Tails Manual

Tails - Introduction

doc

Page 1 of 1

Introduction

English

DE

FR

Introduction The goal of this documentation documentation is to present The Amnesic Incognito Live System (Tails) in an easy to understand and reasonably thorough manner

Download

Tails 0.22

December 11, 2013

in hope to give the new user a crash course in what might be a completely new set of applications and concepts regarding anonymity

About

and security on the Internet.

Getting started… It will not fully document the applications included in Tails, but rather give an overview of

Documentation

them and go on details only on the Tails-specific configuration.

Help & Support

It is quite long so you might want to not read it

Contribute

in one go but instead read about about and and warning warning,, as well as the sections on only those applications you intend to use with the possibility to return to it whenever you want to try something new or use it for reference. If you have experience with these applications and concepts from elsewhere and feel comfortable with the user interface in general, reading this document is maybe not necessary at all. A word of caution to all users is not to alter the network, proxy and firewall settings unless you know what you are doing – poking around with them too much might spoil the built-in defences of Tails.

Last edited Tue 29 Oct 2013 06:46:43 PM CET

PT

Tails - About Tails anonymity

doc

about

Page 1 of 2

About Tails anonymity

English

DE

FR

About Tails anonymity Why do you need

Download

anonymity?

December 11, 2013

As you are probably aware of, we currently find ourselves in a state of steady decline of our freedoms and privacy, with increasing levels of mass surveillance and repression all over the world (see this report from Privacy International ). Without taking any precautions, your Internet service provider, the State, the police and global surveillance systems like ECHELON (which is not a a

Tails 0.22 About

Getting started… Documentation Help & Support Contribute

conspiracy theory; see this report from the

European Parliament

) can record what you do online: what you read, what you write

and who you communicate with. This is possible since all messages messages sent over the Internet contain contain the IP addresses of both the sender and receiver, much like an ordinary mail sent through the postal system contains addresses of both sender and receiver for two-ways communication. IP addresses can easily be traced back to the physical location of the computers and their owners, and from that ultimately back to you. If you do not mind this fact, then more power to you, but if you do mind, then Tails might be just what you need. Moreover, just like with a postcard, any information traveling on the Internet can be read by many computers that relay them.

PT

Tails - System requirements

doc

about

Page 1 of 1

System re requirements

English

System requirements Tails should work on any reasonably recent PC computer, say manufactured after 2005. Here is a detailed list of requirements:

Download

Tails 0.22

December 11, 2013

• Either an internal or external DVD reader or the possibility to boot from a USB stick

About

or SD card. • Tails Tails requ require ires s an x86 x86+ compat compatibl ible e proce processo ssor: r:

Getting started…

+

IBM PC compatible and others but not PowerPC+ nor AR ARM+.

Documentation

• 1 GB of RAM to work smoothly. Tails is known to work with less memory but you

Help & Support

might experience strange behaviours or crashes.


Contribute

DE

FR

PT

Tails - Warning

doc

Page 1 of 7

about

Warning

English

DE

FR

Warning Even though we're doing our best to offer you good tools to protect your privacy while using a computer, there is no magic or perfect

Download

Tails 0.22

December 11, 2013

solution to such a complex problem. Understanding well the limits of such tools is a crucial step in, first, deciding whether Tails is the

About

right tool for you, and second, helping you making a good use of it.

1. Tor exit nodes can eavesdrop on communications 2. Tails makes it clear that you are using Tor and probably Tails 3. Man-in-the-middle attacks


4. Confirmation attacks 5. Tails doesn't encrypt your documents by default 6. Tails doesn't clear the metadata of your documents for you and doesn't encrypt the Subject: and other headers of your encrypted e-mail messages 7. Tor doesn't protect you from a global adversary 8. Tails doesn't magically separate your different contextual identities 9. Tails doesn't make your crappy passwords stronger 10. Tails is a work in progress

Tor exit nodes can eavesdrop on communications Tor is about hiding your location, not about encrypting your communication.

PT

Tails - Warning

Page 2 of 7

Instead of taking a direct route from source to destination, communications using the Tor network take a random pathway through several Tor relays that cover your tracks. So no observer at any single point can tell where the data came from or where it's going.

The last relay on this circuit, called the exit node, is the one that establishes the actual connection to the destination server. As Tor does not, and by design cannot, encrypt the traffic between an exit node and the destination server, any exit node is in a position

to capture any traffic passing through it . See Tor FAQ: Can exit nodes eavesdrop on communications? . For example, in 2007, a security researcher intercepted thousands of private e-mail messages sent by foreign embassies and human rights groups around the world by spying on the connections coming out of an exit node he was running. See Wired: Rogue Nodes Turn Tor Anonymizer Into Eavesdropper's Paradise.

.

To protect yourself from such attacks you should use end-to-end encryption. Tails includes many tools to help you using strong encryption while browsing, sending email or chatting, as presented on our about page.

Tails makes it clear that you are using Tor and probably Tails Your Internet Service Provider (ISP) or your local network administrator can see that you're connecting to a Tor relay, and not a normal web server for example. Using Tor bridges in certain conditions can help you hide the fact that you are using Tor.

Tails - Warning

Page 3 of 7

The destination server that you are contacting through Tor can know whether your communication comes out from a Tor exit node by consulting the publicly available list of exit nodes that might contact it. For example using the Tor Bulk Exit List tool of the Tor Project.

So using Tails doesn't make you look like any random Internet user. The anonymity provided by Tor and Tails works by trying to make all of their users look the same so it's not possible to identify who is who amongst them. See also Can I hide the fact that I am using Tails?

Man-in-the-middle attacks A man-in-the-middle attack (MitM) is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.

While using Tor, man-in-the-middle attacks can still happen between the exit node and the destination server. The exit node itself can also act as a man-in-the-middle. For an example of such an attack see MW-Blog: TOR exit-node doing MITM attacks .

Again, to protect yourself from such attacks you should use end-to-end encryption and while doing so taking extra care at verifying the server authenticity. Usually, this is automatically done throught SSL certificates checked by your browser against a given set of recognized certificate authorities

). If you get a security

exception message such as this one you might be victim of a man-in-the-middle attack

Tails - Warning

Page 4 of 7

and should not bypass it unless you have another trusted way of checking the certificate's fingerprint with the people running the service.

But on top of that the certificate authorities model of trust on Internet is susceptible to various methods of compromise. For example, on March 15, 2011, Comodo, one of the major SSL certificates company, reported that a user account with an affiliate registration authority had been compromised. It was then used to create a new user account that issued nine certificate signing requests for seven domains: mail.google.com, login.live.com, www.google.com, login.yahoo.com (three certificates), login.skype.com, addons.mozilla.org, and global trustee. See Comodo: The Recent RA Compromise . Later in 2011, DigiNotar, a Dutch SSL certificate company, incorrectly issued certificates to a malicious party or parties. Later on, it came to light that they were apparently compromised months before or perhaps even in May of 2009 if not earlier. Rogues certificates were issued for domains such as google.com, mozilla.org, torproject.org, login.yahoo.com and many more. See, The Tor Project: The DigiNotar Debacle, and what you should do about it .

This still leaves open the possibility of a man-in-the-middle attack even when your browser is trusting an HTTPS connection. On one hand, by providing anonymity, Tor makes it more difficult to perform a man-inthe-middle attack targeted at one specific person with the blessing of a rogue SSL certificate. But on the other end, Tor makes it easier for people or organizations running exit nodes to perform large scale MitM attempts, or attacks targeted at a specific

server , and especially those among its users who happen to use Tor.

Tails - Warning

Page 5 of 7

Quoted from Wikipedia: Man-in-the-middle attack , Wikipedia: Comodo Group#Iran SSL certificate controversy and Tor Project: Detecting Certificate Authority compromises and web browser collusion

.

Confirmation attacks The Tor design doesn't try to protect against an attacker who can see or measure both traffic going into the Tor network and also traffic coming out of the Tor network. That's because if you can see both flows, some simple statistics let you decide whether they match up. That could also be the case if your ISP (or your local network administrator) and the ISP of the destination server (or the destination server itself) cooperate to attack you. Tor tries to protect against traffic analysis, where an attacker tries to learn whom to investigate, but Tor can't protect against traffic confirmation (also known as end-to-end correlation), where an attacker tries to confirm an hypothesis by monitoring the right locations in the network and then doing the math. Quoted from Tor Project: "One cell is enough to break Tor's anonymity"

.

Tails doesn't encrypt your documents by default The documents that you might save on storage devices will not be encrypted by default. But Tails provides you with tools to encrypt your documents, such as GnuPG, or encrypt your storage device, such as LUKS. It is likely that the files you may create will keep tracks that they were created using Tails.

If you need to access the local hard-disks of the computer you are using, be conscious that you might then leave trace of your activities with Tails on it.

Tails doesn't clear the metadata of your documents for you and doesn't encrypt the Subject: and other headers of your encrypted e-mail messages Numerous files format store hidden data or metadata inside of the files. Text processors or PDF files could store the name of the author, the date and time of creation of the file, and sometimes even parts of the editing history of the file… those hidden data depend

Tails - Warning

Page 6 of 7

on the file format and the software used. Please note also, that the Subject: as well as the rest of the header lines of your OpenPGP encrypted e-mail messages are not encrypted. This is not a bug of Tails or the OpenPGP protocol; it's for backwards compatibility with the original SMTP protocol. Unfo rtunately no RFC standard exists yet for Subject encryption. Images file formats, like TIFF of JPEG, probably take the prize in this field. Those files, created by digital cameras or mobile phones, contain a metadata format called EXIF which can include the date, time and sometimes the GPS coordinates of the picture, the brand and serial number of the device which took it as well as a thumbnail of the original image. Image processing software tend to keep those data intact. Internet is full of cropped or blurred images for which the EXIF thumbnail still contains the full original picture.

Tails doesn't clear the metadata of your files for you . Yet. Still it's in Tails' design goal to help you do that. For example, Tails already comes with the Metadata anonymisation toolkit .

Tor doesn't protect you from a global adversary A global passive adversary would be a person or an entity able to monitor at the same time the traffic between all the computers in a network. By studying, for example, the timing and volume patterns of the different communications across the network, it would be statistically possible to identify Tor circuits and thus matching Tor users and destination servers. It is part of Tor's initial trade-off not to address such a threat in order to create a lowlatency communication service usable for web browsing, Internet chat or SSH connections. For more expert information see Tor Project: The Second-Generation Onion Router , part 3. Design goals and assumptions.

Tails doesn't magically separate your different contextual identities It is usually not advisable to use the same Tails session to perform two tasks or endorse two contextual identities that you really want to keep separate from another. For example hiding your location to check your email and publishing anonymously a document.

Tails - Warning

Page 7 of 7

First, because Tor tends to reuse the same circuits, for example amongst a same browsing session. Since the exit node of a circuit knows both the destination server (and possibly the content of the communication if not encrypted) and the address of the previous relay it received the communication from, it makes it easier to correlate the several browsing requests as part of a same circuit and possibly made by a same user. If you are facing a global adversary as described above, it might then also be in position to do this correlation. Second, in case of a security hole or a misuse in using Tails or one of its application, information about your session could be leaked. That could reveal that the same person was behind the various actions made during the session.

The solution to both threats is to shutdown and restart Tails every time you're using a new identity, if you really want to isolate them better. Vidalia's "New Identity" button forces Tor to use new circuits but only for new connections: existing connections might stay open. Plus, apart from the Tor circuits, other kind of information can reveal your past activities, for example the cookies stored by your browser. So this feature of Vidalia is not a solution to really separate contextual identities. Shutdown and restart Tails instead.

Tails doesn't make your crappy passwords stronger Tor allows you to be anonymous online; Tails allows you to leave no trace on the computer you're using. But again, neither of both are magic spells for computer

security. If you use weak passwords, they can be guessed by brute-force attacks with or without Tails in the same way. To know if your passwords are weak and learn good practices to create better password, you can read Wikipedia: Weak Passwords

.

Tails is a work in progress Tails, as well as all the software it includes, are on continuous development and might contain programming errors or security holes. Stay tuned to Tails development. Do not rely on it for strong anonymity.

Last edited Sun 08 Sep 2013 05:53:29 PM CEST

Tails - Features and included software

doc

about

Page 1 of 3

Features and included software

English

DE

FR

Features and included software 1. Included software 1. Networking 2. Desktop Edition

Download

Tails 0.22

December 11, 2013

3. Encryption & Privacy 2. Additional features 3. Multilingual support

About Getting started…

Included software • GNOME , an intuitive and attractive desktop environment

Documentation Help & Support Contribute

Networking • Tor with: ◦ stream isolation ◦ regular and obfsproxy bridges support ◦ the Vidalia graphical frontend • NetworkManager for easy network configuration • Firefox preconfigured with: ◦ TorBrowser patches ◦ Torbutton for anonymity and protection against evil JavaScript ◦ all cookies are treated as session cookies by default; the CS Lite extension provides more fine-grained cookie control for those who need it ◦ HTTPS Everywhere transparently enables SSL-encrypted connections to a great number of major websites • Pidgin preconfigured with OTR for Off-the-Record Messaging • Claws Mail

e-mail client, with user-friendly GnuPG support

• Liferea feed aggregator • Gobby for collaborative text writing • Aircrack-ng for wireless networks auditing

PT


Page 2 of 3

• I2P an anonymizing network

Desktop Edition • OpenOffice.org • Gimp and Inkscape to edit images • Scribus for page layout • Audacity for recording and editing sounds • PiTIVi for non-linear audio/video editing • Poedit to edit .po files • Simple Scan and SANE for scanner support • Brasero to burn CD/DVD • Sound Juicer to rip audio CDs

Encryption & Privacy • LUKS and Palimpsest to install and use encrypted storage devices, for example USB sticks • GnuPG , the GNU implementation of OpenPGP for email and data encyption and signing • TrueCrypt a disk encryption software • PWGen , a strong password generator • Shamir's Secret Sharing

using gfshare and ssss

• Florence virtual keyboard as a countermeasure against hardware keyloggers • MAT to anonymize metadata in files • KeePassX

password manager

The full packages list can be found in the BitTorrent files download directory (look for files with the .packages extension).

Additional features • can be run as a virtualized guest inside VirtualBox • customization (e.g. to add a given missing piece of software) is relatively easy: one may build a custom Amnesic Incognito Live System in about one hour on a modern desktop computer • PAE-enabled kernel with NX-bit and SMP support on hardware that supports it • Some basic accessibility features To prevent cold-boot attacks and various memory forensics, Tails erases memory on shutdown and when the boot media is physically removed.

Multilingual support


Page 3 of 3

One can choose at boot time between a big number of languages. Some of these languages could not be thoroughly tested as we don't speak every language in the world. If you find issues using one of the supposedly supported languages, don't hesitate to tell us about it. E.g. Tails probably lacks some non-Latin fonts or input systems. If you wish to make it easier to use Tails for your language speakers, see the translators guidelines.

Last edited Tue 17 Dec 2013 11:01:38 AM CET

Tails - Can I hide the fact that I am using Tails?

doc

about

Page 1 of 2

Can I hide the fact that I am using Tails?

English

DE

FR

Can I hide the fact that I am using Tails? In this context, the term fingerprint refers to what is specific to Tails in the way it behaves on Internet. This can be used to determine whether

Download

Tails 0.22

December 11, 2013

a particular user is using Tails or not. As explained on our warning page, when using

About

Tails it is possible to know that you are using Tor. But Tails tries to make it as difficult as

Getting started…

possible to distinguish Tails users from other Tor users, especially Tor Browser Bundle

Documentation

(TBB) users. If it is possible to determine whether your are a Tails users or a TBB user, this

Help & Support

provides more information about you and in consequence reduces your anonymity.

Contribute

This section explains some issues regarding the fingerprint of Tails and how this could be used to identify you as a Tails user.

