What are
/r/tails'
favorite Products & Services?
From 3.5 billion Reddit comments
The most popular Products mentioned in /r/tails:
The most popular Services mentioned in /r/tails:
Tails
USB Image Tool
Whonix
Qubes OS
balenaEtcher
Electrum
Tor
VirtualBox
Debian
Rufus
PrivacyTools.io
Universal USB Installer
LUKS
UNetbootin
GnuPG
The most popular Android Apps mentioned in /r/tails:
OpenKeychain: Easy PGP
DriveDroid (Paid)
eduroam CAT
The most popular VPNs mentioned in /r/tails:
The most popular reviews in /r/tails:
EDIT: A better way has been posted to https://tails.boum.org/news/version_3.0/#known-issues
- Start the operating system you want to use Tails Installer on. - If you want to use Tails Installer in Tails 3.0, set up an administration password.
- Choose Applications ▸ System Tools ▸ Root Terminal to open a terminal with administration rights.
- Execute the following command to fix the bug in Tails Installer:
perl -pi -E 's,media_removable,removable,' /usr/lib/python2.7/dist-packages/tails_installer/creator.py
- Tails Installer should not expose this problem again… until you restart Tails, as these changes will be reverted upon restart.
Original comment:
I have a hacky way to resolve it. You need to boot Tails 3.0 with the administrator option. Then open a Terminal and type "sudo nano /usr/lib/python2.7/dist-packages/tails_installer/creator.py" and type the admin password when requested. This opens the Nano editor, in the editor press ctrl+W ('Where Is' option, basically Search). Search for 'removable', this will take you to a line with
'removable': drive.props.media_removable,
change this to
'removable': True,
(case sensitive and don't forget the comma)
Then press ctrl+O (Write Out option, basically save file) to save the modified file. If you start the installer you should not get the message "Configured as non removable by its manufacturer".
Almost any linux distro is good for privacy, but if you want something secure as Tails then there's Qubes.
QubesOS is based on Fedora, routes your whole traffic through Tor (Like Tails), every app you use is going to be isolated from the others (They run in individual VMs). But to be able use Qubes, you need pretty strong PC. Link: https://www.qubes-os.org/
Or you can use linux distro as Fedora, Debian, Gentoo..., and install Whonix (On VirtualBox, Qemu...)
If you don't know what is Whonix, it's like Tails but made for virtualization programs.
As with all opensource projects, you are free to fork and create your own distribution. As I told you on the support mailing list, remember that Tails is supportd and run by volunteers.
Secondly, you have ignored the documentation, and not read the specific instructions that point out there are reboot problems with certain hardware platforms, and Tails gives a very specific methodology for reporting bootup problems. See here:
https://tails.boum.org/support/known_issues/index.en.html
So perhaps rather than screaming at the folks who are trying to help you, jump in and make the product better by reporting bugs, issues, and problems. Saying "SCRAP ALL YOUR WORK AND GO BACK TO HOW IT WAS" is not helpful (and perhaps you should have said that back when Tails reported they were going to systemd, something like 6 months ago?)
If you do really want to install NordVPN or any VPN, try doing so with sudo-apt and installing the openvpn version (). And download the software from the provider's website
To simply run it live all the time, you really can just throw it onto a usb. If you want persistance, you either need to boot tails from a dvd then install it on to a flash drive with at least 4gb. you then go to applications>tails>configure persitant volume. this will allow you to use up the remaining amount of space on that flash drive. or if you have another flashdrive, you can throw tails on that, boot it up, and install it on your first flashdrive. as long as you have a 4gb flashdrive, you can either throw it on it and run the live version or install it from a flashdrive or dvd onto a flash drive. Even a third option is to run VMware and create a tails VM, plug in your flash drive, and install from that. anyone can do this, I really don't understand why you say there's no simple directions when there really is, you just have to look. I'm assuming you are using windows in which case here is how to install right onto a flash drive.: https://tails.boum.org/doc/first_steps/installation/manual/windows/index.en.html Regardless of how you do it you MUST run tails and install tails onto a second flash drive in order to use persistance. it even specifically says so in the installation page https://tails.boum.org/doc/first_steps/installation/manual/index.en.html
>Signed on 2015-03-22 11:15 with unknown certificate 0xA5091F7246BA6B163D1C183C83DCB52F699C56. The validity of the signature cannot be verified.
That's the same message I get, when the new Tails signing key is untrusted.
You can get the green "good message" as follows:
Right click on the Tails developers (offline long-term identity key) and select "Certificate Details".
Verify that the fingerprint is as follows:
A490D0F4D311A4153E2BB7CADBB802B258ACD84F
You can see the fingerprint for the new key here as well:
https://tails.boum.org/news/signing_key_transition/index.en.html (fist gray text box)
Once you have verified the key fingerprint, right click on the key again and select "Certify Certificate".
Check mark the Tails key.
Check mark "I have verified the fingerprint".
Hit Next.
Select which of your keys you want to sign it with.
Select "Certify for myself".
Hit "Certify".
Enter the passphrase for your key.
Hit Finish.
Right click on the Tails key again and select "Change Owner Trust".
Select "I believe checks are very accurate".
Hit OK.
Re-verify the ISO.
You can also go through the steps listed here from a Windows command line terminal to verify that the new key was signed by the old key (if you have the old key on your keyring):
Press Win+R and type cmd, then hit enter.
From this page https://tails.boum.org/news/signing_key_transition/index.en.html
Type the following:
gpg --check-sigs A490D0F4D311A4153E2BB7CADBB802B258ACD84F
Look to make sure you see this line in the output:
sig! BE2CD9C1 2015-01-19 Tails developers (signing key) <>
The "sig!" means that it was signed by that key (the old Tails signing key).
I wouldn't trust it personally, but you can always find the certificate on the Tails Website and follow the guides to verifying the keys and the check sums.
Yes. You should be good to go.
As an additional check (also just a handy tool to have) you can install HashTab for Windows. It will calculate various file hashes by selecting a file in windows explorer, right clicking and selecting Properties -> "File Hashes"
The SHA-256 hash I got for the ISO is:
587CDC2BCAEF2445759781348717924F8161F6C3DA9BC1E38B0EB0DE056F5C29
which matches this page on the Tails website:
https://tails.boum.org/download/index.en.html (just do CTRL-F and search for sha256)
You can download HashTab here:
http://www.majorgeeks.com/mg/getmirror/hashtab,1.html
(You may have to hit "Settings" in the "File Hashes" tab to configure it to do SHA-256.)
