Tor at the Heart: Tails

by ssteele | December 10, 2016

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today

Tails

Tails is a complete operating system designed to be used from a DVD, USB stick, or SD card independently of the computer's original operating system. It is free software and based on Debian GNU/Linux. Tails comes with several built-in applications pre-configured with security in mind: a web browser, an instant messaging client, an email client, an office suite, an image and sound editor, etc.

Tails aims at preserving privacy and anonymity online and allows users to:

  • Use the Internet anonymously to circumvent censorship; all connections to the Internet are forced to go through the Tor network. If an application tries to connect to the Internet directly, the connection is automatically blocked for security.
  • Leave no trace on the computer by default.
  • Use state-of-the-art cryptographic tools to encrypt files, emails and instant messaging.

Tails is configured with special care to not use the computer's hard-disks, even if there is some swap space on them. The only storage space used by Tails is in RAM, which is automatically erased when the computer shuts down. So you won't leave any trace on the computer either of the Tails system itself or what you used it for. This allows you to work with sensitive documents on any computer and protects you from data recovery after shutdown. Of course, you can still explicitly save specific documents to another USB stick or external hard-disk and take them away for future use.

Tails also comes with a selection of tools to protect your data using strong encryption:

  • Encrypt your USB sticks or external hard-disks using LUKS.
  • Automatically use HTTPS to encrypt all your communications to many major websites using HTTPS Everywhere.
  • Encrypt and sign your emails and documents using OpenPGP.
  • Protect your instant messaging conversations using OTR.
  • Securely delete your files and clean your diskspace using Nautilus Wipe.

Tails provides a secure platform that improves endpoint security by making it comparatively easier to use the right tools in the right way, protecting even less tech-savvy users from the most likely and highest impact risks.

Comments

Please note that the comment area below has been archived.

December 10, 2016

Permalink

Tails lets me "securely erase" a USB stick. But is it even possible to securely erase flash memory (to the point of it being impossible or nearly-impossible to recover)?

Proper physical destruction is the only guaranteed method of securely erasing flash memory, an SSD, or an HDD. Erasure of flash memory is complicated by wear-leveling and latient capacitance, and HDDs also by sector relocation and off-track writes among other issues. Some of the issues are especially problematic when overrwiting with zeros instead of pseudorandom data, because an adversary can "subtract" the canonical "zero signal" from the signal they're actually getting from a particular bit, yielding the original data in some cases. The ATA Secure Internal Erase command can help with some of these problems on SSDs and HDDs, but it is difficult to use and may brick the drive, and isn't always effective. These are expensive techniques and usually only considered when you're up against a very resourceful adversary, but it's worth knowing the risks.

I don't recommend attempting to securely erase individual files from a filesystem at all. There are too many opportunities for leakage at numerous levels. If there is any risk of data recovery, copy files you want to keep and erase the whole partition or drive.

The best way to securely erase media is to use strong encryption on it in the first place. For example, Tails's "Disk Utility" (or "Disks") has an option to format a partition or drive with dm-crypt ("Encrypt the underlying filesystem"), which I strongly recommend.

Here are some starting points:
https://en.wikipedia.org/wiki/Data_remanence
https://en.wikipedia.org/wiki/Data_erasure
https://wiki.archlinux.org/index.php/Dm-crypt/Drive_preparation
https://wiki.archlinux.org/index.php/Securely_wipe_disk

Do you mean your web browser cannot reach the website tails.boum.org, or that you cannot log into the mail server at webmail.boum.org?

In the first case, did you try installing Tor Browser and trying to reach tails.boum.org via Tor instead of clearnet?

December 11, 2016

Permalink

In the last few versions, TAILS seems to have dropped video-acceleration for AMD cards. Browsing has become a pain as a result. Before it worked fine.

Sorry to hear. I don't know what might have caused that, but I do know the Linux community as a whole is slowly moving towards the new Direct Rendering Manager (DRM) protocol, which might have something to do with it. Have you tested the latest version of Debian Live (on which Tails is based)? https://www.debian.org/CD/live/

Note that the Debian Live download is a default vanilla distro, and Tails' kernel configuration may differ, but it would be helpful to test upstream before filing a bug report.

The Tails bug tracker is here: https://tails.boum.org/bugs/index.en.html

Please consider filing a bug report to help anyone else who might be running into this issue. They might ask you for more information, like logs or `lsmod` from the old and new versions, or have to modify the kernel parameters at boot time.