For the websites that you are visiting The websites that you are visiting can retrieve a lot of information about your browser. That information can include its name and version, window size, list of available extensions, timezone, available fonts, etc. To make it difficult to distinguish Tails users from TBB users, the Tails browser tries

to provide the same information as the TBB in order to have similar fingerprints. See the fingerprint section of know issues page for a list of known differences between the fingerprints of the Tails browser and the TBB.

PT

Tails - Can I hide the fact that I am using Tails?

Page 2 of 2

Apart from that, some of the extensions included in Tails browser are different than the ones included in the TBB. More sophisticated attacks can use those differences to distinguish Tails user from TBB users. For example, Tails includes Adblock Plus which removes advertisements. If an attacker can determine that you are not downloading the advertisements that are included in a webpage, that could help identify you as a Tails user. For the moment, you should consider that no special care is taken regarding the

fingerprint of the

Unsafe Browser .

For your ISP or local network administrator • A Tails system is almost exclusively generating Tor activity on the network. Usually TBB users also have network activity outside o f Tor, either from another web browser or other applications. So the proportion of Tor activity could be used to determine whether a user is using Tails or the TBB. If you are sharing your Internet connection with other users that are not using Tails it is probably harder for your ISP to determine whether a single user is generating only Tor traffic and so maybe using Tails. • Tails do not use the entry guards mechanism of Tor . With the entry guard mechanism , a Tor user always uses the same few relays as first hops. As Tails does not store any Tor information between separate working sessions, it does not store the entry guards information either. This behaviour could be used to distinguish Tails users from TBB users across several working sessions. • When starting, Tails synchronizes the system clock to make sure it is accurate. While doing this, if the time is set too much in the past or in the future, Tor is shut down and started again. This behavior could be used to distinguish Tails from TBB users, especially this happens every time Tails starts.

Last edited Mon 06 Jan 2014 12:33:14 PM CET

Tails - Trusting Tails

doc

about

Page 1 of 3

Trusting Tails

English

DE

FR

Trusting Tails Trust is a very problematic issue, and that's the essence of why security is difficult in every field, including computers and Internet

Download

Tails 0.22

December 11, 2013

communication. Do you trust Tails and its developers? Do you think we have planted backdoors in Tails so we can take control of your

About

computer, or that we make Tails generate compromised encryption keys in order to enable

Getting started…

the government to spy on you? Do you simply trust our word on that we are legit?

Documentation

No matter what your opinion is in this matter you

Help & Support

should ask how you reached that conclusion. Both trust and distrust need to be established

Contribute

based on facts, not gut feeling, paranoid suspicion, unfounded hearsay or our word. Of course, we claim to be honest, but written assurances are worthless. In order to make an informed decision you must look at the greater picture of what Tails is comprised of, our affiliations, and possibly how others trust us.

1. Free software and public scrutiny 2. Trusting Debian GNU/Linux 3. Trusting Tor 4. Trusting Tails

Free software and public scrutiny Free software, like Tails, enables its users to check exactly what the software distribution consists of and how it functions since the source code must be made available to all who receive it. Hence a thorough audit of the code can reveal if any malicious code, like a backdoor, is present. Furthermore, with the source code it is

PT


Page 2 of 3

possible to build the software, and then compare the result against any version that is already built and being distributed, like the Tails ISO images you can download from us. That way it can be determined whether the distributed version actually was built with the source code, or if any malicious changes have been made. Of course, most people do not have the knowledge, skills or time required to do this, but due to public scrutiny anyone can have a certain degree of implicit trust in Free software, at least if it is popular enough that other developers look into the source code and do what was described in the previous paragraph. After all, there is a strong tradition within the Free software community to publicly report serious issues that are found within software.

Trusting Debian GNU/Linux The vast majority of all software shipped in Tails comes from the Debian GNU/Linux distribution . Debian is arguably the Linux distribution whose software packages are under the deepest public scrutiny. Not only is Debian itself one of the largest Linux distros, but it's also one of the most popular distros to make derivatives from. Ubuntu Linux, for instance, is a Debian derivative, and the same goes transitively for all of its derivatives, like Linux Mint. Thus there are countless people using Debian's software packages, and countless developers inspect their integrity. Very serious security issues have been discovered (like the infamous Debian SSH PRNG vulnerability ), but backdoors or other types of intentionally placed security holes have never been found to our knowledge.

Trusting Tor Tails anonymity is based on Tor, which is developed by The Tor Project . The development of Tor is under a lot of public scrutiny both academically (research on attacks and defenses on onion routing) and engineering-wise (Tor's code has gone through several external audits, and many independent developers have read through the sources for other reasons). Again, security issues have been reported, but nothing malicious like a backdoor -- we would argue that it's only uninformed conspiracy theorists that speculate about deliberate backdoors in Tor these days. Furthermore, Tor's distributed trust model makes it hard for a single entity to capture an individual's traffic and effectively identify them.

Trusting Tails One could say that Tails is the union of Debian and Tor. What we do, essentially, is gluing it all together. Hence, if you trust Debian and The Tor Project, what remains to establish trust for Tails is to trust our "glue". As has been mentioned, Tails is Free software, so its source code is completely open for inspection, and it's mainly comprised by a specification of which Debian software packages to install, and how they should be


Page 3 of 3

configured. While Tails surely doesn't get the same amount of attention as Debian or Tor, we do have some eyes on us from especially the Tor community, and also some of the general security community (see our audits page). Given that Tails' source code is comparably small and devoid of complexities, we're in a pretty good spot compared to many other projects of similar nature. Our specification and design document is a good starting point to understand how Tails works, by the way. With all this in light (which you ideally also should try to verify), you should be able to make an informed decision on whether or not you should trust our software.

Last edited Sat 08 Sep 2012 07:15:42 AM CEST

Tails - Download, verify and install

Page 1 of 6

Download, verify and install

English

DE

FR

Download, verify and install Tails is Free Software, you can download it, use it and share it without restriction.

Download

Tails 0.22

December 11, 2013

1. First time user? 2. Download the ISO image 3. Verify the ISO image 4. Install or upgrade Tails 5. Stay tuned 6. Start Tails!

About Getting started… Documentation Help & Support

First time user?

Contribute

• If you don't know what a metadata or a man-in-the-middle attack is. • If you think no-one can eavesdrop on your communications because you are using Tor. • If you have no notion of how Tails works.

Then, check first the about and warning pages to make sure that Tails is the right tool for you and that you understand well its limitations.

Download the ISO image You will download Tails in the form of an ISO image+: a single file that you will later burn on a DVD or install onto a USB stick or SD card.

PT


Page 2 of 6

Direct download

BitTorrent download

LATEST RELEASE

LATEST RELEASE

Tails 0.22 ISO image

Tails 0.22 torrent

CRYPTOGRAPHIC

CRYPTOGRAPHIC

SIGNATURE

SIGNATURE

Tails 0.22 signature

The cryptographic signature of the ISO image is also included in the

If you're not sure what the

Torrent.

cryptographic signature is, please read the part on verifying the ISO

Additionally, you can verify the

image.

signature of the Torrent file itself before downloading it.

SET UP A WEB MIRROR SEED BACK! If you're running a web server, you're most welcome to help us

Seeding back the image once you

spread Tails by setting up a web

have downloaded it is also a nice

mirror.

and easy way of helping spread Tails.

Verify the ISO image It is important to check the integrity+ of the ISO image you downloaded to make sure that the download went well. Those techniques rely on standard HTTPS and certificate authorities + to make you trust the content of this website. But, as explained on our warning page, you could still be victim of a man-in-the-middle attack while using HTTPS. On this website as much as on any other of the Internet. As a consequence, they don't provide you with a strong way of

checking the ISO image authenticity+ and making sure you downloaded a genuine Tails. In a dedicated section, we will propose you some more advanced techniques to check the authenticity of the ISO image.


Page 3 of 6

All Tails ISO image are cryptographically signed by our OpenPGP key. OpenPGP is a standard for data encryption that provides cryptographic privacy and authentication through the use of keys owned by its users. Checking this signature is the recommended way of checking the ISO image integrity. If you already know how to use an OpenPGP key you can download it straight away:

Tails signing key Otherwise, read our instructions to check the ISO image integrity: • Using Linux with Gnome: Ubuntu, Debian, Tails, etc. • Using Linux with the command line • Using other operating systems

So how can I better check the ISO image authenticity? The Tails signing key that you downloaded from this website could be a fake one if you were victim of a man-in-the-middle attack. Finding a way of trusting better Tails signing key would allow you to authenticate better the ISO image you downloaded. The following page will give you hints on how to increase the trust you can put in the Tails signing key you downloaded: • Trusting Tails signing key

Install or upgrade Tails Upgrading Tails on a USB stick or SD card If you already have an older version of Tails installed onto a USB stick or SD card, follow the upgrade instructions from the documentation.

Installing Tails You can either burn Tails onto a DVD or install it onto a USB stick or SD card.

BURNING A DVD • DVDs are read-only so your Tails can't be altered by a virus or an attacker.


Page 4 of 6

• DVDs are cheap but you will need to burn a new DVD each time you update your version of Tails. • You could also use a DVD-RW but those are not read-only. For detailed instructions on how to burn an ISO image under Linux, Windows or Mac OS X you can consult the corresponding Ubuntu documentation : just replace the Ubuntu ISO image by the Tails ISO image you downloaded and ignore the part on verifying the data integrity since you've already done that.

INSTALLING ONTO A USB STICK OR SD CARD The content of the device will be lost in the operation. • An attacker with physical access to your device or through a virus could alter your Tails. • USB sticks and SD cards can be upgraded to future versions of Tails. • You can use persistence and store your documents and configuration in an encrypted persistent volume on the same device. • USB sticks and SD cards are smaller to fit in your pocket. • Some older computers might not be able to start from a USB stick or SD card. • Some USB sticks, SD cards, or SD card adapters have a read-only switch that can prevent your Tails from being altered, but be aware that this protection is most probably not ensured by the device itself: do not rely on untrusted computers to respect this feature. See the corresponding documentation.

Stay tuned It's very important to keep your version of Tails up-to-date, otherwise your system will be vulnerable to numerous security holes. The development team is doing its best to release new versions fixing known security holes on a regular basis. New versions are announced on our news mailing-list

. Drop your email address into

this box, then hit the button to subscribe: Subscribe to the news mailing-list.

There also are RSS and Atom feeds that announce new available BitTorrent files. Refer to our security announcements feed for more detailed information about the security holes affecting Tails. Furthermore you will be automatically notified of the security holes affecting the version you are using at the startup of a new Tails session.


Page 5 of 6

Since Tails is based on Debian, it takes advantage of all the work done by the Debian security team. As quoted from (http://security.debian.org/) : Debian takes security very seriously. We handle all security problems brought to our attention and ensure that they are corrected within a reasonable timeframe. Many advisories are coordinated with other free software vendors and are published the same day a vulnerability is made public and we also have a Security Audit team that reviews the archive looking for new or unfixed security bugs. Experience has shown that "security through obscurity" does not work. Public disclosure allows for more rapid and better solutions to security problems. In that vein, this page addresses Debian's status with respect to various known security holes, which could potentially affect Debian.

Start Tails! Now that you have a Tails device you can shutdown your computer and start using Tails without altering your existing operating system.

If you are using a DVD: Put the Tails DVD into the CD/DVD-drive and restart the computer. You should see a welcome screen prompting you to choose your language. If you don't get this menu, you can consult the Ubuntu documentation about booting from the CD for more information, especially the part on the BIOS settings .

If you are using a USB stick or SD card: Shutdown the computer, plug your device and start the computer. You should see a welcome screen prompting you to choose your language. If your computer does not automatically do so, you might need to edit the BIOS settings. Restart your computer, and watch for a message telling you which key to press to enter the BIOS setup. It will usually be one of F1, F2, DEL, ESC or F10. Press this key while your computer is booting to edit your BIOS settings. You need to edit the Boot Order. Depending on your computer you should see an entry for ' removable drive' or 'USB media'. Move this to the top of the list to force the computer to attempt to start from your device before starting from the internal hard disk. Save your changes and continue. For more detailed instruction on how to boot from USB you can read About.com: How To Boot your Computer from a Bootable USB Device If you have problems accessing the BIOS, try to read pendrivelinux.com: How to Access BIOS

Tails - First steps with Tails

doc

Page 1 of 1

First steps with Tails

English

First steps with Tails • Installing onto a USB Stick or SD card (recommended) ◦ Manually Installing onto a USB Stick or SD

Download

Tails 0.22

December 11, 2013

card, using Linux, using Windows using Mac ◦ Uninstalling Tails or resetting a USB Stick

About

or SD card, using Linux, using Windows • Upgrading a Tails USB Stick or SD card

Getting started…

• Start Tails • Startup Options

Documentation

◦ Administration Password ◦ Tor Bridge Mode

Help & Support

◦ Windows Camouflage • Introduction to GNOME and the Tails Desktop

Contribute

• Accessibility • Persistence ◦ Warnings About Persistence ◦ Create & Configure the Persistent Volume ◦ Enable & Use the Persistent Volume ◦ Delete the Persistent Volume ◦ Manually copy your persistent data to a new device ◦ Upgrade to more secure persistent volume settings • Report an error ◦ Tails does not start • Shutting down Tails

Last edited Sun 20 Nov 2011 03:31:21 PM CET

DE

FR

PT

Tails - Installing onto a USB Stick or SD card

doc

first steps

Page 1 of 2

Installing onto a USB Stick or SD card

English

DE

FR

Installing onto a USB Stick or SD card Tails includes a custom installer for USB sticks and SD cards.

Download

Tails 0.22

December 11, 2013

In order to use Tails Installer , you need to start Tails from another media, and clone it onto the device of your choice, USB stick or SD card. To

About

do that, you can either:

Getting started… • Burn a Tails DVD (recommended). • Use another Tails USB stick or SD card ,

Documentation

for example from a friend. • Manually install Tails onto another USB

Help & Support

stick or SD card, if you cannot use a DVD. Using Tails Installer allows you to later create a

Contribute

persistent volume in the free space left on the device. This requires a USB stick or SD card of at least 4 GB.

Instructions • All the data on the installed device will be lost. • This operation does not securely delete the lost data on the

installed device. • This operation does not copy the persistent volume of the

device which is being cloned.

1. Start Tails from another media than the device, USB stick or SD card, onto which you want to install Tails. 2. Choose Applications ▸ Tails ▸ Tails Installer to start Tails Installer .

PT

Tails - Installing onto a USB Stick or SD card

Page 2 of 2

3. To install onto a new device, click on the Clone & Install button. 4. Plug the device onto which you want to install Tails. A new device, which corresponds to the USB stick or SD card, appears in the Target

Device drop-down list. 5. Choose this new device from the Target Device drop-down list. 6. To start the installation, click on the Install Tails button. 7. Read the warning message in the pop-up window. Click on the Yes button to confirm.

After the installation completes, you can start Tails from this new device.

Last edited Sun 22 Dec 2013 07:55:28 PM CET

Tails - Manually installing onto a USB Stick or SD card

doc

first steps

installation

Page 1 of 1

Manually installing onto a USB Stick or SD card

English

DE

Manually installing onto a USB Stick or SD card It is recommended to use Tails Installer to install Tails onto a USB stick or SD card. But you might need to use this technique to get a first running

Download

Tails 0.22

December 11, 2013

Tails, and be able to use Tails Installer on a second device.

About This technique does not allow you to set up a persistent volume. • Manual installation using Linux

Getting started… Documentation

• Manual installation using Windows • Manual installation using Mac

Help & Support Contribute


FR

PT

Tails - Manual installation using Windows

doc

first steps

installation

Page 1 of 5

manual

Manual installation using Windows

English

DE

Manual installation using Windows This technique uses the Universal USB Installer, for more info or more help visit http://www.pendrivelinux.com/ .

