Better privacy with Tails
Invisibility Cloak
The Tails Live Linux distribution provides privacy-conscious users with easy access to the Tor network for anonymous surfing.
The Internet today makes you transparent and vulnerable. Even popular solutions such as mail encryption and VPNs leave clues for someone who is motivated enough to track your activities. If you are serious about keeping your Internet affairs private, one remedy is an anonymizing distribution such as Tails. Tails automatically routes all connections to the Internet via the anonymizing Tor network.
The Tor network is a system of anonymous relay servers that conceal the location and identity of the computer sending the message or request. The basic techniques that spies and Internet advertisers use to uncover the source of an Internet packet will not work if the traffic is routed through the Tor network. You can download and install a Tor-ready browser directly from the Tor project website, but anonymity depends on more than just the browser. Other configuration settings on your system must reflect the same attention to security and anonymity if you wish to truly go unnoticed.
The Tails Linux distribution is designed to let users boot directly into a preconfigured anonymous environment based on Tor. Tails, a Live system that runs from a DVD or USB stick, is not suitable for continuous operation due to the limits imposed by the speed constraints of the Tor network. Most users, instead, deploy Tails on an as-needed basis. Still, if you're looking for a fast and easy way to integrate the safe surfing capabilities of the TOR network, Tails is an easy and convenient alternative.
Also on the Go
The abbreviation Tails [1] stands for The Amnesic Incognito Live System. The motto of the Debian-based distribution is "privacy for everyone, everywhere." You can boot Tails as a DVD, USB memory stick, or SD card, so it is easy to carry around with you.
On Flash devices, you can set up a Persistent mode in a separate partition that allows you to store password-protected data from the Live session in a private, encrypted directory [2]. On the other hand, Tails reliably forgets all data if you do not enable persistence, and the system is immutable – that is, you can't make changes to it. You can thus use Tails without an Internet connection as a completely anonymous typewriter for confidential text.
The developers have already configured the Tails distribution for its intended purpose, which saves the user significant time and helps avoid security-related configuration errors. The project publishes a new version every two months. In mid-December 2016 the developers released Tails 2.9.1 (see the box entitled "Version 2.9.1").
Version 2.9.1
Tails 2.9.1, which follows hot on the heels of its predecessor 2.7.1, is more of a bug fix and maintenance release than a major update. The next major release is Tails 3.0, which is scheduled for June 2017 and is already available as an alpha version.
In addition to bug fixes, Tails 2.9.1 mainly focuses on updating the packages included in the bundle. The Debian kernel 4.7.8-1~bpo8+1 provides the basis; system management is handled to a great extent by systemd 215-17. The linchpin in the distribution is version 6.0.8 of the Tor Browser, which is built on Firefox ESR 45.6.0 (Figure 1). Tor itself is included as version 0.2.8.10. The Thunderbird email client, which is currently dubbed Icedove at Debian, is version number 45.5.1. Another change is the default search engine: DuckDuckGo (Figure 2).
Because of a security issue, the Debian developers upgraded the Apt package management front end to version 1.0.9.8.4; other security issues in Firefox ESR and Icedove were remedied at the last minute. The update of the Guest Additions to version 5.1.8 fixed a bug that prevented Tails 2.7.x from launching in VirtualBox.
The preinstalled applications now include the KeePassX password manager, the Dasher accessible text input tool, a Bitcoin wallet, and Gobby as a collaborative text editor.
Two-in-One
When looking for a Tails image to download, do not be confused by the fact that the only ISO you find at the Tails website has an identifier of i368
for 32-bit mode. It is a hybrid image that boots either a 32- or 64-bit kernel depending on the architecture.
After you start Tails as a Live system, the first screen to appear is Welcome to Tails (Figure 3). When prompted about additional options, you will want to say Yes to enter a root password, which is disabled by default. You can also manipulate the MAC address to make your system activities more difficult to trace. In addition, you can disable all network functions.
After clicking Apply, you are taken to the Gnome 3.14 desktop. The developers use Gnome Classic mode, which more closely matches the design of Gnome 2. In the background, the system sets up access to the Tor network and, after about one minute, prints an announcement at the bottom of the screen saying that Tor is now ready.
You can then start the Tor Browser; you will notice that the launch is somewhat slower than usual. Tunneling the connection through the Tor network definitely has an effect on performance. To discover whether or not you are actually surfing with Tor, you can check the small onion icon in the top-right notification area. An X in the onion means that Tor is disabled – in which case Tails then automatically blocks all connections to the Internet.
Secure Communication
Pressing the onion icon displays Open Onion Circuits with a list of nodes currently used on the Tor network (Figure 4). In each line, you will see three computer names for the input, middle, and output nodes of the Tor network. Clicking on an entry shows the related properties, such as the fingerprint, the IP address, the location, and the node's bandwidth. The Internet option in the application menu also offers you the option of choosing Insecure Browser to use Firefox without detouring via the Tor network.
The developers have also modified the Icedove email client for Tails, resulting in TorBirdy [3]; view the TorBirdy configuration by clicking the bottom right border of the Icedove window. You can make the profile stricter by forcibly encrypting all outgoing emails with the Enigma extension.
Messengers offer another approach to communicating over the Internet. Tails uses the Pidgin instant messenger, which uses the Off-the-Record (OTR) messaging protocol for encryption and secure authentication of the opposite end (see the box entitled "OTR"). However OTR is disabled in Tails by default, because you have to generate a private key before you can use it [4]. To access the configuration in Pidgin, go to Tools | Plugins | Off-the-Record Messaging.
OTR
The OTR messaging protocol regulates the continuous updating and management of short-term session keys. As a special feature compared with classical encryption, OTR ensures that it is no longer possible to determine at a later stage whether a particular key was used by a certain person (plausible deniability).
If you use Pidgin for IRC via Tor, keep in mind that some channels (such as Debian) block visitors over Tor because spammers often use Tor to distribute spam. The Tor website has a list of IRC networks blocked for and open to Tor [5]. For more information on secure communication with Pidgin, check out the Tails documentation [6].
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.
-
ZorinOS 17.1 Released, Includes Improved Windows App Support
If you need or desire to run Windows applications on Linux, there's one distribution intent on making that easier for you and its new release further improves that feature.
-
Linux Market Share Surpasses 4% for the First Time
Look out Windows and macOS, Linux is on the rise and has even topped ChromeOS to become the fourth most widely used OS around the globe.
-
KDE’s Plasma 6 Officially Available
KDE’s Plasma 6.0 "Megarelease" has happened, and it's brimming with new features, polish, and performance.
-
Latest Version of Tails Unleashed
Tails 6.0 is based on Debian 12 and includes GNOME 43.
-
KDE Announces New Slimbook V with Plenty of Power and KDE’s Plasma 6
If you're a fan of KDE Plasma, you'll be thrilled to hear they've announced a new Slimbook with an AMD CPU and the latest version of KDE Plasma desktop.
-
Monthly Sponsorship Includes Early Access to elementary OS 8
If you want to get a glimpse of what's in the pipeline for elementary OS 8, just set up a monthly sponsorship to help fund its continued existence.
-
DebConf24 to be Held in South Korea
Busan will be the location of the latest DebConf running July 28 through August 4
-
Fedora Unleashes Atomic Desktops
Fedora has combined its solid distribution with rpm-ostree system to make it possible to deliver a new family of Fedora spins, called Fedora Atomic Desktops.
-
Bootloader Vulnerability Affects Nearly All Linux Distributions
The developers of shim have released a version to fix numerous security flaws, including one that could enable remote control execution of malicious code under certain circumstances.