Thank you for the information.

I will have a look ar Debian Live if I find time over the new year. If they have the same issue, I will file a bug-report there. If not, I will file in the Tails bug tracker.

A full Debian installation on the same hardware does not have the issue, but I am using a pretty recent self-compiled kernel with custom configuration.

A neat feature of Whisperback is that it sends the report to a Tails Project onion site.

It is possible to include your gpg public key and email address if you desire feedback (apparently by ordinary email, which could be risky for some users).

However, I believe that by default Whisperback reports are *not* end to end encrypted. I hope a Tails dev will correct me if I misunderstand.

In any case, I believe that the use of onions should offer much stronger anonymity and even privacy protections that ordinary https webmail (not end to end encrypted) would.

A note of caution about Tails's Whisperback. If you use it on a computer connected to the internet by wireless, Whisperback does not remove from its logs the ESSID (Extended Service Set IDentifier) of the wireless network you are connected to. It's still the case with Tails 2.12, and has been since at least Tails 2.5.

This only happens if you run Whisperback after connecting your wireless. If you want to report a bug that doesn't require a wireless connection, Whisperback seems okay to use before connecting.

The ESSID is the 'name' given to a wireless network as you see it in a list you choose from to connect to. Usually, this has been predefined by your ISP in the wireless router they give you, something like "SKY0B008" for example. It's not obvious to me how easy it is to geolocate someone from an ESSID, Google's database seems not to be publicly accessible and may rely only on MACs (BSSID), not ESSIDs. However, being tagged by an ESSID in Whisperback seems ironic given that Whisperback does remove MACs, IPAs, and other serial numbers. Whisperback even used to let you edit the logs before you submitted a report, but now it only lets you either include or exclude the whole log.

I mentioned this in Tor's blog comments almost a year ago: https://ocewjwkdco.tudasnich.de/blog/selfrando-q-and-georg-koppen/#comment-…. I raised it with a Tails developer over XMPP (when you still could, anonymously) more than a year ago, see: https://labs.riseup.net/code/issues/11029. As you can see, I didn't use Whisperback at the time to report this, and it's still not fixed yet.

Why this situation exists, and has been allowe to exist for some time, is troubling. I'm not claiming here that Tails developers are out to sneakily de-anonymise people. If I did, I should stop using Tails as I do now because they can easily do that in the post-boot callback. Perhaps it'll also be used to justify more unwarranted criticisms that we occasionally see here.

However, I am quite frustrated that it has become seemingly impossible to contact Tails developers in a truly anonymous way. I grumble about this irony more below.

This is a good point that I hadn't thought of, and I agree improvement is needed. However, you might find their Redmine portal (https://tails.boum.org/contribute/working_together/Redmine/) helpful. It is primarily a bug tracker, but also supports many other "groupware" features. There are also mailing lists (https://tails.boum.org/about/contact/)

> I agree improvement is needed.

Plus one. Mailing lists are just asking for trouble, and more trouble we do not need.

Tor Messenger could really help here, once it gets out of beta, provided of course that the Tails Project developers hold a regular discussion sessions at Calyx or some such place where users can register anonymously and log in via Tor.

Continuing on from my grumble about Whisperback including ESSIDs above, it really seems to be the case that there is no way anymore to contact the Tails team anonymously. Years ago, Tails had its own forum, but that stopped. We were directed here, but posts by 'tails' never allows comments. Still, there was the 'Tails' chatroom, but that's been replaced by one at riseup.net that requires registration. To register, you have to get a riseup.net e-mail address, but to do that, you need an invite code, which means you have to know someone there.

Then there's the Tails mailing lists, but creating an anonymous e-mail is seemingly impossible. Either it requires an already existing e-mail, two-factor authentication, or payment (which isn't anonymous, even by BitCoin). Am I missing something?

So, yes: "... Tails Project developers hold a ... place where users can register anonymously and log in via Tor." That's what we need!

December 12, 2016

Permalink

Shari, many thanks for the "Tor at Heart" series, which I hope will persuade many citizens (and journalists) worried about the prospects for

o more state-sponsored cyberattacks on multitudes of ordinary citizens

o more government censorship disguised as programs to filter out "fake news"

o more state-run propaganda, comment trolling, and other "effects campaigns"

to donate generously to ensure that the Project continues to perform its many vital roles in the modern Internet and in sustaining free speech, access to good information about local and global events, and indeed democracy itself around the world.