If this is something you are concerned about, try a low-profile/near-flush USB drive. They tend to cost a bit more, but stick out no more than 0.5mm.
The Transcend JetFlash is all metal, costs $11US for 32GB. It would be almost impossible for it to be broken off, and has a very snug fit on the machines I’ve used them on.
https://www.amazon.com/Transcend-JetFlash-Flash-Drive-TS32GJF710S/dp/B00LFVITLK
The Samsung “FIT” models are slightly bigger if you happen to prefer their brand. Comparably priced.
Like others said, removing the disk will, at best, reboot; and at worst, not properly sync persistence data or corrupt the disk.
The project discourages trying to install it to internal disks (SSD, eMMC, etc.) and by default it won’t load from there.
Fixed by following these steps.
Interesting that googling didn't led me to the solution, only by digging reddit found this post.
TL;DR:
- Boot up and set an admin password
- run this on the terminal: sudo perl -pi -E 's,media_removable,removable,' /usr/lib/python2.7/dist-packages/tails_installer/creator.py
- Tails installer will temporarily believe you that your USB drive is removable.
FYI: Currently their link to the torrent is broken; this is the correct one. (Their link references the 32-bit version, which doesn't exist for Tails 3.0. I just replaced "i386" with "amd64".)
1) What does "I have downloaded linux 32bit" mean? Surely you downloaded a Linux distro like Ubuntu or something?
2) Also why did you download a Linux distro? It's not necessary for Tails.
3) The Tails website has the best info about how to install and use Tails.
4) I hope what you're purchasing isn't illegal. You don't sound like you fully understand how all this stuff works.
There are problems with Sandisk flashdrives:
https://tails.boum.org/support/known_issues/index.en.html#index1h2
Try using Rufus to create the USB:
Make the following settings:
Partition scheme: MBR partition scheme for BIOS or UEFI
File system: FAT32
Use the defaults, except:
Change the drop down for "bootable disk using" from FreeDOS to ISO Image.
Click on the button to the right of the ISO image and select the Tails ISO from the file manager.
READY should be displayed near the bottom of the Rufus window.
Hit Start.
A window will pop up titled "Download Required". Hit Yes to let it download the updates that it needs.
>am I supposed to add the spaces between the different parts/words?
Yes. Hit the Spacebar to and spaces between the words in a command.
Here's a quick way to do it.
Start a terminal window.
Type the following commands. After every command hit the Enter key.
cd Downloads
shasum -a 256 tails-i386-1.5.1.iso
That above command should output the following number:
a4c9ac9eca08562a94914230100e6353d07a0f57c017411c95789351b0366198 tails-i386-1.5.1.iso
Which should match the number given on the Tails website:
https://tails.boum.org/inc/stable_i386_hash/
If the numbers match, then your ISO file is verified as good.
It actually does boot, although you do have to modify the boot options for Tails. IIRC, you need to remove the 2s from the first two commands and it will start up. It has to do with an issue booting the chromebook into a 32 bit OS with a 64 bit kernel. Removing the 2s uses the Linux 32 bit kernel instead, which allows the chromebook to boot. ~~(This was a while ago that I found this and I don't have my chromebook in front of me to verify that this is right. I'll check it today or tomorrow when I get home from work.)~~
~~Also, on a side note, Tails still uses the Linux kernel version 3.16 last I checked and the chromebook touchpad drivers were not added until 3.17, so you'll need a USB mouse as well. It's ultimately up to you whether modifying the boot options and not using the touchpad is more trouble than it's worth.~~
Edit: I just double checked and, yes, this does work on my Acer C720. Also, while I was updating to the latest version of Tails, I noticed that the touchpad issue with the Acer C720 was fixed in Tails 1.3.1. You now only have to switch to the 32 bit kernel in order to get it working. :)
Yep, I had this issue as well. It seems that "New Tails" doesn't take too kindly to being upgraded on to "Old Tails" using Old Tails' installer. Don't worry though if you have persistence, because your files are still safe. You just need to upgrade the new Tails once again, but this time with the new installer. So, there's two things you can do:
Create a bootable DVD using the latest Tails 1.1 .ISO and use that as an installer/upgrader for your primary USB.
Or if you're like me and don't have any spare DVDs laying around, just format the secondary Tails USB that you initially attemped to upgrade with (don't forget to back-up any files if necessary) and reinstall the Tails 1.1 .ISO using a USB installer. After that you can now reattempt the upgrade using the new installer.
You should be all set, good luck. :)
Iceweasel traffic is going through Tor, all the time, no exception. The unsafe web browser traffic doesn't go through Tor. Therefore, the unsafe web browser is not anonymous. It is useful when you need to connect to a public wifi that uses a captive portal. See : https://tails.boum.org/doc/anonymous_internet/unsafe_browser/index.en.html
How about a VPN? (Edit: if you use a VPN over tor, your IP will be that of the VPN. If you use tor via tor browser over a VPN connection your IP will be that of Tor. You want to connect to tor first via a tor configured router or something like Torghost and then conmect to the vpn or proxy service. Private Internet Access accepts crypto payments and offers proxy credentials in addition to their vpn service)
What specifically did the LimeVPN page say? Bear in mind that that page is designed to convince you that you need to buy their product, so they make it look as bad as they can.
It probably just gave information about your tor exit node. It's probably not leaking anything.
Instead of using TOR, just get a VPN. From what I've heard, the free ones are good enough for torrenting (especially if your main goal is avoiding ISP letters).
However, for peace of mind, a monthly subscription to a good VPN is only a few bucks. I think it was like $4/month for Private Internet Access VPN and the other major ones (that at least say they don't log) run similar prices for annual or semi-annual pricing.
You can get a 1-month subscription to start so you know you like it/can set it up easy/etc. Also you can pay via gift card or Bitcoin for many of them if you're trying to stay truly anonymous.
With that said, you probably shouldn't use Tor+VPN for your anonymous browsing, at least from what I read. The combo makes the anonymity power of Tor rather useless (since you're routing all your data through one point run by a third-party that you may or may not be able to trust completely). So TAILS and tor for really anonymous stuff and VPN for day to day piece of mind. You can run it through your phone too.
