Better privacy with Tails
Invisibility Cloak
The Tails Live Linux distribution provides privacy-conscious users with easy access to the Tor network for anonymous surfing.
The Internet today makes you transparent and vulnerable. Even popular solutions such as mail encryption and VPNs leave clues for someone who is motivated enough to track your activities. If you are serious about keeping your Internet affairs private, one remedy is an anonymizing distribution such as Tails. Tails automatically routes all connections to the Internet via the anonymizing Tor network.
The Tor network is a system of anonymous relay servers that conceal the location and identity of the computer sending the message or request. The basic techniques that spies and Internet advertisers use to uncover the source of an Internet packet will not work if the traffic is routed through the Tor network. You can download and install a Tor-ready browser directly from the Tor project website, but anonymity depends on more than just the browser. Other configuration settings on your system must reflect the same attention to security and anonymity if you wish to truly go unnoticed.
The Tails Linux distribution is designed to let users boot directly into a preconfigured anonymous environment based on Tor. Tails, a Live system that runs from a DVD or USB stick, is not suitable for continuous operation due to the limits imposed by the speed constraints of the Tor network. Most users, instead, deploy Tails on an as-needed basis. Still, if you're looking for a fast and easy way to integrate the safe surfing capabilities of the TOR network, Tails is an easy and convenient alternative.
Also on the Go
The abbreviation Tails [1] stands for The Amnesic Incognito Live System. The motto of the Debian-based distribution is "privacy for everyone, everywhere." You can boot Tails as a DVD, USB memory stick, or SD card, so it is easy to carry around with you.
On Flash devices, you can set up a Persistent mode in a separate partition that allows you to store password-protected data from the Live session in a private, encrypted directory [2]. On the other hand, Tails reliably forgets all data if you do not enable persistence, and the system is immutable – that is, you can't make changes to it. You can thus use Tails without an Internet connection as a completely anonymous typewriter for confidential text.
The developers have already configured the Tails distribution for its intended purpose, which saves the user significant time and helps avoid security-related configuration errors. The project publishes a new version every two months. In mid-December 2016 the developers released Tails 2.9.1 (see the box entitled "Version 2.9.1").
Version 2.9.1
Tails 2.9.1, which follows hot on the heels of its predecessor 2.7.1, is more of a bug fix and maintenance release than a major update. The next major release is Tails 3.0, which is scheduled for June 2017 and is already available as an alpha version.
In addition to bug fixes, Tails 2.9.1 mainly focuses on updating the packages included in the bundle. The Debian kernel 4.7.8-1~bpo8+1 provides the basis; system management is handled to a great extent by systemd 215-17. The linchpin in the distribution is version 6.0.8 of the Tor Browser, which is built on Firefox ESR 45.6.0 (Figure 1). Tor itself is included as version 0.2.8.10. The Thunderbird email client, which is currently dubbed Icedove at Debian, is version number 45.5.1. Another change is the default search engine: DuckDuckGo (Figure 2).
Because of a security issue, the Debian developers upgraded the Apt package management front end to version 1.0.9.8.4; other security issues in Firefox ESR and Icedove were remedied at the last minute. The update of the Guest Additions to version 5.1.8 fixed a bug that prevented Tails 2.7.x from launching in VirtualBox.
The preinstalled applications now include the KeePassX password manager, the Dasher accessible text input tool, a Bitcoin wallet, and Gobby as a collaborative text editor.
Two-in-One
When looking for a Tails image to download, do not be confused by the fact that the only ISO you find at the Tails website has an identifier of i368
for 32-bit mode. It is a hybrid image that boots either a 32- or 64-bit kernel depending on the architecture.
After you start Tails as a Live system, the first screen to appear is Welcome to Tails (Figure 3). When prompted about additional options, you will want to say Yes to enter a root password, which is disabled by default. You can also manipulate the MAC address to make your system activities more difficult to trace. In addition, you can disable all network functions.
After clicking Apply, you are taken to the Gnome 3.14 desktop. The developers use Gnome Classic mode, which more closely matches the design of Gnome 2. In the background, the system sets up access to the Tor network and, after about one minute, prints an announcement at the bottom of the screen saying that Tor is now ready.
You can then start the Tor Browser; you will notice that the launch is somewhat slower than usual. Tunneling the connection through the Tor network definitely has an effect on performance. To discover whether or not you are actually surfing with Tor, you can check the small onion icon in the top-right notification area. An X in the onion means that Tor is disabled – in which case Tails then automatically blocks all connections to the Internet.
Secure Communication
Pressing the onion icon displays Open Onion Circuits with a list of nodes currently used on the Tor network (Figure 4). In each line, you will see three computer names for the input, middle, and output nodes of the Tor network. Clicking on an entry shows the related properties, such as the fingerprint, the IP address, the location, and the node's bandwidth. The Internet option in the application menu also offers you the option of choosing Insecure Browser to use Firefox without detouring via the Tor network.
The developers have also modified the Icedove email client for Tails, resulting in TorBirdy [3]; view the TorBirdy configuration by clicking the bottom right border of the Icedove window. You can make the profile stricter by forcibly encrypting all outgoing emails with the Enigma extension.
Messengers offer another approach to communicating over the Internet. Tails uses the Pidgin instant messenger, which uses the Off-the-Record (OTR) messaging protocol for encryption and secure authentication of the opposite end (see the box entitled "OTR"). However OTR is disabled in Tails by default, because you have to generate a private key before you can use it [4]. To access the configuration in Pidgin, go to Tools | Plugins | Off-the-Record Messaging.
OTR
The OTR messaging protocol regulates the continuous updating and management of short-term session keys. As a special feature compared with classical encryption, OTR ensures that it is no longer possible to determine at a later stage whether a particular key was used by a certain person (plausible deniability).
If you use Pidgin for IRC via Tor, keep in mind that some channels (such as Debian) block visitors over Tor because spammers often use Tor to distribute spam. The Tor website has a list of IRC networks blocked for and open to Tor [5]. For more information on secure communication with Pidgin, check out the Tails documentation [6].
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Budgie 10.10 Scheduled for Q1 2025 with a Surprising Desktop Update
If Budgie is your desktop environment of choice, 2025 is going to be a great year for you.
-
Firefox 134 Offers Improvements for Linux Version
Fans of Linux and Firefox rejoice, as there's a new version available that includes some handy updates.
-
Serpent OS Arrives with a New Alpha Release
After months of silence, Ikey Doherty has released a new alpha for his Serpent OS.
-
HashiCorp Cofounder Unveils Ghostty, a Linux Terminal App
Ghostty is a new Linux terminal app that's fast, feature-rich, and offers a platform-native GUI while remaining cross-platform.
-
Fedora Asahi Remix 41 Available for Apple Silicon
If you have an Apple Silicon Mac and you're hoping to install Fedora, you're in luck because the latest release supports the M1 and M2 chips.
-
Systemd Fixes Bug While Facing New Challenger in GNU Shepherd
The systemd developers have fixed a really nasty bug amid the release of the new GNU Shepherd init system.
-
AlmaLinux 10.0 Beta Released
The AlmaLinux OS Foundation has announced the availability of AlmaLinux 10.0 Beta ("Purple Lion") for all supported devices with significant changes.
-
Gnome 47.2 Now Available
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.