Looking at Tails

2016-12-28

I’ve been using Live Image distributions of Linux for well over a decade now. Sometimes to do tech support, sometimes just to clean up old systems and get them running again, and once in a while to disinfect a machine toasted by cryptoware. It’s very useful to be able to boot up a fully functional operating system with tools that allow a professional to get things done.

Enter Tails. Tails has a different focus and a different goal than other live distributions. Tails is an attempt to create a secure, private, and (wherever possible) anonymous operating system, using modern processes on Linux.

Setting up a tails USB wasn’t the easiest thing in the world, and would probably put off anyone without experience in this sort of thing. The easiest method is to bootstrap off a pre-existing tails installation. If you don’t have that then the install doc, which is very nicely formatted, needs you to jump through several hoops in order to get set up.

USB disks keep getting bigger and cheaper. I picked up a pair of 64gB keys and dedicated for using Tails on. The Tails website recommends using Bittorrent for downloading the ISO, since all Bittorrent downloads require a hash validation for download verification, you can also download through HTTPS and verify the PGP signature yourself, but that’s more complicated if you’re unfamiliar with PGP. I used Transmission on my Linux desktop to grab my copy.

Here’s where I ran into my first problem. I was shocked to discover that at the time of this writing Tails does not support UEFI. I have spent time and effort enabling UEFI and these days I’m not super comfortable disabling it (it’s also just annoying to have to do so). Don’t get me wrong, I don’t see this as a major weakness, but it was quite surprising that such a security focused system would overlook so useful a integrity verification tool. I did some research and it seems that there is some effort to enable support for it, but nothing I found in a brief search indicated that support would be imminent.

Once you get past some of the early problems of getting the USB built, actually using Tails is pretty damn simple. Like most “Live” USB distributions tails boots up simply on a large variety of hardware (I was able to boot it on my work Mac) without additional configuration. Once booted you can configure any leftover space on your USB drive for additional encrypted persistent storage. A handy way to store documents offline.

Tails is designed to help you protect your privacy online. It automatically connects to the Tor network and routes all network traffic over Tor. The Tor browser is configured to give you helpful feedback on your browsing session if it notices you are doing something that might compromise your privacy (it does all this locally, it’s not doing remote analysis). At the end of your browsing session, when you shut Tails down it erases everything that was not explicitly saved to persistent storage (and then secure erases even the system memory). All evidence of your browsing session is wiped and when you boot up, you start fresh.

Tails is a solid project with good people working on it. It’s not perfect, but it’s far ahead of most other options. If you believe in their goals then you can’t find a better option for protecting your privacy. It’s not the sort of thing I’m likely to use on a daily basis, but its now a tool I carry with me almost all the time.

tailstor

All the best!

Anti-censorship brought to you by Google and Signal