In this blog post, I will talk about a Live CD Linux distribution geared towards preserving privacy, anonymity and circumventing censorship.
Who would use Tails?
Journalists interested in keeping their sources private, people who reside in an oppressive regime, people using internet cafés, tourists in foreign nations where there is surveillance, business people conducting affairs in foreign countries where competitors might seek to intercept their communications to gain an economic advantage, law enforcement, and spies.
Basically anyone who would like to minimize the digital trail they leave when using the Internet.
What is Tails?
Where would you use Tails?
Anywhere you suspect your Internet traffic is monitored. (That’s pretty much everywhere recently…)
When would you use Tails?
When your communication really must be private. While using Tails does not guarantee anonymity, the system is geared towards securing communications by default, as well as erasing any tracks generated while in use (The system even wipes memory at shutdown, to circumvent cold boot attacks)
How does Tails work?
“Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly.”
The makers of Tails, who choose to remain anonymous presumably to avoid being pressured into including backdoors in their system, also include instructions on how to download their operating system, as well as links to tutorials on how to verify the integrity of your ISO, to avoid man-in-the-middle attacks.
I proceed to burn this ISO image onto a blank DVD, and boot from the optical drive. Achieving this will be different on each system, but here is a link to a wikihow page explaining this process.
The steps to achieve this may differ with the equipment you are using. While it is possible to use the ISO and create a bootable USB stick, I found the old optical drive technique to be the easiest.
This method also has the added security of being “read only” media, as once the data has been written to the optical disk, it cannot be modified. I tried to get it to work on an SD card, but my initial target system did not have a “boot to SD-card” option. I also tried to make a bootable USB stick directly from the ISO with no success. I suspect that having created it on a different system than the one I wanted to use it on may have played a part in it not working.
My initial attempts to get Tails to work on an Eeepc were unsuccessful, (the screen was too small, it was not really useable)
I was able to boot to the Tails operating system using an older laptop using the optical drive, and I was greeted by a desktop environment that is pretty much the same as Debian, of which Tails is derived from.
After Tails has synchronized the clock, it automatically connect to the TOR network, to ensure your internet traffic is anonymized. I discovered you cannot create persistent storage, as I was on a live CD. (doh) From the applications menu, if you select the “Tails” sub menu, you can start the “Tails Installer” to begin creating a live USB stick that will boot to tails. (It took me a couple of tries with different USB sticks until I found one that worked.)
Once the USB version of Tails was created, I changed the boot order in my BIOS and booted from it. The live USB stick version is considerably faster to start, and affords me the option to create a persistent partition, on which you can save documents between sessions.
Tails comes with a small set of applications, all geared towards maintaining your privacy.
TOR enabled by default.
KeePassX, a cross-platform password manager.
Pidgin Chat client, cross-platform compatible, supporting OTR messaging.
MetaData Anonymization toolkit, to strip metadata from documents.
i2P client, a similar network to TOR.
Whisperback to send feedback via encrypted e-mail.
So after some fiddling around, I have a working copy of Tails, on a live USB stick. This is a useful portable operating system to add to your toolkit, for when you need your communications to remain private.