Download

Tails 0.22

December 11, 2013

INSERT A USB STICK WITH AT LEAST 2GB OF FREE SPACE DOWNLOAD THE UNIVERSAL USB INSTALLER CLICK 'RUN' WHEN PROMPTED

About Getting started… Documentation Help & Support Contribute

IF THE SECURITY DIALOG APPEARS, CONFIRM BY CLICKING 'RUN'

FR

PT


Page 2 of 5

READ THE LICENCE AGREEMENT AND CHOOSE 'I AGREE' TO CONTINUE

SELECT TAILS FROM THE DROPDOWN LIST


CLICK 'BROWSE' AND OPEN THE DOWNLOADED ISO FILE

CHOOSE THE USB DRIVE

Page 3 of 5


CLICK 'CREATE'

After the installation completes, you can start Tails from this new USB stick.

Page 4 of 5

Tails - Manual installation using Mac

doc

first steps

installation

Page 1 of 5

manual

Manual installation using Mac

English

DE

Manual installation using Mac This technique uses the command line.

Download

Tails 0.22 1. 2. 3. 4. 5. 6.

Setup rEFInd Find out the device name of the USB stick Unmount the USB drive Run isohybrid.pl on the ISO image Do the copy Notes

December 11, 2013


Setup rEFInd

Contribute

You need to have rEFInd installed and working on the Mac. If you need help with rEFInd, look at their installation documentation . rEFInd will replace your original bootloader. This could cause your Mac to not boot. It is recommended to create a full backup and know how to restore. See Apple's instructions .

Find out the device name of the USB stick The device name should be something like like /dev/disk8, /dev/disk9, etc. If you are not sure about the exact device name, do the following:

FR

PT


Page 2 of 5

1. Unplug Unplug the USB stick. stick. 2. Open Terminal from Applications ▸ Utilities ▸ Terminal.app 3. Execute Execute the the follow following ing command: command:

diskutil list This returns a list of all the current storage devices. devices. For example: example:

$ diskutil list /dev/disk0 #:

TYPE NAME

SIZE

0:

GUID_partition_scheme

*500.1 GB

1:

EFI

209.7 MB

2:

Apple_HFS MacDrive

3:

EFI

4:

Microsoft Basic Data BOOTCAMP

250.0 GB 134.1 GB 115.5 GB





1. Plug back back the USB stick stick and run the same same command command as before: before:

diskutil list A new device should appear in the list of storage devices. Check that the size of the device corresponds to the size of your USB stick.

$ diskutil list /dev/disk0 #:

TYPE NAME

SIZE

0:

GUID_partition_scheme

*500.1 GB

1:

EFI

209.7 MB

2:

Apple_HFS MacDrive

3:

EFI

4:

Microsoft Basic Data BOOTCAMP

250.0 GB 134.1 GB 115.5 GB

/dev/disk1 #: 0: 1: 

TYPE NAME FDisk_partition_scheme Apple_HFS Untitled 1

SIZE *4.0 GB 4.0 GB 

In this example, the USB stick is 4.0 GB and the device name is /dev/disk1. Yours are probably different.


Page 3 of 5

If you are not sure about the device name you should stop proceeding or you risk overwriting any hard drive on the system .

Unmount the USB drive Execute the following command, replacing [device] with the device name found in step 2.

diskutil unmountDisk [device]

Run isohybrid.pl on the ISO image You need to modify the ISO image using isohybrid before copying it onto the USB stick. 1. 2. 3. 4.

Down Downlo load ad syslinux . Double click click on the packa package ge to extract extract it. Copy isohybrid.pl from the /utils folder to the desktop. Copy the the ISO image image (for example example tails-i386-0.17.1.iso) to the desktop.

5. To change change directory directory into into the desktop, desktop, execut execute: e:

cd Desktop 6. To ru run isohybrid.pl on the ISO image, execute the following command, replacing [tails.iso] with the path to the ISO image that you want to install.

perl isohybrid.pl [tails.iso] Here is an example of the commands to execute, yours are probably different:

perl isohybrid.pl tails-i386-0.17.1.iso

If you are not sure about the path to the ISO image or if you get a No such file or directory error, you can first type `perl isohybrid.pl`, followed by a


Page 4 of 5

space, and then drag and drop the icon of the ISO image from a file browser onto Terminal. This should insert the correct path to the ISO image in Terminal. Then complete the command and execute it.

Do the copy Execute the following command, replacing [tails.iso] by the path to the ISO image that you want to copy and [device] by the device name found in step 1.

dd if=[tails.iso] of=[device] You should get something like this:

dd if=tails-0.17.1.iso of=/dev/disk9 If you don't see any error message, Tails is being copied onto the USB stick. The whole process might take some time, generally a few minutes. If you get a "Permission denied" error, try executing the command with sudo:

sudo if=[tails.iso] of=[device] Be careful, if the device name is wrong you might overwriting any hard drive on the system.

Once the command prompt reappears, you can restart your Mac. Wait for the rEFInd menu and select the USB stick to start Tails.

Notes This method was successfully tested on the following hardware: • MacBook Pro Model A1150 with OS X 10.6.8, 2006 • MacBook Pro Retina 15" Mid-2012 (aka MacBookPro10,1) The method worked on some hardware but a bug in the video support prevented Tails to start successfully:


• MacBook Pro Retina with OS X 10.8.3, December 2012 • Macbook Pro model A1150 Note that Tails developers are in general not very knowledgeable about Mac. Any additional information is welcome.

Last edited Sun 05 Jan 2014 06:29:49 PM CET

Page 5 of 5

Tails - Uninstalling Tails or resetting a USB Stick or SD card

doc

first steps

Page 1 of 1

Uninstalling Tails or resetting a USB Stick or SD card

English

DE

Uninstalling Tails or resetting a USB Stick or SD card • Instructions for Linux with GNOME: Ubuntu, Debian, Tails, etc. • Instructions for Windows

Download

Tails 0.22

December 11, 2013



FR

PT

Tails - Resetting a USB stick or SD card using Windows

doc

first steps

reset

Page 1 of 2

Resetting a USB stick or SD card using Windows

English

DE

FR

Resetting a USB stick or SD card using Windows The following instructions do not

Download

work on Windows XP.

Tails 0.22

The version of Diskpart on Windows XP

December 11, 2013

does not list removable disks.

About

Using Diskpart You might overwrite any hard drive on the computer. If at some point you are not sure about the disk number, stop proceeding.


1. Make sure that the USB stick or SD card that you want to reset is unplugged. 2. Click on the Start button, and choose All Programs ▸ Accessories ▸ Command

Prompt, to open the Command Prompt , More help on how to start the Command Prompt 3. Execute the diskpart command, to start Diskpart . 4. Execute the list disk command to obtain information about each disk in the computer. For example:

Diskpart> list disk

PT

Tails - Resetting a USB stick or SD card using Windows

Page 2 of 2

Disk ###

Status

Size

Free

Dyn

Gpt

--------

----------

-------

-------

---

---

Disk 0

Online

80 GB

0 B

5. Plug the USB stick or SD card that you want to reset. Run the list disk command again. A new disk, which corresponds to that device, appears in the list. For example:

Diskpart> list disk Disk ###

Status

Size

Free

Dyn

Gpt

--------

----------

-------

-------

---

---

Disk 0

Online

80 GB

0 B

Disk 1

Online

4 GB

0 B

Make sure that its size corresponds to the size of the device that you want to reset. Note down the disk number assigned by Diskpart to the device. 6. To select the device, execute the following command: select disk=number . Replace number by the disk number of the device that you want to reset. 7. Execute the clean command to delete the partition table from the device. 8. Execute the convert mbr command to create a new partition table on the device. 9. Execute the create partition primary command to create a new primary partition on the device.

Troubleshooting See the Diskpart documentation from Microsoft Support


.

Formatting a USB Drive Back to MBR after GUID | Robert Douglas Bingham

Page 1 of 2

Robert Douglas Bingham 18th May 2011

Formatting a USB Drive Back to MBR after GUID y therobomeister Sometimes Macs do crazy things to our filesystems. Shame, they’re a little special. After using a GUID ith HFS+ (Mac Extended Journaled) I often get an error saying that the disk is 200mb, regardless of the size. Also, after formatting back to MBR and FAT32 in OSX, the disk often won’t work devices such as car radios, DVD players and home hifi’s with Mp3 / DivX compatibility. Here’s an easy little fix I found on the Microsoft Technet website that’s never failed me.

What You Need ◦

◦

A PC running Windows Your USB pendrive

Method 1. Plug the pendrive in, and don’t click format or anything 2. Run Command Prompt 3. Type the following commands (where x = your disk number. This will make sense soon): diskpart list disk select disk x clean create partition primary select partition 1 active format fs=fat32 quick assign

Formatting a USB Drive Back to MBR after GUID | Robert Douglas Bingham

Page 2 of 2

This filesystem is pretty solid. From there you can do whatever you want with it, as it should be legible y any machine. About these ads (http://en.wordpress.com/about these ads/) -

-

This entry was posted on Wednesday, May 18th, 2011 at 9:54 am and posted in Tech. You can follow any responses to this entry through the RSS 2.0 feed. Subscribe RSS Blog at WordPress.com. The Elegant Grunge Theme. Follow

Follow “Robert Douglas Bingham” Powered by WordPress.com

Tails - Upgrading a Tails USB Stick or SD card

doc

first steps

Page 1 of 2

Upgrading a Tails USB Stick or SD card

English

DE

FR

Upgrading a Tails USB Stick or SD card Tails Installer also allows you to upgrade a USB stick or SD card to a newer version of Tails.

Download

Tails 0.22

December 11, 2013

The following techniques only work if the device, USB stick or SD card, was installed using Tails Installer . The persistent storage on the

About

device will be preserved. There are two methods to do the upgrade: • Upgrade by cloning from another device


which already runs a newer version of Tails • Upgrade from an ISO image of a newer

Help & Support

version of Tails As for the installation, you need to start Tails

Contribute

Installer from another media than the device that you want to upgrade.

Clone & Upgrade 1. Start Tails from the device, USB stick or SD card, that you want to clone from. 2. Choose Applications ▸ Tails ▸ Tails Installer to start Tails Installer . 3. Choose Clone & Upgrade . 4. Plug the device that you want to upgrade. A new device, which corresponds to the USB stick or SD card, appears in the Target

Device drop-down list.

PT

Tails - Upgrading a Tails USB Stick or SD card

Page 2 of 2

5. Choose the device from the Target Device drop-down list. 6. To start the upgrade, click on the Install Tails button. 7. Read the warning message in the pop-up window. Click on the Yes button to confirm.

Upgrade from ISO 1. Start Tails from another media than the device, USB stick or SD card, that you want to upgrade. 2. Choose Applications ▸ Tails ▸ Tails Installer to start Tails Installer . 3. Choose Upgrade from ISO . 4. Plug the device that you want to upgrade. A new device, which corresponds to the USB stick or SD card, appears in the Target

Device drop-down list. 5. Choose the device from the Target Device drop-down list. 6. Click on the Browse button to specify the location of the ISO image. If the ISO image is saved on another media, plug it if necessary and click on the corresponding device in the Places column. If the ISO image is stored in a persistent volume, the corresponding device appears first as Encrypted. Click on the device and, in the popup window, enter the passphrase to unlock it.

7. Read the warning message in the pop-up window. Click on the Yes button to confirm.


Tails - Startup Options

doc

first steps

Page 1 of 3

Startup Options

English

DE

FR

Startup Options When starting Tails, you can specify startup options to alter some of its basic functioning. The two ways of specifying startup options are

Download

Tails 0.22

December 11, 2013

the following:

1. Using the boot menu 2. Using Tails Greeter

About Getting started… Documentation

Using the boot menu The boot menu is the first screen to appears when Tails starts.


The failsafe mode disables some features of the kernel and might work better on some computers. You can try this option if you think you are experiencing errors related to hardware compatibility while starting Tails.

1. To add a boot option, press Tab when the boot menu appears. A list of boot options appears at the bottom of the screen.

PT


Page 2 of 3

1. Press Space, and type the boot option that you want to add. 2. If you want to add more than one boot option, type them one after the other, and separate them by a Space. 3. Then press Enter to start Tails. Here is a list of options that you can add to the boot menu: • bridge , to activate the Tor Bridge Mode • truecrypt , to enable TrueCrypt

Using Tails Greeter Tails Greeter is the set of dialogs that appear after the boot menu, but before the GNOME Desktop appears. This is how to first screen of Tails Greeter looks like:


Page 3 of 3

To start Tails without options, click on the Login button, or just press Enter. To set more options, click on the Yes button. Then click on the Forward button. Here is a list of options that you can set using Tails Greeter : • Set an administration password • Activate Windows Camouflage

Last edited Sun 05 Jan 2014 07:54:37 PM CET

Tails - Setting an administration password

doc

first st steps

startup op options

Page 1 of 2

Setting an an ad administration pa password

English

DE

FR

Setting an administration password In Tails, an administration password is required to perform system administration tasks. For example:

Download

Tails 0.22

December 11, 2013

• To install install new new programs programs and and packages packages • To access access the internal internal hard hard disks disks of the the

About

computer • To execu execute te comma commands nds with with

sudo

By default, the administration password is


disabled for better security. This can prevent an attacker with physical or remote access to

Help & Support

your Tails system to gain administration privileges and perform administration tasks

Contribute

against your will. In order to perform administration tasks, you need to set up an administration password when starting Tails, using Tails greeter . 1. When Tails greeter appears, appears, in the Welcome to Tails window, click on the Yes button. Then click on the Forward button to switch to the Administration

password window. 2. In th the Administration password window, specify a password of your choice in both the Password and Verify Password text boxes. Then click on the Login button to start the GNOME Desktop. Desktop.

How to open a root terminal To open a root terminal, terminal, you can do any of the the following:

Applications ▸ Accessories ▸ Root Terminal. • Choos oose Applications

PT

Tails - Tor Bridge Mode

doc

first steps

Page 1 of 3

startup options

Tor Bridge Mode

English

DE

FR

Tor Bridge Mode 1. What bridges are and when to use them 2. How to use bridges in Tails 3. If using Tor is dangerous in your country

Download

Tails 0.22

December 11, 2013

What bridges are and

About

when to use them

Getting started…

When using Tor with Tails in its default configuration, anyone who can observe the traffic of your Internet connection (for example your Internet Service Provider and perhaps your government and law enforcement agencies) can


know that you are using Tor. This may be an issue issue if you are in a country where the following applies: applies: 1. Using Tor is blocked by censorship: since all connections to the Internet are forced to go through Tor, this would render Tails useless for everything except for working offline on documents, etc. 2. Using Tor is dangerous or considered suspicious: in this case starting Tails in its default configuration might get you into serious trouble. Tor bridges, also called Tor bridge relays, are are alternative entry points to the Tor network that are not all listed publicly. Using a bridge makes it harder, but not impossible, for your Internet Service Provider to know that you are using Tor. If you are in one of the situations described above you might want to use Tor bridges in Tails. Please Please also read The Tor Project's dedicated page about bridges idea about what bridges are.

to get a general

PT

Tails - Tor Bridge Mode

Page 2 of 3

In order to use bridges, you must know in advance the address of at least one bridge. The Tor Project distributes distributes bridge addresses addresses in several several ways, for example from their their website and via email.

Bridges are less reliable and tend to have lower performance than other entry points.

How to use bridges in Tails Tails provides a bridge mode that mode that guides you through the process of setting up bridges before connecting to Tor. Note that you must have at hand at least one bridge address before starting Tails. For example, you can write it down on a piece of paper or store it in a persistent volume. volume. To activate the bridge mode, mode, add the bridge boot option to the boot menu. menu. For detailed instructions, see the documentation on using the boot menu. menu.

If using Tor is dangerous in your country The Tor Project's documentation on bridges mainly focuses on censorship circumvention, this means when the usage of Tor is blocked by censorship. If using Tor is dangerous or considered suspicious in your country, then there are some extra rules that you should follow in order to prevent you from being identified as a Tor user.

Bridges are important tools that work in many cases but they are not an

absolute protection against the technical progress that an adversary could do to identify Tor users.