But definitely no torrenting via Tor unless it was like some one-time anonymous thing, which honestly would more likely be a direct download rather than a p2p distributed file. I mean, if it were that dangerous to access that you'd need Tor.
Disclaimer: I'm no expert. I just read a lot of opinions. :)
"Security considerations
Running Tails inside a virtual machine has various security implications. Depending on the host operating system and your security needs, running Tails in a virtual machine might be dangerous.
Both the host operating system and the virtualization software are able to monitor what you are doing in Tails.
If the host operating system is compromised with a software keylogger or other malware, then it can break the security features of Tails.
Only run Tails in a virtual machine if both the host operating system and the virtualization software are trustworthy.
Traces of your Tails session are likely to be left on the local hard disk. For example, host operating systems usually use swapping (or paging) which copies part of the RAM to the hard disk.
Only run Tails in a virtual machine if leaving traces on the hard disk is not a concern for you. This is why Tails warns you when it is running inside a virtual machine.
The Tails virtual machine does not modify the behavior of the host operating system and the network traffic of the host is not anonymized. The MAC address of the computer is not modified by the MAC address spoofing feature of Tails when running in a virtual machine."
Source: https://tails.boum.org/doc/advanced_topics/virtualization/index.en.html
When booting, when Tails asks your for more options, you can click Yes, and there's an option to disable networking completely.
https://tails.boum.org/doc/first_steps/startup_options/offline_mode/index.en.html
I'm sure there's a way to make it the default. I don't know how.
Check here for USB types with known issues
64GB drives is huge, stick to something simple and small. The issues is whether the drive will declare itself to the OS as removable or fixed. Most big ones will claim to be fixed, this also helps them get a Windows compatibility certificate. But tails doesn't like it.
Have you tried using another flash drive? When I tried using tails for the first time it gave similar errors because I was using a SanDisk usb.
You can check if your usb is supported https://tails.boum.org/support/known_issues/index.en.html
> 1. Plug in the old Tails device from which you want to rescue your data. > > 2. Choose Applications ▸ Utilities ▸ Disks to open GNOME Disks. > > 3. In the left pane, click on the device corresponding to the old Tails device. > > 4. In the right pane, click on the partition labeled as LUKS. The name of the partition must be TailsData. > > 5. Click on the Unlock button to unlock the old persistent volume. Enter the passphrase of the old persistent volume and click Unlock. > > 6. Click on the TailsData partition that appears below the LUKS partition. > > 7. Click on the Mount button. The old persistent volume is now mounted as /media/amnesia/TailsData.
via https://tails.boum.org/doc/first_steps/persistence/copy/index.en.html
A good understanding of I2P and probably some klout in the community (I2P or Tails) other than that, there are no special pieces of paper. https://tails.boum.org/contribute/how/code/ Depending on your skill level it will take different amounts of time. Message on the tails-dev mailing list if you are interested in helping out with it.
First of all, in general Macs have more issues running TAILS overall ranging from unnecessarily difficult installation processes to often lacking the drivers necessary to connect to WiFi.
Check the list of problematic USBs to make sure yours isn't one of them. I'd also search around the internet to see if anyone using the same model of USB has had issues in the past. If this isn't the case, let me know and I'll try and check it out.
Don't create a persistance partition. Tails does not create one by default.
I don't think there's an official way to to this more quickly than a regular shutdown. If you're worried about your memory contents being stolen, my best idea is to be in an environment where you can do a normal shutdown.
Upgrading Tails from the Tails website.
The Tails webite has very good documentation about how to do many things with Tails. Worth reading.
The problem occurs because your Tails does not have the last certificate for lesencrypt. So, you need to add it to your certificates, as your Tails will not connect to the Tails server because the certificates do not match.
It seems your command is cut, and you are only seeing the certificate you download, instead of adding it to the /usr/local/etc/ssl/certs/tails.boum.org-CA.pem
Please make sure that you run the comand in only one line, i.e.:
torsocks curl --silent https://letsencrypt.org/certs/lets-encrypt-r3.pem | sudo tee --append /usr/local/etc/ssl/certs/tails.boum.org-CA.pem && systemctl --user restart tails-upgrade-frontend
Or you can also:
- Download the certificate:
torsocks curl --silent https://letsencrypt.org/certs/lets-encrypt-r3.pem - Add it to the end of
/usr/local/etc/ssl/certs/tails.boum.org-CA.pem(withsudo gedit, and copy and paste) - restart the upgrade frontend with
systemctl --user restart tails-upgrade-frontend
During boot when the first Tails screen appears hit Tab and add the following parameter to the command line, then press enter:
iommu=soft
https://tails.boum.org/doc/first_steps/startup_options/index.en.html
Is your 2nd USB stick in the list of Problematic USB sticks?
Before using Tails Installer, erase your 2nd USB stick and reformat it:
Format: MS-DOS (FAT32)
Partition Scheme: MBR (Master Boot Record)
That's weird and I have no idea what might be causing it.
There's kind of a workaround for setting the root password.
At the Tails boot menu:
https://tails.boum.org/doc/first_steps/startup_options/boot-menu-with-options.png
Hit Tab and then Space and type:
rootpw=whatever
Hit Enter.
Once you are booted up, you can become root using "su" and that password.
It's less secure, because the root password can be seen by anyone that is able to read /proc/cmdline
cat /proc/cmdline
>Will this method still work with all the major upgrades?
Yes. That's a great way to update.
You should still somehow make a backup of the data in your persistence partition before upgrading, though. You never know when something might go wrong.
You can use this method to create an encrypted volume on a another USB drive to copy your data over to:
https://tails.boum.org/doc/encryption_and_privacy/encrypted_volumes/index.en.html
You can use this procedure to make a backup image of your entire Tails USB with persistence:
https://www.reddit.com/r/sohhlz/wiki/index/backup/windows-usb-image
>Is it typical for Tor to mess up downloads this way?
Yes. Large downloads over Tor can be a problem, because the longer it takes, the higher the probability that one of the Tor nodes you are using is rebooted or crashes or some other network problem interrupts your download.
Also, if you are not using persistence, your download size is limited by the amount of DRAM in your computer.
You might try using wget from the command line. (Start a command line terminal window - click on the small black box on the upper left menu bar.)
