Tails
Unix | Assembly language | Mathematics | Web development | I2P |
---|---|---|---|---|
GhostBSD | Assembly Programming Tutorial | Statistics | Django for Beginners | MuWire |
GUI | Artificial intelligence | Artificial neural network | Machine learning | Messenger |
Tkinter | Artificial intelligence | Artificial neural network | Machine Learning Mastery with Python | Session |
Tails or The Amnesic Incognito Live System is a security-focused Debian-based Linux distribution aimed at preserving privacy and anonymity.[1] All its incoming and outgoing connections are forced to go through Tor,[2] and any and all non-anonymous connections are blocked. The system is designed to be booted as a live DVD or live USB, and will leave no digital footprint on the machine unless explicitly told to do so. The Tor Project has provided financial support for its development.[3]
It's safe to use Tails or Whonix when you build your own darknet site since you can't use Tor Browser with "Safest" "Security Settings" on Freedom Hosting Reloaded or Daniel's Hosting.
If you use Tails, you'd better set up an administration password when you boot your laptop. Because sometimes you need root's permission to install some software. Normally, the administration password is disabled for better security.
See the Security article.
Security
During the shutdown process, Tails will overwrite most of the used RAM to avoid a cold boot attack.[4] An emergency shutdown can be triggered by physically removing the medium where Tails is installed: a watchdog monitors the status of the boot medium, and if removed then the memory erasing process will begin immediately. This should however only be used in an emergency situation because it could break the file system of the persistence volume, if set up.[4][5]
Persistency
Tails is by design amnesic. It lives in RAM and does not write to any other drive unless strictly specified. However, it is possible to set up an encrypted persistence volume (for example, within the USB Drive where Tails is installed) to save user data. It is also possible to instruct Tails to automatically install some additional software from the persistence drive, to load bookmarks for the Tor Browser, keep GPG keys or to keep configurations data for other applications. It is important to note, that the encrypted space could be detected by forensic analysis and is not hidden like in the case of VeraCrypt which offers plausible deniability and therefore should not be distinguishable from random data.[6]
Flaw in Tails’ video player to reveal the real IP address
- Facebook Helped the FBI Hack a Child Predator
Facebook paid a cybersecurity firm six figures to develop a zero-day in Tails to identify a man who extorted and threatened girls.
June 10, 2020, 2:57pm
For years, a California man systematically harassed and terrorized young girls using chat apps, email, and Facebook. He extorted them for their nude pictures and videos, and threatened to kill and rape them. He also sent graphic and specific threats to carry out mass shootings and bombings at the girls' schools if they didn't send him sexually explicit photos and videos.
Buster Hernandez, who was known as “Brian Kil” online, was such a persistent threat and was so adept at hiding his real identity that Facebook took the unprecedented step of helping the FBI hack him to gather evidence that led to his arrest and conviction, Motherboard has learned.
The FBI and Facebook used a so-called zero-day exploit in the privacy-focused operating system Tails, which automatically routes all of a user's internet traffic through the Tor anonymity network, to unmask Hernandez's real IP address, which ultimately led to his arrest.
Hernandez was so notorious within Facebook that employees considered him the worst criminal to ever use the platform, two former employees told Motherboard. According to these sources, Facebook assigned a dedicated employee to track him for around two years and developed a new machine learning system designed to detect users creating new accounts and reaching out to kids in an attempt to exploit them. That system was able to detect Hernandez and tie different pseudonymous accounts and their respective victims to him, two former Facebook employees said.
The firm worked with a Facebook engineer and wrote a program that would attach an exploit taking advantage of a flaw in Tails’ video player to reveal the real IP address of the person viewing the video.
The FBI then got a warrant and the help of a victim who sent a booby-trapped video to Hernandez, as Motherboard previously reported.
https://www.vice.com/en_us/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez
Installation
USB flash drive vs. SD card
You can install Tails on a USB flash drive or an SD card. If you want to use a micro SD card, you can use a micro SD card reader to connect it to your laptop or desktop's USB slot.
A micro SD card is easier than a USB stick to hide from an intelligence agency or a law enforcement agency.
Making a bootable USB stick
Download tails-amd64-4.3.img file from https://tails.boum.org/ . The USB image's size is 1.1 GB so you have to prepare at least a 2 GB USB stick or SD card.
You can make a bootable USB stick by using Rufus. https://rufus.ie/
Set USB boot
On UEFI or BIOS's settings, change the booting priority as USB should be the first.
