Tails OS: The Amnesic Operating System That Covers Your Tracks
If you’ve ever done something super sneaky and prayed that no one would ever find out, you’re in a similar position to Edward Snowden when he leaked highly classified information from the NSA in 2013.
To minimize his risk of detection and capture, the analyst employed all of the tools at his disposal to keep himself anonymous and secure. One of the most powerful of these tools was Tails.
Your Computer Knows Much More About You Than You May Think
In addition to images, videos, and documents stored on its hard disk, your computer can reveal a lot of very sensitive information about you in ways you may not have even considered.
Your browser knows what websites you’ve visited and the passwords you’ve used. It contains the keys to your social media accounts, your email, and all of your contacts. Your browser history on its own could potentially ruin your life.
Your saved WiFi credentials can let people into your home network — or worse — tell an adversary where you’ve been, thanks to WiFi access point mapping, which links real-world locations to WiFi network names. There is a free, crowdsourced WiFi mapping project here, but rest assured, more accurate and up-do-date private maps exist.
Supposedly private communications between journalists and sources have been examined on seized laptops, and even the partners of journalists reporting on leaked documents have had their devices confiscated and scrutinized. More recently, Rebekah Jones — a Florida data scientist who says state officials fired her for refusing to manipulate coronavirus data — had her home raided and computer equipment confiscated by police looking for evidence that she used a state messaging system without authorization to compel other employees to speak out against official pandemic narratives.
Tails is an amnesic Linux-based operating system built on the Debian Linux distribution, which runs from a live USB and leaves no trace of itself or your activities on your computer. And because it comes with the Tor browser already installed, your internet activity is hidden from would-be snoopers.
You may not be leaking state secrets or have anything to hide, but if you don’t like the idea of your online activity being scrutinized, Tails could be the solution you’re looking for.
It’s free, open-source software — which means that it costs nothing to use and the source code is open for inspection. You can modify it however you want and distribute it to whomever you choose.
Getting Started With Tails OS
Tails will run on any reasonably modern 64-bit machine that allows you to boot from USB — although Chromebooks are out of the question without some modification. If you’re not sure, a good rule of thumb is that any computer currently running Windows 10 will probably work with Tails. If you have a Mac built after mid-2007, you should have no problems either. (Tails currently doesn’t work on Mac models that use the M1 chip.)
You will also need a USB stick of at least 8 GB and a copy of Etcher to create a bootable image.
To download Tails, visit the official Tails website, click Get Tails, and select the operating system you’re currently using. The file you download will be identical no matter which option you choose, but the installation steps will vary.
The creators of tails are a careful bunch, and they know that it’s technically possible for malicious third parties to substitute a different disk image for the intended download — a “fake” download containing malware and spyware, for example.
To minimize the risk, they offer a tool on their site to check that the cryptographic signature of your downloaded file matches the signature of their official image. Alternatively, you can download the OpenPGP signature and check it yourself.
Once you’re satisfied that the Tails image is legitimate and not a rogue version slipped onto your machine by a shadowy government agency, fire up Etcher and select the Tails image from its download location (by default, this will be the “Downloads” folder). Choose your USB stick as the destination, and click on Flash!
Etcher took less than a minute to write the image to my USB stick on my computer. Your mileage may vary based on the type of USB ports your computer has and the type of USB stick you’re using. USB 3 is very fast, but other versions may take significantly longer.
Once the process is complete, simply shut down your computer and reboot from the USB stick.
In modern versions of Windows you can do this from the shutdown menu — just hold down Shift as you press Restart and select the option to boot from removable media.
Alternatively, you can boot into BIOS and change the boot order.
Methods of accessing BIOS depend on the manufacturer, but it is usually as simple as pressing either Del, F12, F10, or F2 as soon as your computer powers up.
If you’re using a Mac, you select the boot device by pressing and holding down the Option key immediately after pressing the power button to start your Mac.
The exact layout of your BIOS will vary by manufacturer, and you may have to navigate using the keyboard rather than with a mouse. There will be a section called “BOOT”, with a list of devices you can boot from and the order in which they should be tried. Select the top option and set it to USB, then save and exit.
Your machine will reboot one more time and should bring you straight into Tails OS.
Wasn’t that easy?
Welcome To Tails. Who Are You?