1. Always Always star startt Tails Tails in bridge mode. mode. 2. Only Only use use obfuscated bridges since they are harder to identify than other bridges. 3. The less publicly publicly known the bridges are, are, the better. better. Unfortunately, Unfortunately, since some some bridge addresses can be obtained by anyone from the Tor website or by email, it is also possible for an adversary to get the same bridge information by the same means. The Tor Project has some some protection against against that, but they are are far from being perfect. perfect. So the best is if you can find a trusted friend or an organisation in a different country who runs a "private" obfuscated bridge for bridge for you. In this case "private" means that the bridge is configured with the option PublishServerDescriptor 0. Without this option The Tor Project can learn about the bridge and may distribute its address to others and so it could end up in the hands of your adversary.

Tails - Windows Camouflage

doc

first steps

Page 1 of 2

startup options

Windows Camouflage

English

Windows Camouflage If you are using a computer in public you may want to avoid attracting unwanted attention by changing the way Tails looks into something that

Download

Tails 0.22

December 11, 2013

resembles Microsoft Windows XP. When Tails is starting up the Windows

About

Camouflage can be activated in Tails greeter by choosing Yes to More options? and then

Getting started…

enabling the checkbox labelled Activate

Microsoft Windows XP Camouflage. This is how your Tails desktop will look like:


DE

FR

PT

Tails - Windows Camouflage


Page 2 of 2

Tails - Introduction to GNOME and the Tails desktop

doc

first steps

Page 1 of 5

Introduction to GNOME and the Tails desktop

English

Introduction to GNOME and the Tails desktop The graphical user interface used in Tails is called GNOME and shares many fundamentals with that of Microsoft Windows, Mac OS X and most other modern operating

Download

Tails 0.22

December 11, 2013

systems, so if you have used any of them, getting used to GNOME will take no time. As this document is not intended as a complete guide for GNOME there are only a few things

About

about it that we will mention here to spare you some time.

Getting started… 1. Top navigation bar 1. Applications menu 2. Places menu 3. System menu 4. Applications Shortcuts 5. Notification area


2. Bottom panel 3. Desktop shortcuts 4. Managing files with Nautilus

Top navigation bar First of all, in the upper left corner of the screen there is a button with a logo in it, followed by three menus: Applications, Places and System.

Applications menu The Applications menu is where you will find shortcuts to the installed applications. Please explore the different categories and try out those that seem interesting.

DE

FR

PT

Tails - Introduction to GNOME GNOME and the Tails desktop

Places menu Places menu is here to make it easy to access storage medias. The Places menu

System menu System menu allows to customize the GNOME desktop or the system. The System menu

Here are a few ones that you might want to check:

Preferences ▸ Keyboard Keyboard:: change the keyboard layout and other preferences

Page Page 2 of 5


Page Page 3 of 5

Preferences ▸ Monitors Monitors:: change the resolution and position of the display

Preferences ▸ Passwords and Encryption Keys Keys:: manage your OpenPGP keys

Administration ▸ Administration ▸ Printing: Printing: configure printers, see Printing and scanning. scanning .

Administration ▸ Administration ▸ Synaptic Package Manager: Manager: install, remove and upgrade software packages

Applications Shortcuts On the right of these three menu entries, a few shortcuts allow to launch the most frequently used applications.

Tor Browser: Browser: browse the World Wide Web See the corresponding documentation

Claws Mail: Mail: email client

Pidgin: Pidgin: instant messaging client See the corresponding documentation

KeePassX: KeePassX: password manager See the corresponding documentation

GNOME Terminal: Terminal: use the command line

Notification area In the upper right corner you will find a couple of icons, each of which offers an interface for some system feature or running application. You are encouraged to check these icons out with the left and right mouse buttons.

Vidalia: Vidalia: graphical controller for Tor See the corresponding documentation


Page Page 4 of 5

gpgApplet: gpgApplet: encryption and decrypt the clipboard using OpenPGP See the corresponding documentation

Florence: Florence: virtual keyboard See the corresponding documentation

Network Manager: Manager: handle your wireless or cabled network connection See the corresponding documentation

Power Manager: Manager: information about your battery, if you are using a laptop

Audio Volume: Volume: control the audio volume

System Shutdown: Shutdown: shut down or restart the system

Bottom panel On the bottom of the screen is another panel.

Desktop shortcut shortcut:: allows to minimize all open windows to show the desktop.

Then come the the buttons for open windows windows and on the right, a set set of four similar similar rectangle rectangle icons gives access to four different workspaces.

Desktop shortcuts Computer: Computer: access storage media

amnesia's Home: Home: shortcut to the default user's folder

Trash: Trash: where the "deleted" files are moved

Tails documentation: documentation: open a local copy of Tails website and documentation

Tails - Introduction to GNOME and the Tails desktop

Report an error: help you troubleshoot Tails

Managing files with Nautilus Nautilus is GNOME's file manager, FTP, SFTP client and more.

To manage local files, follow links on the desktop or from the Places menu at top right corner of the screen. To move files or folders, you can drag them from one window and drop them to another. To connect to remote FTP or SFTP server, go to Places ▸ Connect to Server....


Page 5 of 5

Tails - Accessibility

doc

first steps

Page 1 of 2

Accessibility

English

DE

FR

Accessibility Tails uses the GNOME Desktop that provides many accessibility features as documented in the GNOME Access Guide

. For a summary of

Download

Tails 0.22

December 11, 2013

those features, read the quick reference section of this guide.

About To hear screen elements spoken to you or

magnify the screen, see the GNOME Orca

Getting started…

section of this guide.

Documentation The screen reading functionality of GNOME Orca does not work neither with the Tor Browser nor with the Unsafe Web Browser .


If you prefer a pointing device over the keyboard , you can use the Florence virtual keyboard, instead of the GNOME On-Screen Keyboard. If you are operating a computer one-handed (by joystick, touchscreen, or mouse) or

zero-handed (by head-mouse or eyetracker), you can use the Dasher graphical predictive text entry application. If you prefer high contrast, large print or inversed colors , you can change the default theme: 1. Choose System ▸ Preferences ▸ Appearance . 2. Select one of the theme to apply it. The following themes are available: ◦ High Contrast ◦ High Contrast Inverse ◦ High Contrast Large Print ◦ High Contrast Large Print Inverse ◦ Large Print

PT

Tails - Accessibility

◦ Low Contrast ◦ Low Contrast Large Print 3. For large print themes, click the Apply Font to change the font size. 4. Click Close.

Last edited Wed 11 Dec 2013 05:07:12 PM CET

Page 2 of 2

Tails - Persistence

doc

first steps

Page 1 of 2

Persistence

English

DE

FR

Persistence If you start Tails from a USB stick or SD card, you can create a persistent volume in the free space left on the device by Tails Installer . The files in

Download

Tails 0.22

December 11, 2013

the persistent volume are saved and remain available across separate working sessions.

About You can use this persistent volume to store different kinds of files: • your personal files and working documents


• the software packages that you download and install in Tails

Help & Support

• the configuration of the programs you use • your encryption keys

Contribute

The persistent volume is an encrypted partition protected by a passphrase. Once the persistent volume is created, you can choose to activate it or not each time you start Tails.

The use of a persistent volume in a system which is designed to provide anonymity and leave no trace is a complicated issue. Read carefully the warning section.

How to Use the Persistent Volume • Warnings About Persistence • Create & Configure the Persistent Volume • Enable & Use the Persistent Volume • Delete the Persistent Volume

PT

Tails - Warnings About Persistence

doc

first steps

persistence

Page 1 of 2

Warnings About Persistence

English

DE

FR

Warnings About Persistence 1. Storing Sensitive Documents 2. Overwriting Configurations 3. Installing Additional Programs

Download

Tails 0.22

December 11, 2013

4. Browser Plugins 5. Use to the Minimum


Storing Sensitive

Documentation

Documents

Help & Support

The persistent volume is not hidden. An attacker in possession of the device can know

Contribute

that there is a persistent volume on it. Take into consideration that you can be forced or tricked to give out its passphrase. Note also that secure deletion does not work as expected on USB sticks. See the corresponding documentation. Read also how to delete the persistent volume.

Overwriting Configurations The programs included in Tails are carefully configured with security in mind. If you use the persistence volume to overwrite the configuration of the programs included in Tails, it can break this security or render these programs unusable. Be especially careful when using the Dotfiles feature. Furthermore, the anonymity of Tor and Tails relies on making it harder to distinguish one Tails user from another. Changing the default configurations can break your

anonymity.

PT

Tails - Warnings About Persistence

Page 2 of 2

Installing Additional Programs To protect your anonymity and leave no trace, Tails developers select and configure with care programs that work well together. Installing additional programs may

introduce unpredictable problems and may break the protections built-in Tails. Tails developers may not want or may not be capable of helping you to solve those problems.

Browser Plugins The web browser is a central part in a system like Tails. The plugins included in the browser are carefully chosen and configured with security in mind. If you install other

plugins or change their configuration, you can break your anonymity.

Use to the Minimum Use the persistent volume only when necessary and to the minimum. It is always possible to start Tails without activating the persistent volume. All the features of the persistent volume are optional and need to be explicitly activated. Only the files and folders that you specify are saved.


Tails - Create & Configure the Persistent Volume

doc

first steps

persistence

Page 1 of 7

Create & Configure the Persistent Volume

English

DE

Create & Configure the Persistent Volume The use of a persistent volume in a

Download

system which is designed to

Tails 0.22

provide anonymity and leave no

December 11, 2013

trace is a complicated issue. Read carefully the warning section.

1. Start the Persistent Volume Assistant 2. Creating the Persistent Volume 3. Persistent Volume Features 1. Personal Data 2. GnuPG 3. SSH Client 4. Pidgin


5. Claws Mail 6. GNOME Keyring 7. Network Connections 8. APT Packages 9. APT Lists 10. Browser bookmarks 11. Printers 12. Dotfiles 13. Additional software packages

Start the Persistent Volume Assistant To start the persistent volume assistant, choose Applications ▸ Tails ▸ Configure

persistent storage.

FR

PT


Page 2 of 7

The error message Error, Persistence partition is not unlocked. means that the persistent volume was not enabled from Tails greeter . So you can not configure it but you can delete it and create a new one.

Creating the Persistent Volume When run for the first time, or after deleting the persistent volume, the assistant proposes to create a new persistent volume on the device from which Tails is running. 1. The persistent volume is an encrypted partition protected by a passphrase. Specify a passphrase of your choice in both the Passphrase and Verify Passphrase text boxes. 2. Click on the Create button. 3. Wait for the creation to finish.

If the creation is interrupted before it finishes , you may not be able to start Tails from this device any more. This can happen if you close the window of the wizard or unplug the USB stick or SD card during the creation of the persistent volume. Delete and reinstall Tails to fix this issue.

Persistent Volume Features When run from a Tails device that already has a persistent volume, the assistant shows a list of the possible persistence features. Each feature corresponds to a set a files to be saved in the persistent volume.

Restart Tails to apply the changes after selecting or unselecting one or several features.

If you unselect a feature that used to be activated, it will be deactivated after restarting Tails but the corresponding files will remain on the persistent volume.

Personal Data When this feature is activated, you can save your personal files and working documents in the Persistent folder.


Page 3 of 7

To open the Persistent folder, choose Places ▸ Home Folder, and open the Persistent folder.

GnuPG When this feature is activated, the OpenPGP keys that you create or import are saved in the persistent volume.

If you manually edit or overwrite the ~/.gnupg/gpg.conf configuration file you may lessen your anonymity, weaken the encryption defaults or render GnuPG unusable.

SSH Client When this feature is activated, all the files related to the secure-shell client are saved in the persistent volume: • The SSH keys that you create or import • The public keys of the hosts you connect to • The SSH configuration file in ~/.ssh/config If you manually edit the ~/.ssh/config configuration file, make sure not to overwrite the default configuration from the /etc/ssh/ssh_config file. Otherwise, you may weaken the encryption defaults or render SSH unusable.

Pidgin When this feature is activated, all the configuration files of the Pidgin Internet messenger are saved in the persistent volume: • The configuration of your accounts, buddies and chats. • Your OTR encryption keys and keyring. • The content of the discussions is not saved unless you configure Pidgin to do so.


Page 4 of 7

All the configuration options are available from the graphical interface. There is no need to manually edit or overwrite the configuration files.

Claws Mail When this feature is activated, the configuration and emails stored locally by the Claws

Mail email client are saved in the persistent volume. All the configuration options are available from the graphical interface. There is no need to manually edit or overwrite the configuration files.

The emails of a POP3 account created without using the configuration assistant are not stored in the persistent volume by default. For example, when configuring a second email account. To make it persistent choose File ▸ Add Mailbox ▸ MH... and change the location of the mailbox from Mail to .claws-mail/Mail.

GNOME Keyring When this feature is activated, the secrets of GNOME Keyring are saved in the persistent volume. GNOME Keyring is a collection of components in GNOME that store secrets, passwords, keys, certificates and make them available to applications. For more information about

GNOME Keyring see the official documentation .

Network Connections When this feature is activated, the configuration of the network devices and connections is saved in the persistent volume. To save passwords, for example the passwords of encrypted wireless connections, the

GNOME Keyring persistence feature must also be activated.


Page 5 of 7

APT Packages

When this feature is activated, the packages that you install using the Synaptic package manager or the apt-get command are saved in the persistent volume. If you install additional programs, this feature allows you to download them once and reinstall them during future working sessions, even offline. Note that those packages are not automatically installed when restarting Tails. If you activate this feature, it is recommended to activate the APT Lists feature as well.

APT Lists When this feature is activated, the lists of all the software packages available for installation are saved in the persistent volume. Those so called APT lists correspond to the files downloaded while doing Reload from the Synaptic package manager or issuing the apt-get update command. The APT lists are needed to install additional programs or explore the list of available software packages. This feature allows you to reuse them during future working sessions, even offline.

Browser bookmarks When this feature is activated, changes to the bookmarks in the Tor Browser are saved in the persistent volume. This does not apply to the Unsafe web browser.

Printers When this feature is activated, the configuration of the printers is saved in the persistent volume.


Page 6 of 7

Dotfiles

When this feature is activated, all the files in the

/live/persistence/TailsData_unlocked/dotfiles folder are linked in the Home Folder (files in subfolders of dotfiles are also linked in the corresponding subfolder of your Home Folder ). This option is useful if you want to make some specific files persistent, but not the folders they are stored in. A fine example are the so called "dotfiles" (and hence the name of this feature), the hidden configuration files in the root of your ho me directory, like ~/.git and ~/.bashrc.

Additional software packages This is an experimental feature which does not appear in the assistant.

When this feature is enabled, a list of additional software of your choice is automatically installed at the beginning of every working session. The corresponding software packages are stored in the persistent volume. They are automatically upgraded for security after a network connection is established. To use this feature you need to enable both the APT Lists and APT Packages features.

If you are offline and your additional software packages don't install, it might be caused by outdated APT Lists. The issue will be fixed next time you connect Tails to Internet with persistence activated.

To choose the list of additional software, start Tails with an administrator password and edit (as an administrator) the file called /live/persistence/TailsData_unlocked/live-additional-software.conf . Each line of this file must contain the name of a Debian package to be installed as an additional software package. For example, to automatically install the dia software, a diagram editor, and the

fontmatrix software, a font manager, add the following content to live-additional-software.conf: dia fontmatrix


Page 7 of 7

To learn about the many software packages available in Debian, visit http://packages.debian.org/stable/ .

Installing additional software is at your own risk. Most additional software requires extra configuration to be able to connect to the network through Tor, and will not work otherwise. Some other software might, for example, modify the firewall and break the security built in Tails. Software not officially included in Tails is not tested for security.