Example:
wget https://tails.boum.org/torrents/files/tails-i386-1.8.1.iso.sig
Entry from the manual page for wget:
>Wget has been designed for robustness over slow or unstable network connections; if a download fails due to a network problem, it will keep retrying until the whole file has been retrieved. If the server supports regetting, it will instruct the server to continue the download from where it left off.
Yes. That's what it looks like when booting in UEFI mode.
It normally looks like this (without the extra text at the bottom):
https://tails.boum.org/doc/first_steps/startup_options/boot-menu-with-options.png
How is your computer connected to the Internet? (Hard wired Ethernet or WiFi?)
What kind of internet service do you have? (DSL, Cable, something else?)
Do you have to do anything special to connect to the Internet with your normal OS? (login to ISP, other?)
Is it possible that Tor access is blocked from your location?
Are you able to run the Tor Browser Bundle on your regular OS and access sites through the Tor network?
You might be thinking about the Tails persistence feature:
https://tails.boum.org/doc/first_steps/persistence/configure/index.en.html
The persistence partition is encrypted when it is created.
Tails automatically shuts down if the USB drive is removed from the computer. It is not recommended to shut down Tails using this method, if you are using a persistence partition, as it may cause file corruption. In an emergency, you should use it to unmount and lock your persistence volume.
If you have been updating automatically your Tails device for a while, maybe your Tails partition is full by now. You need to do a manual upgrade, see here:
>It worked, thanks!
Good deal!
>What is failsafe mode then?
For the most part, it uses certain settings that are known to work with most graphics cards. The only downside is that it may not set the display to the highest resolution that your graphics card and monitor support.
> is it possible to transfer notepad documents directly onto tails?
You can copy them to a 2nd USB drive in Windows and then boot Tails and mount the 2nd USB drive using the disk utility tool.
Applications > Accessories > Disk Utility
This link can be used as a template for using the disk utility tool (it describes a different process than what you are trying to do right now, but it may give you some hints on how to use it):
https://tails.boum.org/doc/encryption_and_privacy/encrypted_volumes/index.en.html
An easy way to verify the Tails ISO is by calculating its SHA-256 checksum and comparing it with what the Tails website says it should be.
Start a command line terminal window and type the following commands:
cd Downloads
sha256sum tails-i386-1.5.iso
The output of that program should be the following:
ab4299585e74fbdc91d26faea424a5df6d05753b2c6f34340ba3af69308993d1 tails-i386-1.5.iso
Compare this value with the one found on the Tails website:
https://tails.boum.org/inc/stable_i386_hash/
If they are the same, then the Tails ISO has been verified as good.
One thing you could try, if you have a DVD drive and a blank DVD, is to burn the ISO to a DVD and boot from that. You can then use the Tails installer to install Tails to your USB (Applications > Tails > Tails Installer).
If you don't have a DVD drive, you can install Tails in a virtual machine and boot the ISO file in it. You can then attach your USB drive to the VM and use the Tails installer in the VM to install Tails to your USB.
https://www.virtualbox.org/wiki/Downloads
A Tails installed Tails USB has a better chance of booting on a Mac, plus you can enable persistence with it:
https://tails.boum.org/doc/first_steps/persistence/configure/index.en.html
>Can I possibly transfer the setup Tails OS from my DVD to create a USB based Tails with persistence?
Yes.
You should be able to install Tails to a USB from the DVD using:
Applications > Tails > Tails Installer
Use "Clone & Install".
Once the install is complete, eject the DVD.
Boot Tails from the USB and configure persistence:
Applications > Tails > Configure persistent volume
https://tails.boum.org/doc/first_steps/persistence/configure/index.en.html
>Of course I don't visit any other page on the unsafe browser, but does this method have some additional risks?
Not that I can think of. Your use of the Unsafe Web Browser is actually the primary reason for its existence in Tails:
https://tails.boum.org/doc/anonymous_internet/unsafe_browser/index.en.html
It's an operating system that runs from a dvd or usb stick and only uses the ram of your computer. After you shut down tails it won't leave any traces on your computer.
Tails has tor and many other open source programs already installed (e.g. office, graphics program, ... the main things you need).
Using tails is much more save regarding privacy and security than windows, osx, android,... It runs fast, stable, and it's really easy to use.
All you need is a usb stick and a computer that can boot from dvd/usb. Check https://tails.boum.org/support/known_issues/index.en.html to see whether your computer and usb stick is fine before you start.
>Brand new usb, still found 256 bad blocks before test quit
Possible to return it?
>What cheap usb have you gotten to work?
I have a couple of PNYs (one 4GB and one 8GB).
I also have a couple of Kingston 8GB ones and a SanDisk 4GB.
Beware SanDisk, though:
https://tails.boum.org/support/known_issues/index.en.html#index1h2
>if I download something and then turn off tails, will it still be there when I reboot?
No. Not unless you have enabled persistence and save the file to:
/home/amnesia/Persistent/Tor Browser
https://tails.boum.org/doc/first_steps/persistence/configure/index.en.html
>also is what I download / where I download from able to point back to me as an end user
It shouldn't since you are using the Tor network which will hopefully keep you anonymous.
>mac spoofing is set to enabled by default
MAC spoofing is mostly to keep you from being tracked across public WiFi spots. It really doesn't do much if you are connecting to your ISP via your home internet router. Your MAC address isn't transmitted beyond the first router you connect to.
https://tails.boum.org/doc/first_steps/startup_options/mac_spoofing/index.en.html
>Using your own computer at home. Your identity and the MAC address of your computer are already associated to this local network, so MAC address spoofing is probably useless. But if access to your local network is restricted based on MAC addresses it might be impossible to connect with a spoofed MAC address.
What program did you use on Windows to create the 1st Tails USB?
There are some USB creators that will create a bootable Tails USB, but they leave off some important files, so when the Tails installer does a clone to a new USB it can't copy the files needed for booting Tails on a Tails installed USB.
Try using Rufus:
Use the default settings, except:
Change the drop down for "bootable disk using" from FreeDOS to ISO Image.
Click on the button to the right of the ISO image and select the Tails ISO from the file manager.
READY should be displayed near the bottom of the Rufus window.
Hit Start.