Sometimes disasters engender an unexpected beneficial consequence. If the election of a authoritarian government in USA leads to huge direct citizen support for Tor, that would be good thing.

It is certainly very strange to find enemy actors such as CIA openly repeating the same warnings some dissidents have attempted to make for many years, that nations such as RU and CN (and of course USA!) have long engaged in extensive state-sponsored hacking targeting such critical resources as local/national election rolls, personal health records and other information of essentially every citizen of "target countries". And also very strange to find people like John Bolton echoing warnings from Glenn Greenwald and cybersecurity experts that elaborate (and risky!) "false flag" operations which attempt to discomfit another nation are not uncommon in the world of spookery. One thing for sure: everyone who reads any source of news now seems to be well aware that we are now all living in an Age of Cyberwar which explicitly targets any and all persons living or dead, no matter how innocent or "small fry" they may be.

And thanks for highlighting Tails, which I use for almost everything. I'd like to point out that while some people might find it initially disconcerting to go through the trouble of booting Tails from a R/O DVD (burned after verifying the detached key) using an encrypted USB stick to transfer bridge fingerprints etc during the initial connection to the Tor network, with a bit of practice this becomes routine and hardly noticeable.

On the dark side, I worry about the effects of apparent lack of a really good source of entropy when using Tails soon after booting from a DVD for creating a GPG key or using other encryption. As I understand it, Tails team is working on this, but good fixes may require additional hardware such as entropy keys which are currently hard to obtain. But sophisticated statistical tests of currently available entropy keys suggest that they may not provide high quality entropy suitable for cryptography. I have also experienced issues with creating new LUKS encrypted USB data sticks (i.e. placing an encrypted volume on a USB stick) using recent editions of Tails, and hope other users will test this.

Many people now use the Bonneau version of Diceware word list (see eff.org) to generate long passphrases for encrypted data sticks or detachable hard drives. But my own very modest tests of a common Diceware method (tossing five dice in a box) suggests that the dice appear to tend to stick like face to like face, due to static charges, which could possibly substantially reduce the provided entropy by substantially altering the statistics of pentathrows from what they would be if all five dice were tossed independently (as defined in probability theory).

In all use cases, it is important to educate Tor users in testing their entropy sources, in particular pseudorandom number generators, which unfortunately is well beyond most people's sophistication unless good test suites (e.g. Marsaglia's venerable Diehard test suite) are provided with user friendly interfaces and simple user commands. The Open Source community needs to change that!

Promoting the growth of a global consumer privacy industry which sells things like entropy keys, Faraday cage bags, Tor phones, spectrum analyzers suitable for testing one's own devices for unexpected RF emissions or communications, etc, as low-cost mass-produced consumer items is one of the most urgent things the Project can do, I think.

If this concerns you, I believe that you can simply obtain a bridge and use that, transferring the fingerprint from an encrypted USB stick as you boot Tails from a DVD.

(If I misunderstood something, I hope a Tails developer can comment.)

If you've thought of a brilliant way to do this, please describe it in a Tails bug report. Better yet, submit a patch. We all would like to see this problem solved, but unfortunately there are no known good solutions that that are "incognito" (the I in Tails). Tails is slowly moving towards becoming a persistent live image, installed on a USB drive, which may allow for a persistent /var/lib/tor directory, but so far there is just no good way to choose the same guard node every time without persistence.

If you're talking about manual configuration, that is probably feasible, but it depends on being able to uniquely identify guard nodes in a user-friendly way, and also communicate that to the Tor client. I recommend you include details about this in your bug report.

Clearly, but with normal tor behaviour, persistent, choosable,
Entry Guards, i/you can use Tails at home as a more trustworthiness
OS from a read-only medium. Not only away.
Or?

Looks like the official page omits to explain the name:

https://tails.boum.org/about/index.en.html

But the Wikipedia article

https://en.wikipedia.org/wiki/Tails_%28operating_system%29

says it is an acronym for "The Amnesiac Incognito Live System". The predecessor to Tails, Incognito, was based on Gentoo Linux; when it was rewritten to be based upon Debian Linux, it became Tails. I think.

jeez write your guards on a piece of paper select that you need a bridge in the tails greater and type the ip addresses of your chosen guards in on every boot once you connect to your local network, done.

some creativity lads.