Tails - Enable & Use the Persistent Volume

doc

first steps

persistence

Page 1 of 2

Enable & Use the Persistent Volume

English

DE

FR

Enable & Use the Persistent Volume The use of a persistent volume in a

Download


Tails 0.22


December 11, 2013


1. Enable the Persistent Volume 2. Use the Persistent Volume


Enable the Persistent

Help & Support

Volume

Contribute

1. When starting Tails, in the Use persistence? dialog of Tails Greeter, choose Yes to enable the persistent volume for the current working session. 2. Enter the passphrase of the persistent volume in the Passphrase text box. 3. If you select the Read-Only check box, the content of persistent volume will be available and you will be able to modify it but the changes will not be saved.

Use the Persistent Volume To open the Persistent folder and access you personal files and working documents, choose Places ▸ Home Folder, and open the Persistent folder. For advanced users, to access the internal content o f the persistent volume choose

Places ▸ File System, and open the folders live ▸ persistent ▸ TailsData_unlocked.

PT

Tails - Delete the Persistent Volume

doc

first steps

persistence

Page 1 of 2

Delete the Persistent Volume

English

DE

FR

Delete the Persistent Volume The use of a persistent volume in a

Download


Tails 0.22


December 11, 2013


To delete the persistent volume of a Tails device, choose Applications ▸ Tails ▸ Delete

persistent storage, and click on the Delete button. This can be useful in order to delete all the files saved to the persistent volume in a single


operation. You can later create a new persistent volume on the same device without having to reinstall Tails.

This technique may not prevent an attacker to recover the files of the old persistent volume using data recovery techniques. For more security, start Tails from another media, and do the following operations on the device that you want to delete securely: 1. Create an encrypted partition on the whole device. This step deletes both Tails and the persistent volume from the device. 2. Securely clean all the available disk space on this new encrypted partition. 3. ?Reinstall Tails on the device. 4. Start Tails from the device and create a new persistent volume.

PT

Tails - Manually copying your persistent data to a new device

doc

first steps

Page 1 of 2

persistence

Manually copying your persistent data to a new device

English

DE

FR

Manually copying your persistent data to a new device These instructions explain how to manually copy your persistent data to a new device. Follow them if you have good reasons to think that your

Download

Tails 0.22

December 11, 2013

persistence settings are corrupted or if want to be extra careful.

About

Create a new device 1. Install the latest Tails onto a new device using the usual installing instructions. Do not use the Tails device that might be corrupted in the process of installing the new one. 2. Create a persistent volume on this new


device. We advice you to use a different passphrase to protect this new persistent volume. 3. Enable again on this new device the persistence features of your choice. 4. Restart Tails and enable persistence.

Rescue your files from the old Tails device 1. Plug in the old Tails device from which you want to rescue your data. 2. Choose Applications ▸ System Tools ▸ Disk Utility to open the GNOME Disk

Utility . 3. In the left panel, click on the device corresponding to the old Tails device. 4. In the right panel, click on the partition labeled as Encrypted. The Partition Label must be TailsData.

PT

Tails - Manually copying your persistent data to a new device

Page 2 of 2

5. Click on Unlock Volume to unlock the old persistent volume. Enter the passphrase of the old persistent volume and click Unlock . 6. Click on the TailsData partition that appears below the Encrypted Volume partition. 7. Click on Mount Volume. The old persistent volume is now mounted as

/media/TailsData. 8. Choose Places ▸ TailsData from the top navigation bar to open the o ld persistent volume. 9. In the file browser, choose File ▸ New Tab and navigate to

/live/persistence/TailsData_unlocked in this new tab. 10. Click on the TailsData tab. 11. To import a folder containing persistent data from the old persistent volume to the new one, drag and drop that folder from the TailsDataonto the TailsData_unlocked tab. When importing a folder, choose to Merge All the folder, and Replace All files. Do not import a folder if you do not know what it is used for. ◦ The apt folder corresponds to the APT Packages and APT Lists persistence features. But it requires administration rights to be imported and this goes beyond the scope of these instructions. Note that this folder does not contain personal data. ◦ The bookmarks folder corresponds to the Browser bookmarks persistence feature. ◦ The claws-mail folder corresponds to the Claws Mail persistence feature. ◦ The dotfiles folder corresponds to the Dotfiles persistence feature. ◦ The gnome-keyring folder corresponds to the GNOME Keyring persistence feature. ◦ The gnupg folder corresponds to the GnuPG persistence feature. ◦ The nm-connections folder corresponds to the Network Connections persistence feature. ◦ The openssh-client folder corresponds to the SSH Client persistence feature. ◦ The Persistent folder corresponds to the Personal Data persistence feature. ◦ The pidgin folder corresponds to the Pidgin persistence feature.

Last edited Mon 02 Dec 2013 05:37:57 PM CET

Tails - Upgrade to more secure persistence settings

doc

first steps

persistence

Page 1 of 4

Upgrade to more secure persistence settings

English

DE

FR

Upgrade to more secure persistence settings Tails 0.21 introduces a more secure access control over the persistent volume settings. This also means that before Tails 0.21, an attacker who could run an exploit from inside your Tails

Download

Tails 0.22

December 11, 2013

session could corrupt the persistent volume settings. By doing this, an attacker could

About

possibly gain persistent administrator rights or install malicious software.

Getting started…

For more technical details about the security of

Documentation

the persistent volume, read our design document.

1. Automatic upgrade


2. Enabling again your custom persistence settings

Automatic upgrade We designed a migration mechanism that allows, in mo st cases, to upgrade automatically to those more secure persistent volume settings. To do this upgrade, once and for all: 1. Start Tails 0.21. 2. Enable persistence without the read-only option. Activating the read-only option prevents Tails from starting correctly until the upgrade is made. 3. If the upgrade is successful, Tails starts as usual and no notification appears. But this automatic upgrade might not be sufficient in some cases.

PT


Page 2 of 4

a. If you skipped the upgrade to Tails 0.21 and upgraded directly to Tails 0.22

or later, then install Tails 0.21 to run the automatic upgrade as described above, or follow the instructions to manually copy your persistent data to a new device. For security reasons the automatic upgrade is not available in Tails 0.22 or later. b. If you have custom persistence settings or use additional software

packages , the corresponding settings are not upgraded automatically. A notification should appear when starting Tails that indicates which persistence settings are temporarily disabled. In that case, follow the instructions to enable again your custom persistence settings. If you have custom persistence settings or use additional software but no notification appear on the desktop, then your Tails system might be corrupted. In that case, follow the instructions to manually copy your persistent data to a new device.

c. If you have good reasons to think that your persistence settings are

corrupted or if you want to be extra careful, then follow the instructions to manually copy your persistent data to a new device.

Enabling again your custom persistence settings Custom persistence settings and additional software are disabled during the automatic upgrade because, there is technically a possibility for these files to be corrupted. These instructions explain how to verify the content of these files and enable again your custom persistence settings. 1. Start Tails and set an administration password. 2. Choose Applications ▸ Accessories ▸ Root Terminal to open a terminal with administration rights. 3. Execute the

nautilus command

to open the file browser.

4. In the file browser navigate to /live/persistence/TailsData_unlocked.

live-persistence.conf.old If there is a file named live-persistence.conf.old in the TailsData_unlocked folder, then some of your persistence settings need to be enabled manually.


Page 3 of 4

1. In the file browser, right-click on the live-persistence.conf.old file and open it by choosing Open with Other Application... and then gedit. 2. Switch back to the file browser, right-click on the persistence.conf file and choose

Open with Other Application... and then gedit to open it in a new tab in gedit . 3. Switch between the two tabs corresponding to those files in gedit and compare their content. Copy from live-persistence.conf.old to persistence.conf the lines corresponding to your custom settings that have not been upgraded automatically. Those missing lines should correspond to your custom directories or other custom persistence settings.

If you detect unexpected lines in live-persistence.conf.old that do not correspond to any change that you have made, they might have been introduced by an attacker. In this case, do the following: 1. Report a bug using WhisperBack and explain which are the lines that look suspicious to you. 2. Keep that Tails device without modifying it in order to analyse it later if needed. 3. Follow the instructions to manually copy your persistent data to a new device.

If you do not detect any suspicious line, close gedit and delete the

live-persistence.conf.old file using the file browser.

live-additional-software.conf.disabled If there is a file named live-additional-software.conf.disabled in the TailsData_unlocked folder, then your additional software need to be enabled manually. 1. In the file browser, right-click on the live-additional-software.conf.disabled file and open it by choosing Open with Other Application... and then gedit. 2. Right-click on the live-additional-software.conf file and choose Open with Other

Application... and then gedit to open it in a new tab in gedit . 3. Copy from live-additional-software.conf.disabled to live-additional-software.conf the lines corresponding to your additional software.

If you detect unexpected lines in live-additional-software.conf.disabled that do not correspond to any additional software added by you, they might have been introduced by an attacker. In this case, do the following: 1. Report a bug using WhisperBack and explain which are the lines that look suspicious to you.


Page 4 of 4

2. Keep that Tails device without modifying it in order to analyse it later if needed. 3. Follow the instructions to manually copy your persistent data to a new device.

If you do not detect any suspicious line, close gedit and delete the

live-additional-software.conf.disabled file using the file browser.

Last edited Mon 02 Dec 2013 05:37:57 PM CET

Tails - Report an error

doc

first steps

Page 1 of 4

Report an error

English

Report an error In this documentation we use the term bug to refer to a software error.

Download

Tails 0.22

December 11, 2013

Reporting bugs is a great way of helping us improving Tails.

About Remember that the more effectively you

report a bug, the more likely we are to fix it.

1. Check if the bug is already known 2. How to write a useful bug report 3. Use WhisperBack 1. Start WhisperBack 2. Write the report


3. Optional email address 4. Optional OpenPGP key 5. Send your report 4. Special cases 1. No internet access 2. Tails does not start

Check if the bug is already known Have a look at: • the list of known issues • the list of things to do • the list of things that will be fixed or improved in the next release

DE

FR

PT


Page 2 of 4

How to write a useful bug report • The first aim of a bug report is to tell the developers exactly how to reproduce

the failure. • If that is not possible, try to describe what went wrong in detail . Write down the error messages, especially if they have numbers. • Write clearly and be precise. Say what you mean, and make sure it cannot be misinterpreted. • Be ready to provide extra information if the developers need it. If they did not need it, they would not be asking for it. You can also refer to the great How to Report Bugs Effectively

, by Simon Tatham.

Use WhisperBack WhisperBack is an application written specifically to report bugs anonymously from inside Tails. If you are not able to use WhisperBack, see the special cases. WhisperBack will help you fill-up a bug report, including relevant technical details and send it to us encrypted and through Tor.

Start WhisperBack To start WhisperBack , choose Applications ▸ System Tools ▸ WhisperBack .

Write the report WhisperBack lets you give plenty of useful information about your bug: • Summary a summary of the bug, try to be short, clear and informative • Name of the affected software • Exact steps to reproduce the error • Actual result and description of the error • Desired result You can also have a look at the technical details to include in your bug report. It will give us information about your hardware, your version of Tails and the startup process.

Optional email address


Page 3 of 4

Giving us an email address allows us to contact you to clarify the problem. But it also provides an opportunity for eavesdroppers, like your email or Internet provider, to confirm that you are using Tails.

Optional OpenPGP key You can also indicate an OpenPGP key corresponding to this email address. You can either give: • a key ID, if the key is available on public key servers • a link to the key, if the key is available on the web • a public key block , if the key is not publicly available

Send your report Once you are done writing your report, send it by clicking the Send button. Once your email has been sent correctly you will get the following notification: Your

message has been sent .

Special cases You might not always be able to use WhisperBack. In those cases, you can also send your bug report by email directly. Note that if you send the report yourself, it might not be anonymous unless you take special care (e.g. using Tor with a throw-away email account).

No internet access WhisperBack won't be able to send your bug report. The following steps can be used as an alternative method: 1. In Tails, start WhisperBack 2. In the bug report window, expand "technical details to include" 3. Copy everything in the "debugging info" box 4. Paste it to another document (using gedit for instance) 5. Save the document on a USB stick 6. Boot into a system with Internet connection and send your report

Tails - Tails does not start

doc

first steps

Page 1 of 3

bug reporting

Tails does not start

English

DE

FR

Tails does not start If Tails does not start properly, refer first to the known issues page. Similar issues might have already been reported for the same model of

Download

Tails 0.22

December 11, 2013

computer. Otherwise refer to the following sections,

About

depending on whether or not the boot menu appears when starting Tails:

1. Tails does not start at all 2. Tails does not start entirely


Tails does not start at all The following section applies if the boot menu does not appears when starting Tails. Send us an email including the following information: 1. Which is the brand, and model of the computer? 2. What exactly happens when trying to start? Report the complete error message that appears on the screen, if any. 3. From which media are you trying to start Tails: DVD, USB stick installed manually, USB stick installed with Tails Installer, SD card? Keep in mind that, we do not support any other installation method than the ones listed above. 4. Have you been able to start Tails successfully on this computer before, from another media, or with another version of Tails? If so, which ones? 5. Does the same media start successfully on other computers?

PT

Tails - Tails does not start

Page 2 of 3

6. Have you been able to start Tails successfully on the same computer using different installation methods? For example, it might start from a DVD but not from a USB stick. 7. What installation method did you use to set up Tails? If you are knowledgeable about BIOS configuration, you can also try the following: 1. Make sure the computer is configured to start with legacy BIOS support first, and not UEFI. 2. Try to upgrade your BIOS version.

Tails does not start entirely The following section applies if the boot menu appears but not Tails Greeter when starting Tails. 1. In the graphical boot menu, press TAB. 2. Remove the quiet option from the boot command line. 3. Add the debug and nosplash option. 4. Hopefully, this displays useful messages while starting Tails. You can then include them in a bug report to be sent: ◦ either using WhisperBack if you are able to start Tails from another media, ◦ either by sending us an email 5. If the error message is /bin/sh: can't access tty; job control turned off followed by (initramfs), then try removing the live-media=removable option.

When removing this option, if an adversary installed a fake Tails on an internal hard disk, then you will likely be starting this dangerous operating system instead of the genuine Tails that you intended to use.

If removing live-media=removable allows you to start Tails, please report a bug as documented above: this allows us to improve the list of problematic USB sticks. In this case, you should install Tails on another, better supported USB stick.

Tails - Shutting down Tails

doc

first steps

Page 1 of 1

Shutting down Tails

English

DE

Shutting down Tails There are several ways of shutting down Tails: • By clicking on the system shutdown icon

Download

Tails 0.22

December 11, 2013

located in the upper right corner of the notification area and choosing Shutdown

Immediately or Reboot Immediately .


• By pressing the power button of the computer. • By removing physically the device Tails is


running from. This method does not work with DVD, see ticket #5447 .

This method does not work after using the Tails Installer , see ticket #5677 .

While shutting down, the data stored in RAM + is erased to protect from cold boot attacks.


FR

PT

Tails - Connect to the Internet anonymously

doc

Page 1 of 1

Connect to the Internet anonymously

English

Connect to the Internet anonymously • Networking with NetworkManager • Logging in to captive portals • Controlling Tor with Vidalia

Download

Tails 0.22

December 11, 2013

• Browsing the web with Tor Browser • Chatting with Pidgin & OTR • Using I2P

About

• Why Tor is slow?



DE

FR

PT

Tails - Networking with NetworkManager

doc

anonymous internet

Page 1 of 2

Networking with NetworkManager

English

DE

Networking with NetworkManager The name is quite self-explanatory – this is what you should use to manage your network, which usually only consists of establishing an Internet

Download

Tails 0.22

December 11, 2013

connection. In many cases this is done more or less automatically. For example, if you are connected with wire, NetworkManager will try to

About

obtain network access automatically. If you want to connect via wireless with a supported wireless

Getting started…

adapter, you are basically two clicks away.

Documentation Click on its icon in the notification area to find the list of available connections:


FR

PT

Tails - Networking with NetworkManager

Page 2 of 2

All wireless networks your computer is picking up are listed there, as are all wired networks you have access to (usually one per wire), so the second click is used for choosing any one of these. If the network is protected you will be prompted for a password.

