total loss/lack of insight to target communications, presence..."[47][48]

Tails Partners

See also

References

  1. Cite error: Invalid <ref> tag; no text was provided for refs named lwn
  2. Cite error: Invalid <ref> tag; no text was provided for refs named tc
  3. 3.0 3.1 Template:Cite web
  4. 4.0 4.1 https://tails.boum.org/contribute/design/memory_erasure/
  5. https://tails.boum.org/doc/first_steps/shutdown/index.en.html
  6. https://tails.boum.org/doc/first_steps/persistence/configure/index.en.html
  7. Cite error: Invalid <ref> tag; no text was provided for refs named lj
  8. Template:Cite web
  9. Template:Cite web
  10. Template:Cite web
  11. Template:Cite web
  12. Template:Cite web
  13. https://tails.boum.org/doc/about/fingerprint/index.en.html
  14. Template:Cite web
  15. Template:Cite web
  16. 16.0 16.1 16.2 16.3 Template:Cite web
  17. 17.0 17.1 17.2 17.3 Template:Cite web
  18. Template:Cite web
  19. 19.0 19.1 19.2 19.3 19.4 19.5 19.6 19.7 19.8 19.9 Template:Cite web
  20. 20.0 20.1 Template:Cite web
  21. Template:Cite web
  22. Template:Cite web
  23. Template:Cite web
  24. Template:Cite web
  25. Template:Cite web
  26. Template:Cite web
  27. 27.0 27.1 Template:Cite web
  28. 28.0 28.1 Template:Cite web
  29. 29.0 29.1 Template:Cite web
  30. 30.0 30.1 Template:Cite web
  31. 31.0 31.1 Template:Cite web
  32. 32.0 32.1 Template:Cite web
  33. 33.0 33.1 Template:Cite web
  34. 34.0 34.1 Template:Cite web
  35. 35.0 35.1 Template:Cite web
  36. 36.0 36.1 Template:Cite web
  37. 37.0 37.1 Template:Cite web
  38. 38.0 38.1 Template:Cite web
  39. DistroWatch Weekly, Issue 770, 2 July 2018
  40. Template:Cite web
  41. 41.0 41.1 41.2 Template:Cite web
  42. 42.0 42.1 Template:Cite web
  43. Template:Cite web
  44. Template:Cite web
  45. Template:Cite web
  46. Template:Cite web
  47. Cite error: Invalid <ref> tag; no text was provided for refs named spiegel1
  48. Cite error: Invalid <ref> tag; no text was provided for refs named spiegel2

External links