December 19, 2016

Permalink

MAC address spoofing and erasing system memory haven't worked with my Tails on USB flash drive since the mid 2.x series.

Oh, there's a bug much worse than that:

When you boot Tails on a laptop, it seems that the laptop briefly broadcasts the true IP before it broadcasts the spoofed IP. (Verified in all the latest versions with airodump-ng running on a second laptop).

Given the increasing hostile nature of the WiFi environment in many cities, I think this is a serious problem, and I don't know why it has not been fixed.

Spoofing does work for me, BTW. You may have a hardware dependent issue. Also, if your computer has an WiFi interface but you have disabled it or it is broken you may see a warning that spoofing (of WiFi) is disabled, but if you connect by ethernet you should see that spoofing is in fact working for your wired connection.

December 30, 2016

Permalink

To someone without the knowledge you all have, this is all "Greek" (Geek), so to speak. Is there a step by step guide that a novice could use or a video. With less tech babble and more guidance?

Thanks

January 06, 2017

Permalink

I still cannot connect to Tor in tails. The menu you describe in the upper right hand corner does not exist. The only options there are settings, refresh, and power off. There is nothing for WiFi? What gives?

@ would-be fellow Tails user:

Two obvious questions:

1. Are you using Tails 2.9.1 (the latest version at time of writing)?

2. Did you verify the iso image before burning it?

> The menu you describe in the upper right hand corner does not exist. The only options there are settings, refresh, and power off.

At upper right of upper taskbar, I see icons for Florence (virtual keyboard), clipman, onion circuits, video brightness control, locale (language), calender, network, refresh, shutdown. Some users have reported that on particular hardware some of the icons might not appear, which would be a bug. To report it, look at upper left of taskbar, then Applications -> System Tools -> Whisperback. This allows you to use an onion service to report a bug anonymously by filling out a form.

> There is nothing for WiFi? What gives?

At upper right of upper taskbar, pull down the network menu and press the "tools" icon. This should enable you to connect by WiFi to your choice of WiFi router. (A wired connection would be much safer, if course, so in general ethernet is preferred if you have a wired option for your router.)

I think the documentation at

https://tails.boum.org/doc/index.en.html

is generally excellent, but in a few places it may have become a bit out of date. The mechanics of using Tails changed considerably when Tails switched to being based on Debian 8 (with systemd), and some of the documents might not yet have been rewritten.

Hope this helps!

January 12, 2017

Permalink

As someone who uses Tails every day, I was so happy to read this!

https://tails.boum.org/news/33c3/index.en.html
> ...
> Since October 13, we have received $98 579 in donations. This is our first donation campaign and we are completely blown away by the results! It feels really good to see that our community of users understands the real value of Tails and why it is important for them to help us back and keep the project alive and independent.

Thanks to all the other Tails users who contributed. Long live Tails!

January 30, 2017

Permalink

Nearly every file in / is readable by the default user without having root access including some that would facilitate hardware profiling like /proc/cpuinfo and many more.

Then there is dmidecode, netstat, lspci, lsmod, whisperback which all are able to be run by a non root user and offer plenty of unique hardware identifiers.

Imagine that someone where to use a TorBrowser Exploit that wouldn't be catched by apparmor they could then easily perform some great hardware profiling and get the entry node by using netstat.

From there deanonymizing a Tails User gets easy for even non top-tier letter agencies by watching the incoming traffic or directly targeting that node.
Devs need to seriously fix file permissions as apparmor doesn't replace setting proper file permission for the local user (amnesia)

until then it is hard to recommend Tails when there is Qubes and Whonix which excels in both anonymity and security comparatively to TailsOS

> Imagine that someone where to use a TorBrowser Exploit that wouldn't be catched by apparmor they could then easily perform some great hardware profiling and get the entry node by using netstat.

So you are talking about a hypothetical attack, not a demonstrated vulnerability, yes?

Tails is specifically designed to be, above all, "amnesiac". Even if you don't trust its security for on-line use, you can still use it off-line (booting from R/O live media and writing data to encrypted USB or R/O media).

It is good that there are now more than one systems to choose from in defending yourself and your family from fascism, genocide, global warming, etc.