Mobile and Dial-Up Modems NetworkManager supports mobile modems but do not support dial-up modems at the moment. See the corresponding ticket.

VPN There is currently no documented method of using VPN with Tails. See the corresponding ticket.

Last edited Thu 04 Apr 2013 11:32:57 PM CEST

Tails - Logging in to captive portals

doc

anonymous internet

Page 1 of 2

Logging in to captive portals

English

DE

FR

Logging in to captive portals Many publicly accessible Internet connections (usually available through a wireless network connection) require its users to register and login in order to get access to the Internet. This include both free and paid for services that may be found at Internet cafés, libraries, airports, hotels, universities etc. Normally in these situations, a so called captive portal intercepts any website request made and redirects the web browser to a login page. None of that works when Tor is used, so a browser with unrestriced network access is necessary. Note that this means that the Unsafe Browser is NOT anonymous, so use it carefully.

Download

Tails 0.22

December 11, 2013


Tails includes an "Unsafe Browser" for this purpose, and it can be started via the menu: Application -> Internet -> Unsafe Browser. Its red/yellow theme should make it fairly obvious that a different (and in this

case, unsafe) browser is used compared to the normal, safe web browser included in Tails. Security recommendations: • While this browser can be used unrestrictively for anything, it is highly recommended to only use it for the purpose stated above, i.e. to access and login on captive portals. • Do not run this browser at the same time as the normal, anonymous web browser. This makes it easy to not mistake one browser for the other, which could have catastrophic consequences. • When using windows camouflage the red theme is disabled in order to raise less suspicion. It is still possible to quietly identify the Unsafe Browser since it has English Wikipedia as its default (and only) search engine in the Navigation Toolbar. The lack of the onion icon added by Torbutton is another such small visual reminder.

PT

Tails - Controlling Tor with Vidalia

doc

anonymous internet

Page 1 of 3

Controlling Tor with Vidalia

English

Controlling Tor with Vidalia Vidalia is an anonymity manager. Basically this means that it can be used to control Tor, and is automatically launched on network connection.

1. The Network Map 2. The New Identity feature 3. Connect Through a Bridge 4. Configuring a Tor relay 5. Configuring Hidden Services for Tor

As soon as the Tor client managed to establish a route

Download

Tails 0.22

December 11, 2013


to the Tor network, Vidalia hides as an onion icon in the notification area of the screen.

Right-clicking this icon displays a configuration menu.

Contribute

DE

FR

PT


Page 2 of 3

The Network Map The network map displays a window showing a map of the Tor network, a list of Tor relays and a list of currently used routes and their status.

In here, all the Tor nodes in the Tor network are listed, as are all your circuits and connections that go through the Tor network. This requires a bit of technical knowledge of how Tor works in order to understand and use, but it is not at all necessary. From the connection listing it should at least be relatively easy for you to see which exit node and country it appears your connections come from.

The New Identity feature


Page 3 of 3

As explained on our warning page, this feature of Vidalia is not a solution to really separate different contextual identities. Shutdown and restart

Tails instead.

Connect Through a Bridge See the corresponding documentation.

Configuring a Tor relay You can also configure Vidalia to set up yourself as a Tor relay. This helps out the Tor network by relaying the traffic of others. See the corresponding documentation from The Tor Project.

Configuring Hidden Services for Tor Tor allows clients and relays to offer hidden services. That is, you can offer a web server, SSH server, etc. without revealing your IP address to its users. In fact, because you don't use any public address, you can run a hidden service from behind a firewall. See the corresponding documentation from The Tor Project.

Last edited Mon 14 Oct 2013 02:10:01 PM CEST

Tails - Browsing the web with Tor Browser

doc

anonymous internet

Page 1 of 4

Browsing the web with Tor Browser

English

DE

Browsing the web with Tor Browser Download

Tails 0.22

December 11, 2013

About Tor Browser is a rebranded version of the Mozilla Firefox web browser. Given its popularity many of you have probably used it before and its user interface is like any other modern web browser. Here are a few things worth mentioning in the context of Tails.


1. HTTPS Encryption 2. HTTPS Everywhere 3. Torbutton 4. Protection against dangerous JavaScript 5. NoScript to have even more control over JavaScript

HTTPS Encryption Using HTTPS instead of HTTP encrypts your communication while browsing the web. All the data exchanged between your browser and the server you are visiting are encrypted. It prevents the Tor exit node to eavesdrop on your communication. HTTPS also includes mechanisms to authenticate the server you are communicating with. But those mechanisms can be flawed, as explained on our warning page .

FR

PT


Page 2 of 4

For example, here is how the browser looks like when we try to log in an email account at lavabit.com , using their webmail interface :

Notice the small area on the left of the address bar saying "lavabit.com" on a blue background and the address beginning with "https://" (instead of "http://"):

These are the indicators that an encrypted connection using HTTPS is being used. You should try to only use services providing HTTPS when you are sending or retrieving sensitive information (like passwords), otherwise its very easy for an eavesdropper to steal whatever information you are sending or to modify the content of a page on its way to your browser.

HTTPS Everywhere


Page 3 of 4

HTTPS Everywhere is a Firefox extension shipped in Tails and produced as a collaboration between The Tor Project and the Electronic Frontier Foundation

. It

encrypts your communications with a number o f major websites. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS. To learn more about HTTPS Everywhere you can see: • the HTTPS Everywhere homepage • the HTTPS Everywhere FAQ

Torbutton Tor alone is not enough to protect your anonymity and privacy while browsing the web. All modern web browsers, such as Firefox, support JavaScript , Adobe Flash , cookies and other services which have been shown to be able to defeat the anonymity provided by the Tor network. In Tails all such features are handled from inside the browser by an extension called Torbutton which does all sorts of things to prevent the above type of attacks. But that comes at a price: since this will disable some functionalities and some sites might not work as intended. To learn more about Torbutton you can see: • the Torbutton homepage • the Torbutton FAQ

Protection against dangerous JavaScript Having all JavaScript disabled by default would disable a lot of harmless and possibly useful JavaScript and render unusable many websites.


Page 4 of 4

That's why JavaScript is enabled by default in Tails. But we rely on Torbutton to disable all potentially dangerous JavaScript . We consider this as a necessary compromise between security and usability and as of today we are not aware of any JavaScript that would compromise Tails anonymity. For more technical details you can refer to the Torbutton design document .

NoScript to have even more control over JavaScript

For more information you can refer to the NoScript website and features .


Tails - Chatting with Pidgin

doc

anonymous internet

Page 1 of 3

Chatting with Pidgin

English

DE

FR

Chatting with Pidgin For chatting and instant messaging, Tails includes the Pidgin Instant Messenger .

Download

Tails 0.22

December 11, 2013

You can use it to connect to IRC or XMPP (also known as Jabber) servers, and have several accounts connected at the same time. To start Pidgin choose Applications ▸


Internet ▸ Pidgin Instant Messenger or click on the Pidgin icon in the application shortcuts.

Documentation

For more detailed documentation refer to the

Help & Support

official Pidgin user guide .

Contribute 1. Predefined accounts 2. Off-the-record (OTR) encryption 3. Random username generation 4. Adding support for another protocol

Predefined accounts Two accounts are configured in Pidgin by default: • irc.oftc.net to connect to the OFTC IRC server, and join the #tails and #tor chats. • 127.0.0.1 to connect to the I2P IRC server. Those accounts are deactivated when Tails is started. To activate them, choose

Accounts ▸ Enable Accounts , and select the account that you want to enable in the submenu.

PT


Page 2 of 3

Off-the-record (OTR) encryption As explained on its official page , Off-the-Record messaging allows you to have private conversations over instant messaging by providing: • Encryption No one else can read your instant messages. • Authentication You are assured the correspondent is who you think it is. • Deniability The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified. • Perfect forward secrecy If you lose control of your private keys, no previous conversation is compromised. To learn how to use OTR with Pidgin, refer to the documentation from Security in-a-box: How to Use OTR to Initiate a Secure Messaging Session in Pidgin

.

To store your OTR keys and preferences across separate working sessions, you can activate the Pidgin persistent volume feature .

In a private OTR conversation over IRC, a message sent using the /me

command is not encrypted. The person receiving the message is notified by a warning.

Random username generation Every time you start Tails, a random username is generated for all Pidgin accounts. The generator uses a list of common English first names, and modifies them, so that they are almost unique, and does not reveal that you are using Tails. It is based on the language confluxer by Christopher Pound .

If you want to reuse the same username across separate working sessions, you can activate the Pidgin persistent volume feature .

Adding support for another protocol For security reasons, it is only possible to use IRC and XMPP with Pidgin in Tails. Here are the prerequisites to enable another protocol that is supported by Pidgin otherwise:


Page 3 of 3

a. The support in Pidgin for this protocol has been successfully tested in Tails. b. Someone volunteers to maintain the corresponding support in Tails on the long term. c. Someone has verified that the security record of the desired plugin (including open bugs) is good enough. If you want to work on this issue, see our contribute page.

Last edited Fri 09 Aug 2013 03:42:29 PM CEST

How to Use OTR to Initiate a Secure Messaging Session in Pidgin | Security In A Box

how-to booklet

hands-on guides

How to Use OTR to Initiate a Secure Messaging Session in Pidgin List of sections on this page: • • • • •

3.0 About Pidgin and OTR 3.1 How to Configure the Pidgin-OTR Plugin 3.2 The First Step - How to Generate a Private Key and Display its Fingerprint 3.3 The Second Step - How to Authenticate a Messaging Session 3.4 The Third Step - How to Authenticate the Identity of Your Correspondent

3.0 About Pidgin and OTR Both your correspondent and yourself must configure the OTR plugin before you can enable private and secure Instant Messaging (IM) sessions. Given that this OTR plugin was designed especially for Pidgin, it will automatically detect when both parties have installed and properly configured the OTR plugin.

Note: If you request a private conversation with a friend who has neither installed nor configured OTR , it will automatically send a message explaining how they can obtain the OTR plugin.

3.1 How to Configure the Pidgin-OTR Plugin To enable the OTR plugin, perform the following steps:

Step 1. Double click refer to Figure 1).

or select Start > Programs > Pidgin to launch Pidgin and activate the Buddy List window (please

Step 2. Open the Tools menu, and then select the Plugins item as follows:

Page 1 of 7

mobile security • How-to Booklet • Hands-On Guides • Avast! - Anti-Virus • Spybot - Anti-Spyware • Comodo Firewall • KeePass - Secure Password Storage • TrueCrypt - Secure File Storage • Cobian Backup - Secure File Storage • Recuva - File Recovery • Eraser - Secure File Removal • CCleaner - Secure File Deletion and Work Session Wiping • RiseUp - Secure Email Service • Pidgin with OTR Secure Instant Messaging • How to Install the Pidgin and OTR software and then Register and Set Up Your Account to Pidgin • How to Use OTR to Initiate a Secure Messaging Session in Pidgin • How to Create a Google Talk Account • Portable Pidgin and OTR • FAQ and Review • Jitsi - Secure Audio, Video and Instant Text Messaging • Thunderbird with Enigmail and GPG Secure Email Client • gpg4usb - email text and files encryption • Firefox with add-ons Secure Web Browser • Tor - Digital Anonymity and Circumvention • Social networking tools: Facebook, Twitter, and others • Mobile Security

Figure 1: The Buddy List window with the Plugins item selected from the Tools menu This will activate the Plugins window as follows:

Step 2. Scroll down to the Off-the-Record Messaging option, then click its associated check box to enable it.


Figure 2: The Pidgin Plugins window with Off-the-Record Messaging selected

Step 3. Click

to begin configuring the Off-the-Record Messaging windows.

Basically, there are 3 steps involved in configuring OTR properly to effectively enable private and secure IM sessions and they are explained below: • The First Step : This involves generating a unique private key associated with your account, and displaying its fingerprint. The next two steps involve securing the IM session and authenticating your buddies. • The Second Step : This involves one party requesting a private and secure messaging session with another party currently online. • The The Third Step involves authenticating or verifying the identity of your Pidgin buddy . (Note: In Pidgin, a buddy is anyone you correspond with during IM sessions. This process of verifying a buddy's identity is known referred to as authentication in Pidgin. This means establishing that your buddy is exactly the person who he/she is claims to be.

3.2 The First Step - How to Generate a Private Key and Display its Fingerprint Secure chat sessions in Pidgin are enabled by generating a private key for the relevant account. The Off-the-Record configuration window is divided into the Config and the Known fingerprints tabs. The Config tab is used to generate a key for each of your accounts and to set specific OTR options. The Known fingerprints tab contains your friends' keys. You must possess a key for any buddy with whom you wish to chat privately.

Figure 3: The Off-the-Record Messaging screen displaying the C onfig tab

Step 1. To optimise your privacy, check the Enable private messaging, Automatically initiate private messaging and Don't log OTR conversations options in the Config tab as shown in Figure 3 above. Step 2. Click notifying you that a private key is being generated appears as follows:

to begin generating your secure key; a screen

Page 2 of 7


Figure 4: The Generating private key confirmation box

Note: Your buddy must perform the same steps for his/her own account. Step 3. Click

after the private key (which resembles the following), has been generated:

Figure 5: An example of a fingerprint of the key generated by the OTR engine

Important: You have now created a private key for your account. This will be used to encrypt your conversations so that nobody else can read them, even if they do manage to monitor your chat sessions. The fingerprint is a long sequence of letters and numbers used to identify the key for a particular account, as shown in Figure 5 above. Pidgin automatically saves and verifies your fingerprint, and those of your buddies, so that you will not have to remember them.

3.3 The Second Step - How to Authenticate a Private Conversation Step 1. Double-click the account of a buddy who is currently on-line to begin a new IM conversation. If both of you have the OTR plugin installed and properly configured, you will notice that a new OTR button appears at the bottom right corner of your chat window.

Figure 6: A Pidgin messaging window displaying the OTR icon outlined in black

Step 2. Click follows:

to activate its associated pop-up menu, and then select the Start private conversation item as

Figure 7: The pop-up menu w ith the Start private conversation item selected Your Pidgin IM window will then resemble the following screen:

Page 3 of 7


Figure 8: The Pidgin IM window displ aying the Unverified button

Note: Pidgin automatically begin communicating with your buddy's IM program, and generating messages whenever you attempt to enable a private and secure chat session. As a result of this, the that you are now able to have an encrypted conversation with your buddy.

OTR button changes to

, indicating

Warning! Although this conversation is now secure, the identity of your buddy has not been verified yet. Beware: Your buddy might actually be someone else pretending to be your buddy.

3.4 The Third Step - How to Authenticate the Identity of Your Pidgin Buddy You may use one of three methods of identification to authenticate your Pidgin buddy; you could use 1). a pre-arranged secret code phrase or word, 2). pose a question, the answer to which is only known to both of you or 3) manually verify the fingerprints of your key using a different method of communication.

The Secret Code Phrase or Word Method You can arrange a code phrase or word in advance, either by meeting each other in person or by using another communications medium (like a telephone, voice chat by Skype or a mobile phone text message). Once you both type in the same code phrase or word, your session will be authenticated.

Note: The OTR secret code word recognition feature is case sensitive, that is, it can determine the difference between capital (A,B,C) letters and lower case (a,b,c) ones. Bear this in mind when inventing a secret code phrase or word! Step 1 . Click the OTR button in the chat window, then select the Authenticate Buddy item as follows:

Figure 9: The Unverified pop-up menu with the Authenticate buddy item selected This will activate the Authenticate Buddy window, prompting you to select an authentication method.

Step 2. Click

and select Shared Secret as follows:

Figure 10: The Authenticate buddy s creen with the drop-down list revealed

Step 3. Enter the secret code word or phrase as follows:

Page 4 of 7


Figure 11: The Shared Secret screen

Step 4. Click

to activate the following screen:

Figure 12: The Authenticate Buddy window for a fictitious correspondent

Note: At this time your buddy will see window shown on figure 13 at his/her end and will have to enter the same code word. If they match, your session will b e authenticated.

