Tails Secure Distro
These days, security and privacy issues are increasingly making the news, but where can the average free software user learn more about safer practices? One of the best answers I have found is Tails, a Debian-based distribution that seems as much about teaching users to make informed decisions as about the software itself.
Tails produces a Live DVD or USB image called Amnesiac Incognito that you can use to preserve your privacy and anonymity. However, as useful as Tails itself is for safeguarding privacy, the documentation is of equal or greater value. Every step of the way, Tail’s documentation explains in simple, no-nonsense prose what your options are, and what you might lose or gain with each choice – including why you might trust Tails itself.
Tails’ project members take these issues so seriously that many of its contributors remain anonymous, although a few names appear on the Tails mailing list. No doubt, reasons for the anonymity differ, but some include a wish to avoid being associated with a project that some might see as suspect and a conviction that decisions about Tails should be based on what the software offers, not who’s associated with it.
Before you use Tails, you should start by reading its documentation. I suggest beginning with the About page, which outlines the project’s concerns and introduces Tor, the Internet anonymizer that Tails relies upon heavily.
If you are one of those who wonders why any law-abiding Internet user would use tools like Tails or Tor, you should also look at the Who uses Tor? page. There, you will find legitimate reasons for protecting privacy, whether you are an individual looking for protection against identity theft or for a means to protect your children on the Internet, a journalist trying to protect yourself or your sources, or a business executive working with confidential information. Far from revolving around criminal intent, such examples build the case that security and privacy measures are necessary precautions for everyone against illegal activity.
Once you decide to install, the Documentation page gives complete instructions and implications of each step involved in downloading and installation. In particular, you will probably want to spend time with the fourth section, which lists the pros and cons of installing to both a DVD and a USB stick, as well as what you should consider before adding persistence to a USB stick so that you can store your files on it. The Advanced section of the documentation also gives information about virtual installations, which are useful if you are simply curious, although they raise more security issues that either a DVD or USB stick.
The more documentation you read before installing, the more you will understand what Tails is about. However, the links given here should be enough to orient you and to help you get the most out of Tails.
The Tails Desktop Experience
As with any Live operating system, you might need to change the boot order on the machine from which you run Tails. If you don’t know how to change the boot order, look for a message early in the boot process about which key to press.
The first window you see is the Tails Greeter. From this window, you can enter an administration password, rather than accepting the default of working without one, to prevent intruders from gaining root access. You also have the choice of enabling Windows XP Camouflage, which disguises the desktop so that it is less noticeable in a public setting.
After the Tails Greeter, the system displays a virtual keyboard, so you can enter your password without fear of keystroke logging. Then, Tails syncs the clock so hidden services can work properly, invites you to connect to the Internet, and announces any security holes in the current version.
Having the latest or most complete selection of software is not a priority for Amnesiac Incognito. The latest release runs Gnome 2.30.2, which is now almost three years old. Similarly, its office suite is not LibreOffice but OpenOffice.org 3.2, which is of similar vintage.
The other software available on the Live system includes basic programs like GIMP and Audacity, as well as basic Gnome utilities, such as the Brasero burner and Simple Scan. The selection is probably good enough for most productivity needs, but when it is not, you are forced to choose between installing other software that might not be as well patched as that provided or simply doing without.
However, this selection is adequate; at any rate, Amnesiac Incognito is not primarily about productivity. Email is not encrypted automatically, although the documentation encourages you to do encrypt it yourself, and the greatest emphasis is on anonymizing you on the Internet, whether you are chatting or surfing the web. The system even includes an option to encrypt bug reports with PGP when you submit them in WhisperBack.
However, the most important of Tail’s Firefox extensions is Torbutton, which enables the use of Tor. Tor is notoriously difficult for inexperienced users to set up, so one of the advantages of Tails is that it ships with Tor ready to use. Start Firefox, and a minute or two later, you receive the announcement that you are connected to Tor. If you have a site that collects statistics, log on to it and you can see how Tor protects your identity, spoofing your IP Address and routing your query through at least one other server (which might also hide your operating system).
The one drawback to Tor is that occasionally the service is overloaded and requires another effort to connect. Presumably, the insecure version of Firefox included in the menus is offered for when such problems occur, and you really need a web browser.
Under Applications | System Tools are scripts for installing Tails on a USB stick and configuring or deleting persistent volumes. Tails’ documentation suggests that, if you need to store personal files, you are probably better off storing them on a separate USB stick, so as not to risk compromising the system. However, to the project’s credit, its developers are realistic enough to know that many users are going to want persistence anyway. As the documentation’s frequent discussions of alternatives suggests, security often is a matter of how much protection you are willing to sacrifice for convenience.
No matter what you do, security and privacy are rarely completely out of mind. Even when you are shutting down, the list of closing services is interrupted by a message explaining that, if the system doesn’t turn off soon, then the system’s attempt to wipe memory has failed.
If you read the Advanced section of the documentation, you will also learn about cold boot attacks, the retrieval of information from RAM that is theoretically possible for a few minutes after a computer closes down (Tails’ advice for avoiding cold boot attacks is to remove the Live system at once, and stall the person who wants a look at your machine). You can use Tails for routine computing, but every step of the way, the system will make you conscious about the security and privacy issues you are facing.
Something to Try at Least Once
A DVD or USB stick is convenient enough to carry around, and an average user might easily prefer it to the possibility of booting a strange computer from the hard drive and forgetting to empty the browser history.
However, from the comments I have heard whenever security and privacy are raised, I suspect that many users might find Tails’ ever-present concerns too oppressive – too paranoid, one might say – for everyday use. Only those already aware of just how real those concerns can be are likely to use it regularly.
All the same, most GNU/Linux users would benefit from spending some time with Tails. As a primer on security and privacy, its documentation has no equal for clarity, frankness, or brevity, and its Live system is as painless a way of seeing those concerns in action as you are likely to get.
After a day or two, many users might tire of Tail’s hypervigilance. However, if you do, you will probably return to other distributions with some sense of the issues and best practices, and maybe – just maybe – you will start to implement some of Tail’s precautions, making your computing that much safer.
New flaw in an old encryption scheme leaves the experts scrambling to disable SSL 3
Lennart Poettering wants to change the way Linux developers talk to each other.
Enterprise giant frees itself from ink and home PCs (and visa versa).
Mozilla’s product think tank sinks silently into history.
TODO group will focus on open source tools in large-scale environments.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.