It could also be the "Sandisk" problem:
https://tails.boum.org/support/known_issues/index.en.html#index1h2
If they have the monitoring equipment in place, they will be able to detect that you are connecting to the Tor network, because the Tor relay IP addresses that you are accessing are publicly listed. If you are worried about that, you could use a Tor bridge to access the network, since they are not publicly listed.
Verify you download. This makes sure that the download was sucessful. Burn at a slower speed and verify the disk also. The verification makes sure there were no burning errors.
I recommend ImgBurn.
amnesic options:
- latest Tails 1.x* (1.8.2 outdated (== less secure) but amnesic)
- self-built VBox solution (2 VMs, 1 is Tor gateway, the other has 1 amnesic drive (reset to snapshot when powered off) and 1 persistent drive)
- any liveOS if you manually unlock and mount the encrypted partition.
non-amnesic options:
* 1.8.0's ISO and sig are available from archive.org - it still updates to 1.8.2 using Tails native mechanism
GPT is the partition table. The OS needs to be able to read that to have any idea what is on the disk, where the partitions are. It lets you have encrypted and unencrypted partitions and is widely understood by boot firmware (as a newer alternative to the Master Boot Record [MBR] specification).
The encryption is provided by LUKS. I believe Tails it uses an AES256 cipher for the encrypted data, though what ciphers are available depend on the Linux kernel and the setup options.
You can check it using cryptsetup luksDump
For more details: https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions
The main boot volume is unencrypted for several reasons, mostly that it gets copied to RAM anyway and stores nothing personally identifiable by design.
To use i2p, you now need to enable it during bootup.
https://tails.boum.org/doc/anonymous_internet/i2p/index.en.html
At the "Boot Tails" screen, hit Tab, then space, and type "i2p", without the quotes. Hit enter.
i2p should now be enabled. It is located on the menu here:
Applications > Internet > I2P Browser
The command line to import a key has two dashes in front of "import".
Should be:
gpg --import keyfile.asc
To verify the ISO (if the ISO file is in the same directory as the signature):
gpg --verify tails-i386-1.2.3.iso.sig
It will respond like this:
gpg: assuming signed data in 'tails-i386-1.2.3.iso' gpg: Signature made Wed 14 Jan 2015 03:12:22 PM MST gpg: using RSA key 0x1202821CBE2CD9C1 gpg: Good signature from "Tails developers (signing key) <>" [unknown] gpg: aka "T(A)ILS developers (signing key) <>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 0D24 B36A A9A2 A651 7878 7645 1202 821C BE2C D9C1
If you want to get rid of the warning, you can change the trust on the Tails signing key to 5:
gpg --edit-key 0x1202821CBE2CD9C1
gpg> trust
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
gpg> q
Then it will respond like this:
gpg: assuming signed data in 'tails-i386-1.2.3.iso' gpg: Signature made Wed 14 Jan 2015 03:12:22 PM MST gpg: using RSA key 0x1202821CBE2CD9C1 gpg: Good signature from "Tails developers (signing key) <>" [ultimate] gpg: aka "T(A)ILS developers (signing key) <>" [ultimate]
If you have SHA utils, you can also verify the ISO with this command:
sha256sum tails-i386-1.2.3.iso
It should respond with this output:
d1ca34fc55762953d3e3baf8cb0b31228b1d1fcbbf178b31f4c7b15e6d9f1d0d tails-i386-1.2.3.iso
Which matches the Tails website here:
https://tails.boum.org/download/index.en.html
(Search for SHA256.)
- Burn Tails .ISO image to a dvd (google imgburn if you lack software for doing so).
- Boot from the DVD (I get you already know how to change boot priority from BIOS)
- From within Tails, in the application menu, in the 'Tails' tree, there is a Tails installer, use it to install Tails to your usb.
- Now you can boot into Tails from your bootable usb installation of Tails (after changing boot priority back to USB)
If you don't have a DVD drive/recorder or lack DVD-R media, use this procedure: https://tails.boum.org/doc/first_steps/installation/manual/windows/index.en.html
This page lays it out.. Step 3 tells you how to verify.
I'm going to assume you just want to verify the signature using the Tails public key on their site. The Tails site warns you that trusting this key leaves you open to man-in-the-middle attacks. If you want to verify the signature and the key, you need to follow these steps instead. That's a warning. Moving on.
You need four things:
- The Tails iso file
- The signature of the iso
- The public key used to make the signature
- GPG software to do the verification
You already have the public key (tails-signing.key), the signature (tails-i386-1.2.iso.sig), and a gpg program (Kleopatra). Now, you need to download the actual Tails iso file. Put it in the same location as the signature file. Now the procedure:
- Import the public key into Kleopatra. (In Kleopatra) File --> Import Certificates --> tails-signing.key.
- Verify the signature. (In Kleopatra) File --> Decrypt/Verify Files --> tails-i386-1.2.iso.sig
If you get a bad signature, download all the Tails files again and re-verify. Otherwise, Kleopatra should say "Not enough information to check signature validity". Click the Show Details button. The info you're looking for is "Signed on <date> by (Key ID: 0xBE2CD9C1)". That means that everything is good.
Tails gives you that warning after verifying because you assumed that the Tails public key was trustworthy. Kleopatra is saying that it might not be.
You don't install Tails. You boot it from a CD/USB drive.
Here are two links you need to read. Should get you started and able to boot. You'll probably need to install rEFInd boot loader.
https://tails.boum.org/doc/first_steps/installation/manual/mac/index.en.html
https://tails.boum.org/doc/first_steps/start_tails/index.en.html#usb-mac
I can't tell if you're being deliberately obtuse to try to compensate for the smug way in which you dismissed the OP's post and questions,or if that's a genuine question.
> So, a few months ago, it was reported that the TAILS site had been compromised.
Link to story.
> Your information is wrong.
No. You were wrong.
What it has to do with TAILS OS is that the site that hosts the downloads was compromised, so the OP's questions are entirely reasonable, though the TAILS mailing list might be a better place to get a useful reply, rather than be unfairly dismissed.
>Anyways that and the fact that i got to do all this verification stuff because the clearnet is inheriently insecure and i dont even know if the 1gb file im downloading is legit or not, i could get a 100% legit copy of tails if it were hosted by tails on a hidden service
I think you missed the point entirely. https://tails.boum.org/ get tails from there. I don't understand why you think that hidden services automatically mean legitimate files.