Every time you boot into Tails, you’ll need to set everything up from scratch. The whole selling point of the OS is that it will remember nothing about you, your system, or your communications.
If you drop a used Tails USB stick on the street and it’s immediately picked up by the feds, the mafia, or your mom, it will contain absolutely zero useful information they can use against you. Tails becomes a clean slate every time you shut down the system.
For infosec purposes, this is ideal, but Tails is not in any way suitable as a daily operating system if you just want to get on with your life.
For me, booting from a three-year-old GPD P2-Max with 16 GB RAM took longer than a minute to get to the welcome screen and a further 20 seconds before I was able to use the desktop. For reference, my usual OS would be up and running in under 10 seconds. But once inside, I found Tails to be quick and intuitive to use.
For Windows users, Tails is an unfamiliar place. The task bar runs along the top of the screen while the Start button equivalent is a very straightforward drop-down located in the corner.
In it, you’ll find applications grouped into categories. These include the excellent GIMP graphics package, the full LibreOffice office suite, audio recorders and editors, an email client, and for some reason a Bitcoin wallet app.
It’s probably a fair guess that you’re not planning to use Tails in order to work on office spreadsheets or create a new hit album (complete with album art). What you want is to get on the internet.
Click on Applications in the top left corner of the screen, hover over System Tools, then select Settings and you will be able to input your credentials for your WiFi network of choice.
Take A Tor Of The Internet
In the Internet section of the Applications menu, you’re unlikely to find any browsers you’re used to. There’s no Edge, Chrome, or even Firefox. Instead, Tails comes with the Tor browser.
Tor is an abbreviation of “The Onion Router”, and it is called this because of the multiple layers of encryption used as it passes through The Onion Network.
Yes, The Onion Network sounds silly, but it has nothing to do with satirical news websites. It’s actually one of the most effective ways of staying anonymous online.
The technology behind Tor and the Tor browser is fairly complicated. This is the basic version, taken from another article on our blog:
The Tor network is made up of thousands of global relays. When you use Tor browser over the Tor network, your data is encrypted and the data you send and receive is dispatched through a path of randomly generated relays. Each relay decrypts a layer of encryption to reveal the next relay to pass the remaining data to. The final relay, or the exit node, decrypts the innermost layer of your data and sends the original data to its final destination. In addition, none of the relays log their connections, so there is no way for a relay to see the traffic they handle and your actual IP address is never revealed.
Tor will give you the option of connecting directly to The Onion Network or setting up a bridge. A bridge disguises your connection from anyone else on your network and ensures compatibility in countries where Tor is blocked. As I’m the only person on my network and Tor is not blocked in my country, I chose the default option. Depending on your threat perception and country of residence, you may choose differently.
You may expect that because you’re connecting through Tor, the connection would be unusable — and granted, it’s not nearly as quick as when connecting directly or through a VPN (such as PIA). But it’s far from useless. My exit node was located in Belgium, and after typing a query into the search bar, the browser took around 5 seconds to return a page of results. Bringing up the front page of YouTube took around 12 seconds, and initial buffering for a 1440p music video of Adele’s “Easy On Me” took a further 14 seconds. Around a minute into the video, buffering and stuttering made the video unwatchable, and later attempts to watch the video at a lower resolution failed completely.
A speed test showed I was achieving download speeds of 2.9 Mbps, compared to my normal 27.1 Mbps unprotected and 26.2 Mbps using PIA’s VPN.
Which brings me back to the fact that Tor is run by a volunteer network using their own equipment and often their own domestic connections. Sure, you can stream all of the music videos you want (at least, you can try). And you can connect to the Spotify web client and have your “conspiracy playlist” banging in the background as you scribble furious messages about the deep state. But it’s bad manners to do so.
Other people rely on Tor for their digital security, so when you use too much bandwidth, you’re depriving them of a usable connection. If you visit the Tor download page, you will see a polite request: “Please do not torrent over Tor.” There is also a notification that, “Tor Browser will block browser plugins such as Flash, RealPlayer, QuickTime, and others.”
I had no problem logging into our WordPress backend or the PIA Slack channel, although the latter took a long time to load.
It’s important to note that if you are genuinely concerned about your privacy and security, you should avoid logging into any of your normal accounts when using Tails.