Figure 13: The Authenticate Buddy window for a fictitious correspondent

Once the session is authenticated, the OTR button will change to you are really speaking with your buddy.

. Your session is now secure and you can be sure that

The Question and Answer Method Another method of authenticating each other, is the question and answer method. Create a question and an answer to it. After reading the question, your buddy must type in the exact answer, and if their answer matches yours, your identity will be automatically authenticated.

Step 1. Click the OTR menu in active message window to activate its associated pop-up menu, and then select Authenticate Buddy item (please refer to Figure 9 ).

Page 5 of 7


Figure 14: A Pidgin chat window displaying the OTR icon An Authenticate Buddy window will pop up prompting you to choose the method for authentication.

Step 2. Click the drop-down menu and select the Question and Answer item as follows:

Figure 15: The Authenticate buddy screen

Step 3. Enter a question and its corresponding answer. This question will be sent to your buddy.

Figure 16: The Questions and Answer screen

Page 6 of 7


If your buddy's answer matches yours, then your identities will have been mutually authenticated or verified, and both parties are who they claim to be!

Once the session has been authenticated, the OTR button will change to be certain of your chat buddy's identity.

. Your session will now be secure and you can

Notice that when you Select > Buddy List > Tools > Plugins > Off The Record Messaging > Configure Plugin, the Known fingerprints tab now displays your buddy's account, and a message that their identity has been verified.

Figure 17: The Off-the-Record Messaging screen displaying the Known Fingerprints tab Congratulations! You may now chat privately. The next time you and your buddy chat (using the same computers), you can skip the first and third steps, above. You should only have to request a secure connection and have your buddy accept it. ‹ How to Install the Pidgin and OTR software and then Register and Set Up Your Account to Pidgin » Printer-friendly version Español Tiếng Việt PDF version

ABOUT THIS WEBSITE

CREDITS

up

How to Create a Google Talk Account ›

Burmese 简体中文

DISCLAIMER

Français

SEARCH

Bahasa Indonesia

DOWNLOAD

Русский

CONTACT

Page 7 of 7

Tails - Using I2P

doc

anonymous internet

Page 1 of 1

Using I2P

English

DE

FR

Using I2P I2P is an alternative anonymity network to Tor which supports most common Internet activities like web browsing, email, filesharing etc. Unlike

Download

Tails 0.22

December 11, 2013

Tor, whose main focus arguably is on accessing sites from the "normal" Internet, I2P is more oriented towards being a closed darknet ,

About

separate from the "normal" Internet. Any one running I2P can run an anonymous server, a so

Getting started…

called Eepsite, that is only accessible within I2P using the .i2p top level domain (similar

Documentation

to .onion for Tor hidden services). For instance, the I2P homepage can also be accessed through

Help & Support

I2P via http://www.i2p2.i2p .

Contribute I2P is not started by default in Tails, but can be started manually throught the menu:

Applications -> Internet -> I2P

Once started, the so called router console will open in Tor Browser, which shows I2P's current status, links to many useful I2P resources (forums, email, filesharing etc.) and offers the possibility to shutdown I2P. I2P is integrated in the browser in such a way that all .i2p addresses are accessed correctly through I2P while all other addresses are handled by Tor, all at the same time.


PT

Tails - Why is Tor slow?

doc

anonymous internet

Page 1 of 2

Why is Tor slow?

English

DE

FR

Why is Tor slow? Users often find that the Tor network is slow. This page describes some reasons that make Tor slow. For further explanations, see Why Tor is so

Download

Tails 0.22

December 11, 2013

slow?

Tor circuits lengthen the

About

connections

Getting started…

Tor provides anonymity by building circuits with three relays. So instead of connecting directly to the destination server, a connection is made between each relay of the circuit and this takes more time.


Furthermore, Tor tries to build circuits with relays in different countries which make connection travel more and appear slower.

Quality of the relays The Tor relays are run by volunteers in a decentralized way. So all relays are not of the same quality. Some are big and fast, while some others are smaller and slower. As a whole, the network could be faster it had more capacity. To improve the capacity of the Tor network, you can either run a Tor relay yourself or help existing relays

.

Misuse of the Tor network Some people misuse the Tor network, sometimes on purpose or sometimes by lack of knowledge. For instance, Tor is sometimes used to conduct DDoS attacks . By doing this, the Tor relays are the ones who actually suffer from the attack, instead of the intended target. Some people use peer-to-peer software through Tor which is bad for the network. If you want to use peer-to-peer, it is better to use I2P.

PT

Tails - Encryption & privacy

doc

Page 1 of 1

Encryption & privacy

English

Encryption & privacy • Your data won't be saved unless explicitly asked • Using the virtual keyboard

Download

Tails 0.22

December 11, 2013

• Create and use encrypted volumes • TrueCrypt • Encrypt, decrypt, sign, and verify text using

About

OpenPGP and Tails gpgApplet ◦ Encrypt text with a passphrase

Getting started…

◦ Encrypt and sign text using public-key cryptography

Documentation

◦ Decrypt and verify text • Securely delete files and clean diskspace

Help & Support

using Nautilus Wipe • Manage passwords using KeePassX


Contribute

DE

FR

PT

Tails - Your data won't be saved unless explicitly asked

doc

encryption and privacy

Page 1 of 1

Your data won't be saved unless explicitly asked

English

DE

FR

Your data won't be saved unless explicitly asked As stated in the about page, Tails is designed to leave no trace on the computer you're using unless you ask it explicitly. It is important to

Download

Tails 0.22

December 11, 2013

understand some of the consequences of that. Starting a computer on a media containing Tails

About

doesn't change anything on the operating system actually installed on your hard drive: as a

Getting started…

live system, Tails doesn't need to use your hard drive during the whole session. Be your hard

Documentation

drive absent or damaged, it wouldn't prevent your computer to start Tails. Consequently,

Help & Support

removing the DVD or USB stick containing Tails is enough to retrieve your usual operating

Contribute

system. You should save anything you want to keep for later access into a separate device (other USB stick, other DVD or any device you would choose), or use the persistence feature.

Last edited Thu 04 Apr 2013 11:32:57 PM CEST

PT

Tails - Using the virtual keyboard

doc


Page 1 of 1

Using the virtual keyboard

English

DE

Using the virtual keyboard If you think that the computer that you are using is not trustworthy, for example when using a public computer in a library, everything that you

Download

Tails 0.22

December 11, 2013

type might be recorded by a hardware keylogger .

About You can use the Florence virtual keyboard to protect you against a hardware keylogger when

Getting started…

typing passwords and sensitive text. To display the virtual keyboard, click on the keyboard icon

Documentation

in the notification area.


There is currently no virtual keyboard in Tails Greeter , so a hardware keylogger could record your persistent volume passphrase or administration password.


FR

PT

Tails - Create and use encrypted volumes

doc


Page 1 of 8

Create and use encrypted volumes

English

Create and use encrypted volumes The simplest way to carry around the documents you want to use with Tails and make sure that they haven't been accessed nor modified is to store them in an encrypted volume: a dedicated partition on a USB

Download

Tails 0.22

December 11, 2013

stick or an external hard-disk. Tails comes with utilities for LUKS, a standard for disk-encryption

About

under Linux.

Getting started… • The Gnome Disk Utility, allows you to create encrypted volumes • The Gnome Desktop, allows you to open encrypted volumes

1. Create an encrypted partition 1. Open the Gnome Disk Utility 2. Identify your external storage device 3. Format the device 4. Create a new encrypted partition 5. Use the new partition 2. Open an existing encrypted partition

Create an encrypted partition

Open the Gnome Disk Utility From the menu Applications ▸ System Tools ▸ Disk Utility.


DE

FR

PT


Identify your external storage device The disk utility will list all the current storage devices on the left side of the screen:

Plug in the external storage device that you want to use. A new device should appear in the list of storage devices. Click on it with the cursor:

Page 2 of 8


Format the device Check that the description of the device on the right side of the screen corresponds to your device: its brand, its size, etc.

Click on Format Drive to erase all the existing partitions on the device. If you're not sure, don't change the default option:

Master Boot Record .

Page 3 of 8


You will be prompted with a confirmation message.

Create a new encrypted partition Now the schema of the partitions in the middle of the screen shows an empty device.

Click on Create Partition. A window with options to configure the new partition will appear.

Page 4 of 8


• Size: you can decide to create a partition on the whole device or just on part of it. In this example we are creating a partition of 2.0 GB on a device of 3.9 GB. • Type: you can change the filesystem type of the partition. If you are not sure you can leave the default value:

Ext4.

• Name: you can set a name for the partition. This name will remain invisible until the partition is open but will help you to identify it during use. • Encrypt underlying device: check this box to encrypt the partition! Then click on Create. You will be asked to enter a passphrase for the new partition.

Then click on Create. Creating the partition might take a few seconds after which the schema of the device will display the new encrypted partition:

Page 5 of 8


At this point you can create other partitions in the free space left on the device, if you want, by clicking on it and doing again

Create Partition.

Use the new partition Now you can access this new volume from the Places menu with the name you gave it. You won't be asked for its passphrase unless you unplug it and plug it again.

Open an existing encrypted partition When plugging a device containing an encrypted partition, Tails won't mount it automatically but it will appear in the Places menu. If several partitions appear as

Page 6 of 8


Encrypted, like in the example, you can use its size to guess which one is the one you want to open.

You will be asked to enter the passphrase to unlock the volume.

In case you get it wrong, you will be warned with an error message. You can try to open the partition as before and as many times as you want.

In case you get it right, it will open a file browser in this partition.

Page 7 of 8


Once you are done using the device, to close the encrypted partition choose Places ▸ Computer, right-click on the device, and select Safely Remove Drive.


Page 8 of 8

Tails - TrueCrypt

doc


Page 1 of 1

TrueCrypt

English

DE

FR

TrueCrypt Security considerations

Download

Although TrueCrypt looks like free software,

December 11, 2013

Tails 0.22

concerns over its licence prevent its inclusion in Debian. Truecrypt is also developed in a closed fashion, so while the source code is freely available, it may receive less review than might a comparable openly developed project. For the above reasons, Tails developers do not recommend TrueCrypt . We include TrueCrypt only to allow users of the (old and now unsupported) Incognito live system to access the data on previously created media.


In the future, we would like to replace TrueCrypt with a compatible alternative . However, there might be some time during which that is not possible, and moving away from TrueCrypt is the only sensible way we can go. This means that you should not create new TrueCrypt media if you intend to stay with Tails in the long run.

Using TrueCrypt in Tails TrueCrypt is not enabled by default when Tails starts. In order to use TrueCrypt , add the truecrypt boot option to the boot menu. For detailed instructions, see the

documentation on using the boot menu. Once Tails has started, to start TrueCrypt choose Applications ▸ Accessories ▸

TrueCrypt .

Last edited Sat 05 Oct 2013 02:49:23 PM CEST

PT

Tails - Tails gpgApplet

doc


Page 1 of 1

Tails gpgApplet

English

Tails gpgApplet Tails includes a custom applet, called Tails gpgApplet , to manipulate text using OpenPGP.

Download

Tails 0.22

December 11, 2013

It is unsafe to write confidential text in a web browser since JavaScript attacks can access it from inside the browser. You should rather write your text in a separate application, encrypt it using Tails gpgApplet , and paste the encrypted text in your browser, before sending it by email for example.


Tails gpgApplet is located in the notification area.

With Tails gpgApplet you can: • Encrypt text with a passphrase • Encrypt and sign text with a public key • Decrypt and verify text


DE

FR

PT

Tails - OpenPGP passphrase encryption

doc


Page 1 of 3

gpgapplet

OpenPGP passphrase encryption

English

DE

FR

OpenPGP passphrase encryption With Tails gpgApplet you can encrypt text with

a passphrase using the passphrase encryption of OpenPGP.


Download

Tails 0.22

December 11, 2013


This technique requires you to share a secret passphrase with the people who will decrypt the text. OpenPGP also allows you to use public-key cryptography to send confidential messages without having a shared passphrase. See the corresponding documentation.

1. Write your text in a text editor. Do not write it in the web browser! For example, open gedit from the menu Applications ▸ Accessories ▸ gedit Text

Editor. 2. Select with the mouse the text that you want to encrypt. To copy it into the clipboard , right-click on the selected text and choose Copy from the menu. Tails gpgApplet now shows lines of text, meaning that the clipboard contains nonencrypted text.

PT


Page 2 of 3

3. Click on Tails gpgApplet and select Encrypt Clipboard with Passphrase from the menu. If you receive the error message “ The clipboard does not contain valid input

data”, try to copy your text again, starting from step 2. 4. In the Passphrase dialog box, enter a passphrase of your choice. Repeat the same passphrase in the second dialog box. 5. Tails gpgApplet now shows a padlock, meaning that the clipboard contains encrypted text.

6. To paste the encrypted text into another application, right-click in the application where you want to paste it and choose Paste from the menu. For example, you can paste it into the web browser to send it by email.


Page 3 of 3

You can also decrypt a text that is encrypted with a passphrase using Tails gpgApplet .


Tails - OpenPGP public-key cryptography

doc


Page 1 of 3

gpgapplet

OpenPGP public-key cryptography

English

DE

FR

OpenPGP public-key cryptography With Tails gpgApplet you can encrypt or sign

text using the public key encryption of OpenPGP .


Download

Tails 0.22

December 11, 2013


This technique requires you to use public-key cryptography. If you never used OpenPGP keys before, you might rather want to encrypt your text using a passphrase with OpenPGP passphrase encryption. See the corresponding documentation.

1. Write your text in a text editor. Do not write it in the web browser! For example, open gedit from the menu Applications ▸ Accessories ▸ gedit Text

Editor. 2. Select with the mouse the text that you want to encrypt or sign. To copy it into the clipboard , right-click on the selected text and choose Copy from the menu. Tails gpgApplet now shows lines of text, meaning that the clipboard contains nonencrypted text.

PT


Page 2 of 3

3. Click on Tails gpgApplet and select Sign/Encrypt Clipboard with Public Keys from the menu. If you receive the error message “ The clipboard does not contain valid input

data”, try to copy your text again, starting from step 2. 4. If you want to encrypt the text, select one or more public keys for the recipients of the encrypted text in the Choose keys dialog box. To select a public key, doubleclick on the corresponding line in the Select recipients list box. 5. If you want to sign the text, select the secret key with which you want to sign the text in the Sign message as drop-down list. 6. If you want to hide the recipients of the encrypted text, select the Hide recipients check box. Otherwise anyone who sees the encrypted text can know who the recipients are. 7. Click on the OK button. If you receive the warning message Do you trust these keys , answer it accordingly. 8. If you selected one or several public keys to encrypt the text, Tails gpgApplet now shows a padlock, meaning that the clipboard contains encrypted text.

If you only selected a secret key to sign the text, Tails gpgApplet now shows a seal, meaning that the clipboard contains signed text.

9. To paste the encrypted or signed text into another application, right-click in the application where you want to paste it and choose Paste from the menu.


For example, you can paste it into the web browser to send it by email.

To store your GnuPG keys and configuration across separate working sessions, you can activate the GnuPG persistent volume feature .

You can also decrypt or verify a text that is encrypted or signed using public-key cryptography using Tails gpgApplet .


Page 3 of 3

Tails - Decrypt or verify a text created using OpenPGP

doc


Page 1 of 2

gpgapplet

Decrypt or verify a text created using OpenPGP

English

DE

FR

Decrypt or verify a text created using OpenPGP With Tails gpgApplet you can decrypt text that

is encrypted using OpenPGP or verify text that is signed using OpenPGP.

Download

Tails 0.22

December 11, 2013

1. Select with the mouse the encrypted text that you want to decrypt or the signed text that

About

you want to verify. Include the lines “ ----BEGIN PGP MESSAGE-----“ and “-----END PGP

Getting started…

MESSAGE-----”.

Documentation To copy it into the clipboard , right-click on the selected text and choose Copy from the

Help & Support

menu. 2. If the text that you selected is encrypted,

Contribute

Tails gpgApplet now shows a padlock, meaning that the clipboard contains encrypted text.