Startup options
Choose "Tails" of the Boot Loader Menu.
The "Tails (Troubleshooting Mode)" disables some features of the Linux kernel and might work better on some computers. You can try this option if you think you are experiencing errors related to hardware compatibility while starting Tails.
Tails Greeter appears after the Boot Loader Menu, but before the GNOME Desktop.
Language & Region
Language
The default option is "English - United States".
Keyboard Layout
The default option is "English (US)". You don't have to change this option even if you're a fucking language user such as Chinese.
Tails includes "English (US), Chinese (Intelligent Pinyin), Japanese (Anthy), Korean (Hangul), Vietnamese (Unikey), Chinese (Chewing)" keyboard layouts. After booting, you can choose among these keyboard layouts.
If you want to use ç, œ and æ in French language or ä, ö, ü and ß in German language, you should choose "Keyboard Layout" when you boot Tails.
If you choose Korean, you can switch between EN and 한 by pressing "Shift + space bar".
Formats
The default option is "United States - English".
The Formats option allows you to change the date and time format, first day of the week, measurement units, and default paper size according to the standards in use in a country.
For example, the USA and the United Kingdom, two English-speaking countries, have different standards:
USA | United Kingdom | |
---|---|---|
Date & time | 3/17/2017 3:56 PM | 17/3/2017 15:56 |
First day of the week | Sunday | Monday |
Unit system | Imperial | Metric |
Paper size | Letter | A4 |
Encrypted persistence storage
If an encrypted persistence storage is detected on the USB stick, an additional section appears in Tails Greeter below the Languge & Region section.
Show Passphrase
Enter your passphrase to unlock the persistent storage
Unlock
Additional Settings
You can see the + button at the same screen when you choose a language.
The default settings are safe in most situations. To add a custom setting, press the "+" button below.
Administration Password
Set up an administration password if you need to perform administrative tasks. Otherwise, the administration passworrd is disabled for better security.
Set an Administration Password to be able to perform administrative tasks like installing additional software or accessing the internal hard disks of the computer.
MAC Address Spoofing
MAC address spoofing hides the serial number of your network interface (Wi-Fi or wired) to the local network. Spoofing MAC addresses is generally safer as it helps you hide your geographical location. But it might also create connectivity problems or look suspicious.
"On" is a default option.
Disable MAC Address Spoofing to prevent connectivity problems with your network interfaces.
If there is a network error, you can turn off MAC Address Spoofing. When your computer boots, choose the + button below Additional Settings and turn off MAC Address Spoofing.
Network Connection
If your Internet connection is censored, filtered, or proxied you can configure a Tor bridge or a local proxy. To work completely offline, you can disable all networking.
Change the Network Configuration to either:
- Connect directly to the Tor network (default).
- Configure a Tor bridge or local proxy:
- If you want to use Tor bridges because your Internet connection is censored or you want to hide the fact that you are using Tor.
- If you need to use a local proxy to acess the Internet.
- After starting Tails and connecting to a network, an assistant will guide you through the configuration of Tor.
- Disable all networking if you want to work completely offline with additional security.
How to use
Tor Browser's Advanced Security Settings...: Safest
There are Standard, Safer, and Safest. The default option is Standard. Change it into Safest.
- Standard
At this level, all Tor Browser and website features are enabled.
- Safer
This level disables website features that are often dangerous. This may cause some sites to lose functionality.
JavaScript is disabled on all non-HTTPS sites; some fonts and math symbols are disabled; audio and video (HTML5 media) are click-to-play.
- Safest
This level only allows website features required for static sites and basic services. These changes affect images, media, and scripts.
Javascript is disabled by default on all sites; some fonts, icons, math symbols, and images are disabled; audio and video (HTML5 media) are click-to-play.
https://tb-manual.torproject.org/security-settings/
GPG
Generate a pair of keys
Applications > Utilities > Passwords and Keys > File > New > PGP Key > Continue
- Full Name
Name must be at least 5 characters long. You can use your phpBB ID as your name.
- Email Address
Use random email address such as fjlt@jlg.goeri
- Comment
Write any comments.
- Encryption Type: RSA
- Key Strength (bits): 2048
You can change 2048 to 4096 for making it safer.
- Expiration Date
You can check "Never Expires" checkbox.
Passphrase for New PGP Key
Enter the passphrase for your new key twice.