I verified the download before I upgraded and it checked out as good:
gpg --verify tails-i386-1.1.iso.sig
gpg: Signature made Tue 22 Jul 2014 08:30:31 AM MST gpg: using RSA key 0x1202821CBE2CD9C1 gpg: Good signature from "Tails developers (signing key) <>" [ultimate] gpg: aka "T(A)ILS developers (signing key) <>" [ultimate]
Perhaps the download didn't complete or was corrupted.
What length do you have for the ISO? I have a size of 1099026432 bytes.
What SHA-256 checksum do you get for it? I get:
sha256sum tails-i386-1.1.iso
20765809188c1e2630735023311e6f46b563ccddcca85d814656036d6afcee8f tails-i386-1.1.iso
Which matches the checksum on the Tails website:
It is important to verify using some method. I recommend you use this method (if you are using windows):
Hashtab for Windows:
As an additional check (also just a handy tool to have) you can install HashTab for Windows. It will calculate various file hashes by selecting a file in windows explorer, right clicking and selecting Properties -> "File Hashes"
The SHA-256 hash I got for the ISO is:
fe5727a4e56c1d8824c9fb4ad0aada9ee7a137336159859103881a25f1a398b5
which matches this page on the Tails website:
https://tails.boum.org/inc/stable_i386_hash/
You can download HashTab here:
http://www.majorgeeks.com/mg/getmirror/hashtab,1.html
(You may have to hit "Settings" in the "File Hashes" tab to configure it to do SHA-256.)
Not sure if you are having hardware problems or are just running into the Windows problem with recognizing USBs that have been formatted by Tails.
You can use this method to reset a USB under Windows:
https://tails.boum.org/doc/first_steps/reset/windows/index.en.html
This program is a little easier to use than the above method to reset USBs:
http://www.alexpage.de/usb-image-tool/download/
Select the USB in the left pane and click on the Reset button.
You can also use this program to make backup images of your Tails USB with persistence.
>[Tails + Electrum] Is Tails good way to store Bitcoins in a long term?
I would say that although Tails is secure, the weak link is the USB on which it is stored. USB flash drives are notoriously unreliable.
You should write down your Electrum seed words and do a wallet restore with them just to make sure that you have them exactly right. Make a duplicate hard copy and keep them in separate physical locations.
You should also make a backup image of the entire Tails USB including the persistence volume using this program:
Crap.
You said that the other program that I had you try (http://www.alexpage.de/usb-image-tool/download/) wouldn't write to the USB drive at all?
Could we try that again?
Make sure the "Device Mode" is selected on the top left.
Click on your USB to highlight it in blue.
Click on Restore.
Change the drop down at the bottom right to "All files".
Select the Tails ISO and click on Open.
A pop up should appear saying "Do you want to restore image ..."
Hit Yes.
It should start a progress bar on the lower left.
When it finishes, try booting from that USB.
>Riseup provides online communication tools for people and groups working on liberatory social change. We are a project to create democratic alternatives and practice self-determination by controlling our own secure means of communications.
I bought this last year from Amazon for £9 and it worked on an iMac as soon as I plugged it in: https://www.amazon.co.uk/gp/product/B003MTTJOY/ref=ppx_yo_dt_b_asin_title_o02_s00?ie=UTF8&psc=1
Though it says it's currently unavailable, there seems to be a version 2.0 for £12. But I can't vouch for the specific alternative that it recommends.
Yeah a reputable good one. USB3.0, check the read and write speeds.
I'm a big fan of Kingson Datatraveller series, just because of my personal good experience of them. And they cost peanuts.
https://www.amazon.co.uk/dp/B00C5K8CQ2/
64GB for < 10USD.
Scandisk I also have good experience of. They are some of the biggest brands I'm sure there is better alternatives. But i can't complain.
In theory, sure, you can use an app like DriveDroid on a rooted Android device to boot from your phone as if it were a USB mass storage device.
In practice, though, for Tails specifically, this is likely much more trouble than it's worth. For example, to overcome the requirement that the boot media be at least 8GB in size, you may need to resize the .img file to at least 8GB, or modify the GPT contained in the file. There may be other issues you encounter if you try this.
I really like it. I would have loved one of these when I was still working for running around reconfiguring devices and other equipment. A DB9 serial port is nice for that sort of thing. All sorts of random devices still use it.
I couldn't find what network card it uses. That would be one of the bigger questions. A small USB drive like https://www.amazon.com/SanDisk-64GB-Cruzer-Flash-Drive/dp/B07MDXBT87/ would be nice ($8). The Edimax Wifi card suggested on the Tails website is also very-small and not likely to snap off.
I think the graphics will work on Tails.
Oh boy... let’s break this down one horrid thing at a time... >The Tor network thinking you are the VPN server.
This isn’t of any benefit. It’s kind of implying the network is something it’s not. The network as a whole doesn’t think anything about you. 99% of it doesn’t even know you exist, only the one node you’re entering through.
>If the Tor network is compromised, they must also get past the VPN server.
There is no evidence that the network is compromised. No one has ever been found through a compromised network. People have been found through bad opsec though, most often in ways in which a VPN would have zero effect on.
>If your ISP blocks the Tor network, the VPN allows access to the Tor network.
Use a bridge. This a Tor specific solution designed exactly for this problem.
>Is this true?
No.
>Will this setup give me more protection and anonymity than just using Tails and TOR alone?
No.
>Is it true that installing Mullvad directly to Tails would mean less anonymity than Tails alone?
Yes.
>If so, why?
Tails is carefully designed to prevent leakage along with other common problems with many basic Tor setups that could potentially compromise your anonymity. Part of that is network configurations and another part is careful choice of the included software packages. Also Tails provides a degree of anonymity through ubiquity, ie every Tails user looks the same from the outside, making correlation between activity and users more difficult. Everything you do to make your setup more ‘unique’ compromises that.
>Thank you for your help and advice!
You’re welcome.
Looks like you are running computers that have secure boot enabled.
Secure boot will not boot an OS unless it is signed. Windows is signed - Tails is not signed.
You will need to enter BIOS setup and change settings.
Disable "secure boot".