If the text that you selected is only signed, but not encrypted, Tails gpgApplet now shows a seal, meaning that the clipboard contains signed text.

PT

Tails - Decrypt or verify a text created using OpenPGP

Page 2 of 2

3. Click on Tails gpgApplet and select Decrypt/Verify Clipboard from the menu. 4. If the text that you selected is only signed and the signature is valid, the GnuPG

results window described in step 6 appears directly. If the text is signed and the signature is invalid, a GnuPG error message appears that mentions BAD signature from…. If the text is encrypted with a passphrase, the Enter passphrase dialog box appears. Enter the passphrase that has been used to encrypt the text and click OK . If the text is encrypted using public-key cryptography, three different dialog boxes can appear. a. If the passphrase for the corresponding private key is not already cached in memory, a dialog box appears with the following message: You need a

passphrase to unlock the secret key for user . Enter the passphrase for this secret key and click OK . b. If the passphrase for the corresponding secret key is already cached in memory, a dialog box appears with the following message: The passphrase is cached in

memory. Click on the Authorize button to use the passphrase cached in memory. c. If no secret key for which the text is encrypted is available in your keyring, a GnuPG error message appears that mentions decryption failed: secret key not

available. 5. If the passphrase provided in step 4 is incorrect, a GnuPG error message appears that mentions decryption failed: bad key . 6. If the passphrase provided in step 4 is correct, or if the signature of the text is valid, or both, a GnuPG results window appears. The decrypted text appears in the Output of GnuPG text box. In the Other messages provided by GnuPG text box, the message Good

signature from…, confirms that the signature of the text is valid. To store your GnuPG keys and configuration across separate working sessions, you can activate the GnuPG persistent volume feature .


Tails - Securely delete files and clean diskspace

doc


Page 1 of 7

Securely delete files and clean diskspace

English

DE

FR

Securely delete files and clean diskspace Download

1. Why use secure deletion? 2. Warning about USB sticks and solid-state drives

Tails 0.22

December 11, 2013

3. Securely delete files 1. Select the files you want to securely delete 2. Securely delete them using Nautilus Wipe 4. Securely clean available disk space 1. Navigate to the disk you want to securely clean 2. Securely clean the available space using Nautilus Wipe


Why use secure deletion?

Contribute

Operating systems do not actually remove the contents of a file when it is deleted , even after emptying the trash or explicitly removing the file, from the command line for example. Instead, they simply remove the file's entry from the file system directory, because this requires less work and is therefore faster. The contents of the file—the actual data—remain on the storage medium. The data will remain there until the operating system reuses the space for new data. Likewise, reformatting, repartitioning or reimaging a system is not always guaranteed to write to every area of the disk, though all will cause the disk to appear empty or, in the case of reimaging, empty except for the files present in the image, to most software. Finally, even when the storage medium is overwritten, physical properties of the medium may make it possible to recover the previous contents. In most cases however, this recovery is not possible by just reading from the storage device in the usual way, but requires using laboratory techniques such as disassembling the device and directly accessing/reading from its components. Quoted from Wikipedia: Secure file deletion

.

PT


Warning about USB sticks and solid-state drives The methods described below will not work as expected on USB sticks and solid-state drives. • The existing hard drive-oriented techniques for secure deletion of individual files are not effective. • Overwriting twice the entire drive is usually, but not always, sufficient to securely clean the drive. Unfortunately, Tails does not currently allow you to perform this task with graphical tools. See the corresponding ticket.

For more details read, the corresponding section of the Wikipedia article on Secure file deletion .

Securely delete files In Tails you can securely delete files thanks to an extension of the Nautilus file manager called Nautilus Wipe .

Select the files you want to securely delete Open Nautilus, either from the Places menu or the Computer icon on the desktop. Navigate to the folder containing the files that you want to delete. Select the files that you want to delete with the mouse.

Page 2 of 7


Securely delete them using Nautilus Wipe Securely delete them by doing right-click ▸ Wipe.

Page 3 of 7


Confirm.

The deletion will start. It can last from a few seconds to several minutes, according to the size of the files. Be patient…

Page 4 of 7


Once the deletion will be done you should be prompted with a message saying:

Securely clean available disk space In order to clean up the contents of all files that were previously suppressed but not securely deleted from a disk, it is also possible to securely clean all the free space on the disk.

This method does not work as expected on solid-state drives or USB sticks.

The disk or the folder may or may not contain other files. Those files will not be deleted during the operation.

Navigate to the disk you want to securely clean Open Nautilus, either from the Places menu or the Computer icon on the desktop. Navigate to a folder on the disk that you want to clean.

Securely clean the available space using Nautilus Wipe Securely clean the available diskspace by doing right-click ▸ Wipe available

diskspace.

Page 5 of 7


Confirm.

The cleaning will start. It can last from a few minutes to a few hours, according to the size of the available diskspace. Be patient… Note that a file called

oooooooo.ooo

is created in the folder. Nautilus Wipe will try to

make it as big as possible to use all the available diskspace and then will securely delete it.

Page 6 of 7


Once the cleaning will be done you should be prompted with a message saying:


Page 7 of 7

Tails - Manage passwords with KeePassX

doc


Page 1 of 3

Manage passwords with KeePassX

English

DE

FR

Manage passwords with KeePassX Using the KeePassX password manager you can:

Download

Tails 0.22

• Store many passwords in an encrypted

December 11, 2013

database which is protected by a single passphrase of your choice.

About

• Always use different and stronger passwords, since you only have to remember a single

Getting started…

passphrase to unlock the entire database. • Generate very strong random passwords.

Documentation

1. Create and save a password database

Help & Support

2. Restore and unlock the password database 3. KeePassX user guide

Contribute

4. Use KeepassX to type a password into Pinentry

Create and save a password database Follow these steps to create a new password database and save it in the persistent volume for use in future working sessions. To learn how to create and configure the persistent volume, read the documentation on persistence. 1. When starting Tails, enable the persistent volume. 2. In the Persistent Volume Assistant , verify that the Personal Data feature is activated. If it is deactivated, activate it, restart Tails, and enable the persistent volume.

PT


Page 2 of 3

3. To start KeePassX , choose Applications ▸ Accessories ▸ KeePassX. 4. To create a new password database, choose File ▸ New Database… 5. The password database is encrypted and protected by a passphrase. ◦ Specify a passphrase of your choice in the Password text box, then click OK . ◦ Type the same passphrase again in the next dialog, then click OK . 6. To store the password database in the persistent volume for use in future working sessions: ◦ Choose File ▸ Save Database. ◦ Enter keepassx in the Name text box. ◦ Select Persistent in the list of folders in the left pane. ◦ Click Save.

Restore and unlock the password database Follow these steps to unlock the password database saved in the persistent volume from a previous working session. 1. When starting Tails, enable the persistent volume. 2. To start KeePassX , choose Applications ▸ Accessories ▸ KeePassX. 3. If a password database is found in the persistent volume, a dialog appears and asks for the passphrase to unlock that password database. Enter the passphrase and click

OK . 4. If you enter an invalid passphrase the following error message appears:

The following error occured while opening the database: Hash test failed. The key is wrong or the file is damaged. Then click OK and try again.

KeePassX user guide To read the official KeePassX user guide, choose Help ▸ KeePassX Handbook .

Use KeepassX to type a password into Pinentry


Page 3 of 3

When using OpenPGP with Claws Mail or GPG Applet for example, you need to enter a password in a Pinentry dialog box. But you cannot copy and paste into it. This is a security feature of Pinentry based on the fact that otherwise the data in the clipboard could be accessed by another application against your will. Use the AutoType feature of KeepassX to type a password into a Pinentry dialog box. 1. Before the Pinentry dialog box appears, open KeepassX and unlock the database. 2. Use OpenPGP with Claws Mail or GPG Applet until the Pinentry dialog box appears. 3. Click on the KeepassX logo in the notification area to switch to KeepassX . Right-click on the entry from which you want to use the password, and choose Perform

AutoType. Do not enter a user name in the KeepassX entry, otherwise KeepassX will type it together with the password in the Pinentry dialog box, and the resulting password will be incorrect.


Tails - Work on sensitive documents

doc

Page 1 of 1

Work on sensitive documents

English

Work on sensitive documents Tails aims at providing a "safe" environment to produce and optionally publish sensitive documents.

Download

Tails 0.22

December 11, 2013

• Office suite • Graphics

About

• Desktop publishing • Audio

Getting started…

• Printing and scanning



DE

FR

PT

Tails - Office suite

doc

sensitive documents

Page 1 of 1

Office suite

English

Office suite Tails includes OpenOffice.org , which is a fullfeatured office productivity suite that provides a near drop-in replacement for Microsoft(R) Office.

Download

Tails 0.22

December 11, 2013

It includes a word processor, a spreadsheet and a presentation application. You can launch them from the Applications ▸


Office



DE

FR

PT

Tails - Graphics

doc

Page 1 of 1

sensitive documents

Graphics

English

Graphics Tails includes The GIMP for The GNU Image Manipulation Program for bitmap graphics. GIMP lets you draw, paint, edit images, and much

Download

Tails 0.22

December 11, 2013

more. For vector-based drawing, Tails includes

About

inkscape .

Getting started… Both are accessible from Applications ▸ Graphics menu.



DE

FR

PT

Tails - Desktop publishing

doc

sensitive documents

Page 1 of 1

Desktop publishing

English

Desktop publishing Scribus is an Open Source Desktop Page Layout accessible from the Applications ▸ Graphics. It can be used for many tasks; from

Download

Tails 0.22

December 11, 2013

booklets design to newspapers, magazines, newsletters and posters to technical documentation. It has sophisticated page layout

About

features like precision placing and rotating of text and/or images on a page, manual kerning of

Getting started…

type, bezier curves polygons, precision placement of objects, layering with RGB and

Documentation

CMYK custom colors. The Scribus document file format is XML-based. Unlike proprietary binary

Help & Support

file formats, even damaged documents can be recovered with a simple text editor.


Contribute

DE

FR

PT

Tails - Audio

doc

Page 1 of 1

sensitive documents

Audio

English

Audio Audacity is a multi-track audio editor for Linux/Unix, MacOS and Windows. It is designed for easy recording, playing and editing of digital

Download

Tails 0.22

December 11, 2013

audio.



DE

FR

PT

Tails - Printing and scanning

doc

sensitive documents

Page 1 of 1

Printing and scanning

English

DE

Printing and scanning 1. Printing 2. Scanning

Download

Tails 0.22

December 11, 2013

Printing To configure a printer or manage your printing jobs choose System ▸ Administration ▸

Printing . To check the compatibility of your printer with Linux and Tails, consult the OpenPrinting database of the Linux Foundation.


To reuse the configuration of the printers across separate working sessions, you can activate the Printers persistent volume feature.

Scanning Tails includes Simple Scan , a tool to scan both documents and photos. To start Simple Scan choose Applications ▸ Graphics ▸ Simple Scan .


FR

PT

Tails - Advanced topics

doc

Page 1 of 1

Advanced topics

English

Advanced topics • Protection against cold boot attacks • Virtualization • Enable a wireless device

Download

Tails 0.22

December 11, 2013

• Enable MAC Changer



DE

FR

PT

Tails - Protection against cold boot attacks

doc

advanced topics

Page 1 of 2

Protection against cold boot attacks

English

DE

FR

Protection against cold boot attacks While using a computer, all the data manipulated is written temporarily in RAM : texts, saved files, but also passwords and

Download

Tails 0.22

December 11, 2013

encryption keys. The more recent the activity, the more likely it is for the data to still be in RAM.

About

After a computer is powered off, the data in RAM

Getting started…

disappears rapidly, but it can remain in RAM up to several minutes after shutdown. An attacker

Documentation

having access to a computer before it disappears completely could recover important data from

Help & Support

your session.

Contribute This can be achieved using a technique called cold boot attack+ . To prevent this attack, the data in RAM is overwritten by random data when shutting down Tails. This erases all traces from your session on that computer.

On some computers Tails might fail to: • erase all the data in RAM on shutdown • completely shutdown or restart (in this case there is no guarantee that all the data in RAM is erased).

Moreover, an attacker having physical access to the computer while Tails is running can recover data from RAM as well. To avoid that, learn the different methods to shutdown Tails rapidly. As far as we know, cold boot attacks are not a commo n procedure for data recovery, but it might still be good to be prepared.

PT

Tails - Virtualization

doc

advanced topics

Page 1 of 2

Virtualization

English

DE

FR

Virtualization 1. Security issues 2. Tips and tricks

Download

Tails 0.22

December 11, 2013

Certain users might not want to restart the computer every time they wish to use the

About

Internet anonymously with Tails. For those, a so called virtual machine can be used to run Tails

Getting started…

inside the "host" operating system installed on the computer (e.g. Microsoft Windows, Mac OS X,

Documentation

etc.). Essentially these programs emulate real computers that you can run "guest" operating

Help & Support

systems (in this case Tails) in so they appear in a window within the host operating system. Using

Contribute

one of these technologies allows for convenient access to Tails's features in a protected environment while you at the same time have access to your normal operation system.

Security issues There are a few security issues with this approach though. When running Tails inside a virtual machine, both the host operating system and the virtualization software are able to monitor what you are doing in Tails. The main issue is if the host operating system is compromised with a software keylogger or other malware, which Tails does not provide any protection against – in fact, that is impossible. Moreover traces are likely to be left on the local hard disk.

PT

Tails - Virtualization

Page 2 of 2

As such, this is only recommended when the other alternative is not an option or when you are absolutely sure that your host system is clean. That's why Tails warns you when you are running it inside a virtual machine. Do not expect Tails to protect you if you run it in a virtual machine if you do not trust the host computer, Tails is not magical! If you read this warning while you are not aware to be using a virtual machine: there could be a ?bug in the virtualization detection software Tails uses... or something really weird is happening. If you are unsure, and if you can afford it, run Tails from a DVD, USB stick or SD card instead.

Tips and tricks Some tips can help making the host operating system and virtualization software a tiny bit more secure. In the future, it will be possible to easily start Tails within Windows.


Tails - Enable a wireless device

doc

advanced topics

Page 1 of 2

Enable a wireless device

English

Enable a wireless device When Tails starts, Wi-Fi, Bluetooth, WWAN and WiMAX devices are enabled.

Download

Tails 0.22

December 11, 2013

But all other kinds of wireless devices such as GPS and FM devices are disabled by default. If you want to use such a device, you need to

About

enabled it first.

Getting started… This technique uses the command line.

Documentation 1. When starting Tails, set up an administration

Help & Support

password. 2. To find out the index of the wireless device that you want to enable, open a root terminal,

Contribute

and execute the following command:

rfkill list

For example, the command could return the following:

0: phy0: Wireless LAN Soft blocked: no Hard blocked: no 1: hci0: Bluetooth Soft blocked: no Hard blocked: no 2: gps0: GPS Soft blocked: yes Hard blocked: no

DE

FR

PT

Tails - Enable a wireless device

Page 2 of 2

The device index is the number that appears at the beginning of the three lines describing each device. In this example, the index of the Bluetooth device is 1, while the index of the GPS device is 2. Yours are probably different. 3. To enable the wireless device, execute the following command in the root terminal, replacing [index] with the index found at step 2:

rfkill unblock [index]

Here is an example of the command to execute. Yours is probably different:

rfkill unblock 2

4. To verify that the wireless device is enabled, execute the following command in the root terminal again:

rfkill list

This output should be very similar to the one of step 2, but the device enabled at step 3 should not be soft blocked anymore. For example, the command could return the following:

0: phy0: Wireless LAN Soft blocked: no Hard blocked: no 1: hci0: Bluetooth Soft blocked: no Hard blocked: no 2: gps0: GPS Soft blocked: no Hard blocked: no

Last edited Wed 26 Jun 2013 01:50:09 PM CEST

Tails Manual

Recommend Documents