Tails bills itself as ‘the amnesiac incognito live system’, but it is really a stand-alone version (distro) of Linux (Debian GNU/Linux) that has been optimised for maximum security.
Tails is booted as a Live DVD or Live USB (from a USB stick), forces all internet traffic through the Tor anonymity network (refusing non-Tor connections), can used on any computer but leaves no trace (all data is stored in RAM, which is automatically deleted when a session is finished), and comes with advanced cryptographic tools built-in.
How can we trust Tails?
The team behind Tails is anonymous,
‘The masters of today’s Internet, namely the marketing giants like Google, Facebook, and Yahoo, and the spying agencies, really want our lives to be more and more transparent online, and this is only for their own benefit. So trying to counterbalance this tendency seems like a logical position for people developing an operating system that defends privacy and anonymity online.’
This of course brings up the issue of how Tails can be trusted not be some kind of NSA honeypot. Well, the PowerPoint slide below shows the NSA complaining about Tails, and the OS is completely open source, so the code can be inspected by anyone (Tails is based on Debian, which has been heavily audited. Many of the bundled applications however, although also all open source, have not been audited). For more details see here.
NSA PowerPoint slide complaining about Tails
The Tails ISO image can be downloaded and burned onto DVD (the file is 913MB), or installed on a USB stick or memory card (recommended). Full instructions are available on the official Tails website. Users should take particular care to read, understand, and implement the instructions on how to verify the ISO image integrity using the Tails Signing Key, as well as how to increase trust in that Signing Key. It is also important to understand the limitations of Tails as a security tool before you start using it.
Once you are satisfied with the integrity of the ISO, and have burned / installed Tails on your chosen media, you can insert the media into any desktop computer media, restart the computer, and boot into the OS (usually continually tapping the F11 or F12 during the first 15 seconds of booting up will bring up the Boot Options page, from where you can select the correct boot device).
You can jump straight in, but it probably worth taking a look at the advanced options at least once
Tails uses a no-frills Gnome 2.0 desktop (somewhat outdated)
As soon as Tails boots to the desktop it will start establishing a Tor connection. This can take up to a minute or so, and you are notified when successfully completed. The fact that Tails forces all connections through Tor is its defining feature
IceWeasel comes with a bunch of privacy enhancing extensions. We have looked at most of these before, but FoxyProxy provides an easy way to switch between proxy settings (and ‘amnesia branding’ simply seems to rebrand the browser to say ‘Tails’)
You may have noticed ‘Windows Camouflage’ in the startup options, This makes Tails look like Windows XP, and is intended to look less ‘suspicious’ used in a public place such as an internet café
Tails comes with a built-in virtual keyboard, designed to foil various keylogging techniques
A number of security related tools are bundled with Tails.
The Claws Mail client comes with PGP baked in
Pidgin is an Instant Messaging and VoIP app, and the Tails version comes pre-installed with secure OTR messaging (se take an in-depth look at Pidgin + OTR here)
KeePassX is the Linux version of our favorite password manager
Tails also allow you encrypt USB sticks and external hard drives using LUKS.
In addition to security related tools, Tails includes some basic programs that will give journalists, whistleblowers etc. the basics of what they need to get work done. These include OpenOffice, GNU Image Manipulation Program, Inkscape Vector Graphics Editor (an app and website language translator program), Globby Collaborative Editor, Poedit, and Audacity.
Of course, additional programs can be downloaded using the Synaptic Package Manager, but this introduces new security issues.
As a tool for accessing the internet as anonymously as possible, it is difficult to beat Tails. It provides all the necessary tools that journalists, whistleblowers and such will likely need to perform their task without being tracked or identified.
As a day-day secure OS however, Tails will likely be somewhat too out-dated and stripped down for most people’s tastes. This is as it should be however, and the Tails website takes pains to explain that for maximum security a brand new session should be run for each task performed.
Users looking for a good general purpose secure OS might want to consider using something like Linux Mint (or any version of Linux). These are nowhere near as secure ‘out-of-the-box’ as Tails, but are much more secure than Windows or OSX (while proving similar levels of functionality), and with care can they be configured to be much more secure.
For the truly paranoid however, Tails is absolutely the way to go!
Note that those wishing to donate to Tails can do through the Freedom of the Press Foundation.
Update 10 October 2014: a new version of Tails (1.2) has been released. It fixes numerous security issues, replaces the IceWeasel browser with Tor Browser 4.0 (see here for more details), and adds a dedicated I2P browser. Because TrueCrypt is no longer considered secure, Tails makes it clear that the program will be removed from version 1.3. It remains included in version 1.2, however, in order to allow users to open existing TrueCrypt containers and migrate data away from the program.
Users are advised to upgrade to Tails 1.2 as soon as possible, which can be downloaded or upgraded from here.