Enable "legacy boot".
http://www.howtogeek.com/175641/how-to-boot-and-install-linux-on-a-uefi-pc-with-secure-boot/
Well TAILS forces ALL traffic (not just the broswer) through the Tor network. So all traffic leaving the system is immediately encrypted and anonymized. Also every TAILS system should look just like every other TAILS system so it makes your fingerprint more difficult to identify. TAILS spoofs your mac address (The hardware identification number attached to your network card) so that your individual computer can not be identified through network analysis. TAILS can also store your data in an encrypted volume using state of the art cryptography- so long as you choose a secure password you can rest knowing your data is safe from most adversaries. TAILS is also an incognito live system- it leaves absolutely no trace on the computer it is booted on that it was ever there (unless you specifically ask it to). And finally, as mentioned above it is amnesic- it forgets anything that happened on or to it during previous sessions unless that data is intentionally stored in the encrypted volume by the user. This includes malware and nefarious changes to the file directory. Also fun fact: everything in this comment can be found for yourself over at https://tails.boum.org/ !
Here is how to set up a persistent volume to save files and it will not compromise your anonymity by just saving normal files I'm sorry for the misunderstanding https://tails.boum.org/doc/first_steps/persistence/configure/index.en.html
Tor Browser is isolated through AppArmor, which isn't spectacular sandboxing security but it's better than nothing at all.
Of course, if you have a chain of exploits that escape from that, or you run the file you downloaded from "Tor Browser" folder and it's malicious its probably game over anyway.
Something to consider :)
More information: https://tails.boum.org/contribute/design/application_isolation/#index1h2
Yes, as per their announcement post:
The shutdown experience has also been redesigned in order to be:
More reliable. It was crashing on various computers with unpredictable results.
More discrete. The screen is now totally black to look less suspicious.
Are you running Tails 3.0.1? Read this.
Bridges are also known to be very slow - be patient. Wait a few minutes for it to properly connect. If it's still not connecting your bridge might be defect.
The point of tails is to not have any of your activity show up on an HDD or even your external. It would be best, for security and other reasons to set up your persistent storage with the remaining space on the USB drive you are using.
https://tails.boum.org/doc/first_steps/persistence/configure/index.en.html
A known issue is available on https://tails.boum.org/news/version_3.0/#known-issues
- Start the operating system you want to use Tails Installer on.
If you want to use Tails Installer in Tails 3.0, set up an administration password.
Choose Applications ▸ System Tools ▸ Root Terminal to open a terminal with administration rights.
Execute the following command to fix the bug in Tails Installer:
perl -pi -E 's,media_removable,removable,' /usr/lib/python2.7/dist-packages/tails_installer/creator.py
- Tails Installer should not expose this problem again… until you restart Tails, as these changes will be reverted upon restart.
Ahhhh, gotcha.
https://tails.boum.org/about/index.en.html will give you details: Tails is configured with special care to not use the computer's hard-disks, even if there is some swap space on them. The only storage space used by Tails is in RAM, which is automatically erased when the computer shuts down. So you won't leave any trace on the computer either of the Tails system itself or what you used it for. That's why we call Tails "amnesic".
Many SanDisk sticks straight up don't work - even though the 16GB Blade one isn't listed explicitly here - so maybe you just got unlucky with the second one, too.
Can't tell you for sure though, sorry.
Edit: Oh, could be the laptop, too! A bit further down on the Known Issues page:
>HP Pavilion dv7
>Since Tails 1.3, gets stuck at the Boot Loader Menu, whether Tails is installed manually or using Tails Installer.
You can make Electrum be persistent by changing a setting. Click: Applications, Tails, Configure persistent volume, then there should be an option for Electrum.
Also, Electrum creates a wallet using a seed of (12 I think) random words. THOSE WORDS ARE IMPORTANT. You can always recover your wallet with those words. So you could write them down and when you boot Tails again, give the words to Electrum, and you'll have your same wallet.
Enable persistence for Electrum then MAKE SURE YOUR SEED IS BACKED UP SOMEWHERE. I'm so serious about that. Wait until your flash drive dies or you lose it and then try to figure out how to get your bitcoin back. (You can't) Keep those words safe if you value your money.
I know this isn't the answer you are looking for, but the TAILS project warns about the security dangers of running in a VM. Please see the security considerations portion of https://tails.boum.org/doc/advanced_topics/virtualization/index.en.html
Sorry if this isn't helpful, but if security and anonymity are important to you, seems best to follow their recommendations and best practices.
>Since Tails is just an OS with no major software on it
I would consider Tails to be a Linux distribution rather than 'just an OS'. Relatively speaking, Tails includes a fair amount of software. It's not as much as something like Ubuntu, but it's significantly more than a console asking for a username. Tails is much closer to the Ubuntu side of things than 'a bare OS' side of things.
As /u/yozuo wrote, Tails includes software installed to read pdf files as well as open compressed archives.
>Also, is it possible to move downloaded files from Tails onto another USB?
Yes.
This is not a black/white issue. Will using the unsafe browser compromise everything you're trying to accomplish with tails? Possibly. Would using the persistence folder to store data that may be designed by nefarious entities be a bad thing? Probably. Might you be completely fine using the unsafe browser if you keep your wits about you? Probably. There are way to many variables to be absolutely certain about any specific outcome. Head over to: https://tails.boum.org/contribute/design/Unsafe_Browser/ and see if it helps to answer some of your questions better. Stay safe out there!
I guess your best bet would be trying to upgrade tails by cloning. Here is the guide on tails website
Basically, install Tails on another USB stick (install from windows, whatever) and use it to boot Tails without persistence. Have the USB stick that you're having problem also plugged in at the same time (but don't boot from this one)
After logged in with your new USB stick. Perform a "Upgrade by Cloning" from your new Tails USB stick to your new one (Applications -> Tails -> Tails Installer -> Upgrade by Cloning). I can without a doubt guarantee you that this process will NOT lose your persistence. That being said, this will most likely fix what's broken on your Tails while keeping your files intact (if they are).
Keep me posted.
This would require UEFI Secure boot support from Tails. Unfortunately, this is still under development. You can't boot Legacy on your Surface Book: pure UEFI device.
Links for reference: https://tails.boum.org/blueprint/UEFI_Secure_boot/ https://labs.riseup.net/code/issues/6560
The known issues page has a section for Mac stuff. You could try installing rEFInd or browsing the entire page. I don't know anyone with an MBP 2015 to experiment on.