Password:
Confirm:
Copy a public key
Applications > Utilities > Passwords and Keys > GnuPG keys
Click your pair of keys and "Edit > Copy". If you want to use your public key as your signature of your phpBB account, just paste it into the place for your signature.
Enable persistence
Without having persistence enabled, you won’t be able to save any data in Tails.
Under Applications > Tails, select Configure persistent volume. To use this option, your USB stick must have been created using the Tails Installer program. If you created your USB stick manually (as described above), you need to copy Tails over using another USB stick. The Tails installer is under Applications > Tails > Tails installer.
You will be asked to create a passphrase. Check out our guide on how to create secure passwords with Diceware in this book. Length is more important than complexity. You will be asked for this passphrase every time you start Tails.
You will also have to select which information you want Tails to remember. The less Tails remembers, the more secure you are, but you’ll have to remember more things yourself and set them up again each time you start Tails.
To seamlessly run all the features you will need in this guide we recommend selecting Personal Data, GnuPG, Pidgin, Network Connections, Browser Bookmarks, Bitcoin client, and Icedove.
Restart Tails with persistence and enter your passphrase. Remember that only the files in the folder named “Persistence” will be saved when you shut down your computer.
https://www.techradar.com/how-to/how-to-make-anonymous-payments-with-bitcoin
Set Up Electrum
The Bitcoin wallet is under Applications > Internet > Electrum Bitcoin Wallet.
Electrum is a lightweight Bitcoin wallet. That means it does not rely on its own copy of the blockchain (the immutable record of all Bitcoin transactions that ever took place), but instead relies on several other nodes.
Electrum screenshotA screenshot of the lightweight Bitcoin wallet Electrum.
To find out your balance, enter your Bitcoin address into a Blockexplorer.
For example, this is the Bitcoin address of the Edward Snowden Defense Fund:
1snowqQP5VmZgU47i5AWwz9fsgHQg94Fa
You can enter it into a Blockexplorer like Blockcypher (many more exist) to see its balance and all transactions associated with it.
Edward Snowden's Defense FundThe Edward Snowden Defense Fund in Blockcypher.
Create a new wallet by opening Electrum. A “standard wallet” will do fine. You will see 13 English words, which represent your wallet seed. This seed is more than just a password to your wallet. Anybody who has this seed can take your Bitcoins, so be careful about where you store these words.
To store your wallet seed words safely, you can create a new entry in your KeePassX database and paste them into the comment field, or you can write them on a piece of paper and lock it away. Either way, do not save it in a text file anywhere on an unencrypted drive.
Press proceed and enter your wallet seed into the next window, then choose a password, ideally by creating one with KeePassX. You will need this password every time you make a transaction.
Great! You can now receive and make Bitcoin payments. You can find your Bitcoin addresses and their balances under “Addresses.”
You can set up multiple wallets for your identity. You can create a new wallet for a single transaction if you so wish. Having separate wallets makes it easier to keep funds separate for accounting or privacy purposes.
https://www.techradar.com/how-to/how-to-make-anonymous-payments-with-bitcoin
Communicate via XMPP and OTR
Pidgin is a chat program. As anonymous email accounts are hard to come by, it might be easier to chat with your contacts using this tool. The only downside is that you cannot receive messages when you’re offline.
Pidgin is under Applications > Internet > Pidgin Internet Messenger.
Launch Pidgin. Add an account and choose XMPP as your protocol.
Pick a username, enter dukgo.com as the domain and pick a password, then tick the box Create this new account on the server. Close the window and connect to enable the new chat account in Pidgin. You may be prompted again to enter your username and password. Use KeePassX to create a secure and unique password.
PidginAdding a new pidgin chat account is as simple as a round of duck duck goose.
Your username@dukgo.com address can now be given out to your contacts. You will need to approve each individual contact before you can initiate a conversation with them.You have now set up XMPP chat (also called Jabber). Note: Even though username@dukgo.com looks like an email address, it is not an email address and cannot be used to receive messages while offline.
To chat securely, you need to use OTR encryption. Click on OTR > Start private conversation.
You can verify the integrity of the conversation by clicking on OTR > Authenticate Buddy.