The final thing I did before powering down Tails and returning to my normal OS was to run a fingerprinting check using the Electronic Frontier Foundation’s Cover Your Tracks tool.
Devices have fingerprints, too. Like the loops and swirls on your pinky finger, individual configuration options can give away the identity of machines accessing a particular website. This information can be collated by tracking companies, sold to advertisers, or passed to governments.
Among the metrics assessed for fingerprinting are: System fonts you have installed, your device’s timezone, screen resolution, page rendering speed, and more. It might not seem like much, but every morsel of information can help narrow down a search.
After a few seconds of testing, Cover Your Tracks told me that in the past 45 days, only 1 in 116,544 browsers have had the same fingerprint as mine. It would take a resourceful adversary to be able to use that information, but then — as far as I know — no-one is actively hunting for me.
The Persistence Problem — Should You Let Tails Store Your Information?
Tails is designed so that it remembers nothing about its users or their activity. Sometimes though, you just want to be able to use a machine with a fair amount of anonymity and would prefer that your downloaded files weren’t nuked into oblivion every time you power down. And that’s understandable. Spending hours or days laboriously cataloging leaked secrets only to have the document disappear before you have the chance to upload it to a pastebin can be frustrating.
Tails allows you to configure a persistent volume which will survive between reboots — meaning that your documents are safe and sound.
To set up a persistent volume, mouseover Tails on the Applications menu and select Configure persistent volume.
Like an old RPG cut-scene, a wizard will appear with a warning that there are consequences for setting up persistence, and it will prompt you to create a passphrase. You can get away with a single character passphrase if you feel like taking the risk, but neither I nor the wizard would advise it. It’s called the “Persistence Wizard”, and unironically, it can’t be closed once opened.
In addition to personal data, you can configure the persistent volume to save your system preferences, bookmarks, printers, config files, SSH keys, and network connections.
It’s a tempting offer, and depending on your threat model, you may be inclined to take it — after all, what are the odds of your USB stick falling into the hands of someone with the ability to crack your super-strong passphrase?
But if your adversaries do manage to get access to your stick, you’ll be in the same situation as you were at the beginning of this article. They’ll have access to everything you chose to store including — and I can’t overstate how important this is — the names of all the WiFi networks you have connected to.
Tails Is Secure, But…
All software has bugs, flaws, and weaknesses the developers don’t see until it’s too late. This is an unfortunate fact of life, and if you’re a regular user of Microsoft products, you will already be used to Patch Tuesday, the regular monthly event when the company rolls out a carpet of fixes to plug security holes in the OS.
To give you some context, Microsoft’s November 2021 update came with patches for a total of 55 security flaws, including 6 zero-day exploits, 2 of which were being actively exploited.
I feel confident in saying that Tails OS is more secure than any Microsoft product, but that doesn’t mean it’s immune to security problems.
The previous version of Tails (3.13.2) contained vulnerabilities that made it vulnerable to processor hacks, man-in-the-middle attacks, timing attacks, and others. These vulnerabilities were not easy to exploit, but they existed nonetheless, and they are now patched in Tails 4.24. It is an absolute certainty that more vulnerabilities will emerge over time.
And while Tails is designed to hide your identity, your own actions can give you away. Sharing files that contain metadata (embedded information that gives extra information) is not advisable, and the developers strongly recommend not using Tails for more than one purpose, along with rebooting between uses.
Tor, while a fantastic tool, “may not protect you from determined, skilled attackers” who are targeting you specifically.
The Tail End
Tails is built for two kinds of users — mildly paranoid users and fully paranoid users. If someone is out to get you, or you’re planning to do something that will make someone come looking for you, I can’t recommend Tails enough. For security and privacy, Tails beats all other operating systems because it keeps your secrets safe by forgetting about them instantly.
But if you’re looking for an easy way to access geo-restricted YouTube videos or other content, Tails is not the tool you’re looking for. You should instead cough up a couple of dollars a month for a VPN subscription. Using Tails for online media consumption will be a frustrating experience and is not what the OS was designed for.
In general, using the internet is not a fantastic experience with Tails, but it’s not terrible either. And concerns about streaming HD video pale into insignificance if your life or liberty are at stake.
You can download Tails from the official site. And don’t forget to verify the download!
Header image from tails.boum.org