If you can access a different computer, can you verify that TAILS is functional, i.e, that you installed it correctly? If it works elsewhere, that would at least prove that your MBP is the problem, and we can go from there. I'd give rEFInd a chance.
> I dont like answers like these.
Too bad. Because this is the correct answer.
> I am a tail user, I need an answer that relates to my situation using Tails.
Very easy. You only need to buy a second physical router, running the equivalent of Whonix gateway, and connect to your Tails system configured as the workstation.
Start here: https://www.whonix.org/wiki/Dev/Build_Documentation/Physical_Isolation
If this is too daunting, and you do not trust yourself with understanding all the subtle implications, perhaps you should look into Whonix on Qubes OS, or just Whonix.
See also https://tails.boum.org/blueprint/Two-layered_virtualized_system/
use this link --> " https://tails.boum.org/install/download/openpgp/index.en.html " and then click on Download the Tails 2.10 ISO image ( 1.2 GiB ) . It will download "normally" and you will have to verify the ISO "manually" using the PGP signature. (which never works for many for some reason. nevertheless I went this way and it worked. I took my chances with the "man in the middle". I also got the exact same error msg you got)
None of that helps.
>What we don't want
>Some users have requested support for VPNs in Tails to "improve" Tor's anonymity. You know, more hops must be better, right?. That's just incorrect -- if anything VPNs make the situation worse since they basically introduce either a permanent entry guard (if the VPN is set up before Tor) or a permanent exit node (if the VPN is accessed through Tor).
> Running Tails inside a virtual machine has various security implications. ... Both the host operating system and the virtualization software are able to monitor what you are doing in Tails.
Using Tails in a VM isn't the best for security, and using a VPN on the host machine does nothing to improve security compared to connecting to the VPN in Tails. If anything, it's worse because now your host OS is also sending (potentially identifying) data out of your VPN endpoint.
Chaining VPNs isn't better for anonymity. VPNs in general aren't good for anonymity.
Also, the Tails developers have probably done just about everything they can to make Tails as secure as possible. If there was some way to make Tails more secure, they would already recommend doing the thing or would have already implemented it.
READ MY WHOLE POST BEFORE STARTING!
Here is what you need to do. First put the USB you have down and do not touch it.
Next get another USB and follow These instructions When you get to 4/6 Install Tails Step number 3 says "Click on the Install by cloning button." DO NOT CLICK THIS!
Instead Click "Upgrade by cloning" This will preserve your persistence folder. Once another box comes up insert the messed up usb and continue with the upgrade. Once finished power down and take out usbs. Insert Upgraded Usb in and everything should be there.
I did a lot of research on how to fix this and if this has helped you feel free to tip me BTC. BTC address is 12XQ5Pt66PebVeTkm97NYHBovgyFDMmHSF If you don't want to tip me then no problem hopefully this helped you anyways.
Yes there is. You will have to create a persistent storage on the USB. Make sure you make a strong password preferably a long sentence which is easy to remember. Select the options you want to store from your sessions, and opposite of what the other guy told you, you can always go back and add/remove options as you wish. Just go back to the menu, and you will now see the option "configure persistent volume" instead of "create persistent volume".
Just a heads up, anyone using simple forensic tools will be able to tell you have an encrypted storage on your USB, and depending on where you live you can be locked up indefinitely until you give up your passphrase. https://tails.boum.org/doc/first_steps/persistence/warnings/index.en.html
This is a quote from the website: "When stopping Tails on some hardware, the memory wipe procedure fails to complete: the display gets scrambled, but the computer doesn't completely shutdown or restart. Sometimes the caps-lock button light of the keyboard flashes."
Then theres a list of PC brands and some macs that are affected by that.
Theres the link if you want to see: https://tails.boum.org/support/known_issues/#index27h2
Edit: turns out you can update software with the Synaptic Package Manager! Sorry for the incorrect response! I should've checked it out before responding. So, you'll need to start TAILS with a password in order to run the package manager, just like for the root terminal or other restricted things. You can look for updated software, and then only choose Electrum instead of updating all of the other stuff.
~~You can either wait for a future release of TAILS with a newer Electrum version, or you can add software to TAILS on your own, as outlined in the documentation. You're looking for the Debian package here, but be sure to read the TAILS docs. I don't have any experience with it though. Good luck!~~
>As it is currently impossible to install Tails directly from Windows, this scenario [Installing from Windows] requires creating an intermediary Tails on a second USB stick. This intermediary Tails lacks important security and usability features.
https://tails.boum.org/install/win/usb/overview/index.en.html
This next command adds the key in your public keyring for GnuPG to use during encryptiong to that key or verifying signatures made by that key:
gpg --import thefilewith.key
Then do the command in your post again.
As with the guide, if this message apppears:
gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.
Then it's good, you just didn't verify that the key its from who you think they are. You can pass it as good or do other steps for verificating its trueness on this part of the guide.
If you have firefox this part is easy. We need to download and reverify the tails .iso. https://tails.boum.org/install/download/index.en.html head here use firefox. Intall the plugin then verify and download tails.
Something similar happened to me. Your persistence is still there, try updating TAILS from a virtual box.
Launch the new tails in an Oracle Virtualbox and do a "clone" upgrade to the USB. This will preserve your persistence. Instructions below. Select Other Linux 64-bit not 32-bit as the instructions say.
https://tails.boum.org/doc/advanced_topics/virtualization/virtualbox/index.en.html
If you want to browse the dark web, all you need is the Tor Browser.
Unless you live in a dangerous country for free speech (iran, syria etc), Or a country which blocks Tor (china and some others). In which cases you'd need extra precautions.
In all other countries, it is not difficult/dangerous/illegal to use Tor.
When your using Tor, your ISP or friendly government agency can see your using Tor, but can't see what you are doing or what sites you are visiting.
(You can still be uncovered! Follow best practices, by avoiding the normal Internet, disabling all scripts,not downloading anything and disabling JavaScript.)
To download Tor visit the official webpage: https://www.torproject.org/
You'll find more documentation there! It should answer most of your questions :)
Dont worry bro u still can delete ur Tails from USB and then installing again with stable version from the Tails website here guide for delete tails from USB https://tails.boum.org/doc/first_steps/reset/windows/index.en.html