The easiest way to reliably verify each other is to exchange each other’s fingerprints outside the chat. which you can see under Manual authentication. To share your fingerprint with other individuals, you can paste it into the signature on a message board, or publish it on your website.
https://www.techradar.com/how-to/how-to-make-anonymous-payments-with-bitcoin
History
Tails was first released on 23 June 2009. It is the next iteration of development on Incognito, a Gentoo-based Linux distribution.[7] The Tor Project has provided financial support for its development.[3] Tails has also received funding from the Debian Project, Mozilla, and the Freedom of the Press Foundation.[8]
Laura Poitras, Glenn Greenwald, and Barton Gellman have each said that Tails was an important tool they used in their work with National Security Agency whistleblower Edward Snowden.[9][10][11]
As of release 3.0, Tails requires a 64-bit processor to run.[12]
Bundled software
- GNOME desktop
Networking
- Tor with: Stream isolation, regular, obfs2, obfs3, obfs4, and ScrambleSuit bridges support.
- NetworkManager for easy network configuration
- Tor Browser, a web browser based on Mozilla Firefox and modified to protect anonymity with:
- Torbutton for anonymity and protection against JavaScript with all cookies treated as session cookies by default;
- HTTPS Everywhere transparently enables SSL-encrypted connections to a great number of major websites
- NoScript to have even more control over JavaScript
- uBlock Origin to remove advertisements.
It is to note, that due to the fact that Tails include uBlock Origin (compared to the normal Tor Browser Bundle), it could be subject to an attack to determine if the user is using Tails (since the userbase for Tails is less than the Tor Browser Bundle) by checking if the website is blocking advertising.[13]
- Pidgin preconfigured with OTR for end-to-end encrypted instant messaging
- OnionShare for anonymous filesharing
- Thunderbird email client with Enigmail for OpenPGP support
- Liferea feed aggregator
- Aircrack-ng for Wi-Fi networks auditing
- Electrum, an easy-to-use bitcoin client
Encryption and privacy software
- LUKS and GNOME Disks to install and use encrypted storage devices, e.g. for USB sticks
- GnuPG, the GNU implementation of OpenPGP for e-mail and data encryption and signing
- Monkeysign, a tool for OpenPGP key signing and exchange
- PWGen, a strong random password generator
- Shamir's Secret Sharing using gfshare and ssss
- GNOME virtual keyboard as a countermeasure against hardware keyloggers
- MAT to anonymize metadata in files
- KeePassXC password manager
- GtkHash to calculate checksums
- Keyringer, a command line tool to encrypt secrets shared through Git
- Paperkey, a command line tool to back up OpenPGP secret keys on paper
- DeepOnion wallet, an anonymous cryptocurrency using Tor network
Users can install any other software which is present in Debian GNU/Linux, either through APT (Tails provides three repositories) or dpkg.[14][15]
One may choose among a large number of languages and keyboard layouts when the system is booted.
Release history
Template:Version |
Release history | |||
---|---|---|---|
Version[16] | Release date[16] | Notes | |
Template:Version | Template:Dts |
| |
Template:Version | Template:Dts | ||
Template:Version | Template:Dts | ||
Template:Version | Template:Dts | ||
Template:Version | Template:Dts | ||
Template:Version | Template:Dts |
| |
Template:Version | Template:Dts | ||
Template:Version | Template:Dts |
| |
Template:Version | Template:Dts | ||
Template:Version | Template:Dts | ||
Template:Version | Template:Dts |
| |
0.8, 0.8.1, 0.9, 0.10, 0.10.1, 0.10.2, 0.11, 0.12, 0.12.1, 0.13, 0.14, 0.15, 0.16, 0.17, 0.17.1, 0.17.2, 0.18, 0.19, 0.20, 0.20.1, 0.21, 0.22, 0.22.1, 0.23 | |||
Template:Version[17] | Template:Dts |
| |
1.0.1, 1.1, 1.1.1, 1.1.2, 1.2, 1.2.1, 1.2.2, 1.2.3, 1.3, 1.3.1, 1.3.2, 1.4, 1.4.1 | |||
Template:Version[19] | Template:Dts |
| |
1.5.1, 1.6 | |||
Template:Version[19] | Template:Dts | ||
1.8, 1.8.1, 1.8.2 (last version to fit 2GB flash drive) | |||
Template:Version[20] | Template:Dts |
| |
2.0.1 | |||
