Better privacy with Tails
Invisibility Cloak
The Tails Live Linux distribution provides privacy-conscious users with easy access to the Tor network for anonymous surfing.
The Internet today makes you transparent and vulnerable. Even popular solutions such as mail encryption and VPNs leave clues for someone who is motivated enough to track your activities. If you are serious about keeping your Internet affairs private, one remedy is an anonymizing distribution such as Tails. Tails automatically routes all connections to the Internet via the anonymizing Tor network.
The Tor network is a system of anonymous relay servers that conceal the location and identity of the computer sending the message or request. The basic techniques that spies and Internet advertisers use to uncover the source of an Internet packet will not work if the traffic is routed through the Tor network. You can download and install a Tor-ready browser directly from the Tor project website, but anonymity depends on more than just the browser. Other configuration settings on your system must reflect the same attention to security and anonymity if you wish to truly go unnoticed.
The Tails Linux distribution is designed to let users boot directly into a preconfigured anonymous environment based on Tor. Tails, a Live system that runs from a DVD or USB stick, is not suitable for continuous operation due to the limits imposed by the speed constraints of the Tor network. Most users, instead, deploy Tails on an as-needed basis. Still, if you're looking for a fast and easy way to integrate the safe surfing capabilities of the TOR network, Tails is an easy and convenient alternative.
Also on the Go
The abbreviation Tails [1] stands for The Amnesic Incognito Live System. The motto of the Debian-based distribution is "privacy for everyone, everywhere." You can boot Tails as a DVD, USB memory stick, or SD card, so it is easy to carry around with you.
On Flash devices, you can set up a Persistent mode in a separate partition that allows you to store password-protected data from the Live session in a private, encrypted directory [2]. On the other hand, Tails reliably forgets all data if you do not enable persistence, and the system is immutable – that is, you can't make changes to it. You can thus use Tails without an Internet connection as a completely anonymous typewriter for confidential text.
The developers have already configured the Tails distribution for its intended purpose, which saves the user significant time and helps avoid security-related configuration errors. The project publishes a new version every two months. In mid-December 2016 the developers released Tails 2.9.1 (see the box entitled "Version 2.9.1").
Version 2.9.1
Tails 2.9.1, which follows hot on the heels of its predecessor 2.7.1, is more of a bug fix and maintenance release than a major update. The next major release is Tails 3.0, which is scheduled for June 2017 and is already available as an alpha version.
In addition to bug fixes, Tails 2.9.1 mainly focuses on updating the packages included in the bundle. The Debian kernel 4.7.8-1~bpo8+1 provides the basis; system management is handled to a great extent by systemd 215-17. The linchpin in the distribution is version 6.0.8 of the Tor Browser, which is built on Firefox ESR 45.6.0 (Figure 1). Tor itself is included as version 0.2.8.10. The Thunderbird email client, which is currently dubbed Icedove at Debian, is version number 45.5.1. Another change is the default search engine: DuckDuckGo (Figure 2).
Because of a security issue, the Debian developers upgraded the Apt package management front end to version 1.0.9.8.4; other security issues in Firefox ESR and Icedove were remedied at the last minute. The update of the Guest Additions to version 5.1.8 fixed a bug that prevented Tails 2.7.x from launching in VirtualBox.
The preinstalled applications now include the KeePassX password manager, the Dasher accessible text input tool, a Bitcoin wallet, and Gobby as a collaborative text editor.
Two-in-One
When looking for a Tails image to download, do not be confused by the fact that the only ISO you find at the Tails website has an identifier of i368
for 32-bit mode. It is a hybrid image that boots either a 32- or 64-bit kernel depending on the architecture.
After you start Tails as a Live system, the first screen to appear is Welcome to Tails (Figure 3). When prompted about additional options, you will want to say Yes to enter a root password, which is disabled by default. You can also manipulate the MAC address to make your system activities more difficult to trace. In addition, you can disable all network functions.
After clicking Apply, you are taken to the Gnome 3.14 desktop. The developers use Gnome Classic mode, which more closely matches the design of Gnome 2. In the background, the system sets up access to the Tor network and, after about one minute, prints an announcement at the bottom of the screen saying that Tor is now ready.
You can then start the Tor Browser; you will notice that the launch is somewhat slower than usual. Tunneling the connection through the Tor network definitely has an effect on performance. To discover whether or not you are actually surfing with Tor, you can check the small onion icon in the top-right notification area. An X in the onion means that Tor is disabled – in which case Tails then automatically blocks all connections to the Internet.
Secure Communication
Pressing the onion icon displays Open Onion Circuits with a list of nodes currently used on the Tor network (Figure 4). In each line, you will see three computer names for the input, middle, and output nodes of the Tor network. Clicking on an entry shows the related properties, such as the fingerprint, the IP address, the location, and the node's bandwidth. The Internet option in the application menu also offers you the option of choosing Insecure Browser to use Firefox without detouring via the Tor network.
The developers have also modified the Icedove email client for Tails, resulting in TorBirdy [3]; view the TorBirdy configuration by clicking the bottom right border of the Icedove window. You can make the profile stricter by forcibly encrypting all outgoing emails with the Enigma extension.
Messengers offer another approach to communicating over the Internet. Tails uses the Pidgin instant messenger, which uses the Off-the-Record (OTR) messaging protocol for encryption and secure authentication of the opposite end (see the box entitled "OTR"). However OTR is disabled in Tails by default, because you have to generate a private key before you can use it [4]. To access the configuration in Pidgin, go to Tools | Plugins | Off-the-Record Messaging.
OTR
The OTR messaging protocol regulates the continuous updating and management of short-term session keys. As a special feature compared with classical encryption, OTR ensures that it is no longer possible to determine at a later stage whether a particular key was used by a certain person (plausible deniability).
If you use Pidgin for IRC via Tor, keep in mind that some channels (such as Debian) block visitors over Tor because spammers often use Tor to distribute spam. The Tor website has a list of IRC networks blocked for and open to Tor [5]. For more information on secure communication with Pidgin, check out the Tails documentation [6].
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.