Template:Version[19] | Template:Dts | ||
2.2.1, 2.3 | |||
Template:Version[19] | Template:Dts | ||
Template:Version[22] | Template:Dts | ||
Template:Version[23] | Template:Dts | ||
Template:Version[24] | Template:Dts | ||
Template:Version[25] | Template:Dts | ||
Template:Version[26] | Template:Dts | ||
Template:Version[27] | Template:Dts[27] | ||
Template:Version[28] | Template:Dts[28] |
| |
Template:Version[29] | Template:Dts[29] | ||
Template:Version[30] | Template:Dts[30] | ||
Template:Version[31] | Template:Dts[31] | ||
Template:Version[32] | Template:Dts[32] | ||
Template:Version[33] | Template:Dts[33] | ||
Template:Version[34] | Template:Dts[34] |
| |
Template:Version[35] | Template:Dts[35] | ||
Template:Version[36] | Template:Dts[36] |
| |
Template:Version[37] | Template:Dts[37] | ||
Template:Version[38][39] | Template:Dts[38] | ||
Template:Version[40][41] | Template:Dts[41] |
| |
Template:Version[42] | October 3, 2018[42] |
| |
Template:Version[44] | October 23, 2018 |
| |
Version | Release date | Notes |
In mainstream media
On 3 July 2014, German public television channel Das Erste reported that the NSA's XKeyscore surveillance system contains definitions that match persons who search for Tails using a search engine or visit the Tails website. A comment in XKeyscore's source code calls Tails "a comsec mechanism advocated by extremists on extremist forums".[45][46]
On 28 December 2014, Der Spiegel published slides from an internal NSA presentation dating to June 2012 in which the NSA deemed Tails on its own as a "major threat" to its mission, and when used in conjunction with other privacy tools such as OTR, Cspace, RedPhone, and TrueCrypt was ranked as "catastrophic," leading to a "near-total loss/lack of insight to target communications, presence..."[47][48]
Tails Partners
See also
- Darknet
- Freedom Hosting Reloaded
- Daniel's Hosting
- Crypto-anarchism
- Dark web
- Freedom of information
- GlobaLeaks
- GNU Privacy Guard
- I2P
- Internet censorship
- Internet privacy
- Off-the-Record Messaging
- Proxy server
- Security-focused operating systems
- Tor (anonymity network)
- Tor2web
- Whonix
- TinyIB
- MediaWiki
- Tribler
- phpBB
- IprediaOS (Ipredia)
- Cryptocurrency
References
- ↑ Cite error: Invalid
<ref>
tag; no text was provided for refs namedlwn
- ↑ Cite error: Invalid
<ref>
tag; no text was provided for refs namedtc
- ↑ 3.0 3.1 Template:Cite web
- ↑ 4.0 4.1 https://tails.boum.org/contribute/design/memory_erasure/
- ↑ https://tails.boum.org/doc/first_steps/shutdown/index.en.html
- ↑ https://tails.boum.org/doc/first_steps/persistence/configure/index.en.html
- ↑ Cite error: Invalid
<ref>
tag; no text was provided for refs namedlj
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ https://tails.boum.org/doc/about/fingerprint/index.en.html
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ 16.0 16.1 16.2 16.3 Template:Cite web
- ↑ 17.0 17.1 17.2 17.3 Template:Cite web
- ↑ Template:Cite web
- ↑ 19.0 19.1 19.2 19.3 19.4 19.5 19.6 19.7 19.8 19.9 Template:Cite web
- ↑ 20.0 20.1 Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ 27.0 27.1 Template:Cite web
- ↑ 28.0 28.1 Template:Cite web
- ↑ 29.0 29.1 Template:Cite web
- ↑ 30.0 30.1 Template:Cite web
- ↑ 31.0 31.1 Template:Cite web
- ↑ 32.0 32.1 Template:Cite web
- ↑ 33.0 33.1 Template:Cite web
- ↑ 34.0 34.1 Template:Cite web
- ↑ 35.0 35.1 Template:Cite web
- ↑ 36.0 36.1 Template:Cite web
- ↑ 37.0 37.1 Template:Cite web
- ↑ 38.0 38.1 Template:Cite web
- ↑ DistroWatch Weekly, Issue 770, 2 July 2018
- ↑ Template:Cite web
- ↑ 41.0 41.1 41.2 Template:Cite web
- ↑ 42.0 42.1 Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Cite error: Invalid
<ref>
tag; no text was provided for refs namedspiegel1
- ↑ Cite error: Invalid
<ref>
tag; no text was provided for refs namedspiegel2
External links
- Official website https://tails.boum.org
- https://www.torproject.org/projects/projects.html.en Tails at Tor project website
- https://tails.boum.org/support/known_issues/index.en.html Tails - Known issues
- https://deeponion.org/community/threads/tails-deeponion-partnership-soon-to-start.39854/ Tails at DeepOnion Website