Tails 1.0: A bootable Linux distro that protects your privacy

Surf anonymously without requiring a degree in computer security.

These days, it seems as though anyone who uses the Internet is a tasty morsel for insatiable data thieves. Marketers, governments, criminals and random snoops won't be satisfied until they can snarf whatever information they want about us at any time.

If you want to dodge ad trackers, have sensitive sources to protect or you just want to conduct your normal online activities without being spied on, then The Amnesiac Incognito Live System (better known as Tails) could help.

Tails, which just came out in its 1.0 version, is a live 32-bit Debian Linux-based operating system that runs from a USB flash drive, CD/DVD or SD card. (A live system is a complete, bootable OS on removable media.)

Tails' default desktop is the popular GNOME Linux desktop.

Tails runs like any other live Linux OS -- with an added safety feature: It erases your session from your computer's memory at shutdown so there are no leftover traces. It runs on most Windows, Linux and Mac computers, with some exceptions (see below).

Sometimes a 1.0 software release is a major milestone. In this case, though, there are no dramatic changes from previous releases; Tails development has been steady -- it has been releasing new (and stable) versions every 12 weeks.

[Want more more tips on how to keep your info secure? Check out "The paranoid's survival guide, part 1: How to protect your personal data."]

System requirements

Tails is just under a gigabyte in size, needs at least 1GB RAM and requires a computer with an x86 processor. That describes pretty much any mainstream PC with an Intel or AMD CPU. You need only download and copy it to a USB drive, CD/DVD or SD card.

A CD/DVD is the most secure medium to use because it is read-only; on the other hand, a USB drive or SD card is a lot faster, and you can set up an encrypted persistent storage volume to save settings and documents. Be sure to verify your download with the signing key; just follow the instructions on the download page.

If you want to try Tails out, though, you need to be aware of some possible hurdles.

To start with, Windows 8.x presents special problems for booting removable media. To meet Microsoft's Windows 8 certification requirement, hardware vendors must ship Windows 8 PCs with Secure Boot enabled. This effectively locks out all other operating systems and any boot media not approved by the vendor. Every computer vendor handles this differently, with different types of BIOS and different settings, so you'll have to consult your computer's documentation to see how to do it on your computer -- or if you even can.

In addition, it takes a bit of fiddling to start Tails on a Mac system. The website's Known Issues page has links to instructions for running Tails on Macs. It also lists some specific systems and USB drives that don't work with Tails. And, of course, it doesn't make much sense to run Tails on a virtual machine because the host system will give you away.

(If you can't get Tails to boot on your Windows or Mac PC, many of the security applications included in Tails can be installed individually on Windows and OS X systems.)

Once you've got it going, you'll find that Tails' default desktop is the popular GNOME Linux desktop. If you (or your users) aren't comfortable with GNOME, Tails can masquerade as the more familiar Windows XP.

Two types of security

Online security has always been difficult to achieve because the Internet is built on open protocols and wasn't designed for anonymity or encryption. It's easy for anyone with access to the routers, servers and wires that handle Internet traffic to track a user's activities and eavesdrop. Ordinary system and network administration tools, such as packet sniffers and network debuggers, can see and record your location, the sites you visit, the contents of emails, instant messaging conversations and file transfers, and capture cleartext passwords.

Tails offers two types of protection: anonymity and encryption.

Anonymity is the more difficult of the two. If you want anonymity, you need to foil traffic analysis -- analysis of the trackable metadata that Internet routers require. Tails does this by routing your Internet travels through a service called Tor (which stands for The Onion Router).

Tor, which was invented by the U.S. Naval Research Laboratory for protecting government communications, is a distributed, anonymous global network of routers that steers your Internet workings through a twisty chain of encrypted TCP connections. Each link in the chain knows only about the links that it connects to: the previous links and next hops. No single relay knows your whole data path. Tor also gets around any Internet fences or roadblocks. It is available for anyone to use and is maintained by a global community of volunteers.

Tor network diagram courtesy Wikimedia Commons, CCA 3.0

As cool as this is, it has some weaknesses. It's slower than unprotected Web surfing, which is an inevitable consequence of taking a devious path to your online destinations. This is mitigated to a degree because Tor keeps you on the same route for 10 minutes, and then randomizes you to a new one.

In addition, Tor might not foil traffic analysis by any entity, such as a government, that has the resources to capture and analyze traffic globally. And keep in mind that, while Tor is beneficial for everyday Web surfing and online shopping because it foils traffic analysis and user profiling, as soon as you log into anything, you've given up your identity to whatever degree the site protects, or shares, user data.

But the biggest technical weakness in Tor is exit nodes. Tails has a warnings page with a diagram showing how this works. In a nutshell, eventually your packets have to leave the Tor network on the last hop to your destination, and anyone running an exit node can easily snoop on your session. In fact, a researcher did this back in 2007 and collected an impressive amount of sensitive information.

There is a cure for this, and that is to encrypt your data.

Encryption

Tails addresses the problem of encryption by bundling a nice set of tools. Tails' default browser is Iceweasel, a rebranded version of Firefox that has been configured to use Tor, Adblock Plus and HTTPS Everywhere, an application that forces HTTPS protocol on all websites that support it. Tails also includes the KeePassX password manager and the excellent Linux Unified Key Setup (LUKS) utility for encrypting hard disks and USB drives.

You also get Nautilus Wipe, which securely deletes files; Open PGP, which signs and encrypts documents and emails; and Off-the-Record Messaging, which encrypts instant messaging sessions. The Claws Mail email client and Pidgin IM chat client both come with encryption already configured; Pidgin automatically creates a new fake user every time you start Tails.

Other applications

Tails includes a number of additional useful applications, including a virtual keyboard for dodging hardware keyloggers, and additional advertiser protection via Adblock Plus and NoScript. You also get a good set of productivity software: the OpenOffice productivity suite; graphics, audio and video software; and some nice accessibility tools, such as Orca and Dasher.

A significant omission is Adobe Flash, which Tails doesn't support because it is considered a giant privacy risk. So you won't be able to watch Flash videos on YouTube, though you can watch HTML5 movies. Unfortunately, this also means that other sites that are Flash-heavy will be unusable on Tails.

You can install new Linux applications (and Tails updates) if you run Tails from a USB drive or SD card by using the included Synaptic software manager.

You'll need the administrator password to install or remove software, but the operating system usually disables the password by default as a security measure, to reduce the chance of malware making changes on your system. So you'll have to enable it from the More Options screen when you first start up Tails.

Conclusions

Privacy on the Internet is very difficult to accomplish. The Tails advantage is putting it all together in a polished, easy-to-use package. The Tails About page lists a number of similar projects, though in my opinion, Tails is the best maintained and most dependable.

Your Internetworking will, by necessity, be restricted. Not by Tails -- as the main technical barrier Tails presents is the inability to surf Flash-heavy websites along with somewhat slower speeds. But you should get acceptable performance with ordinary Web surfing, and with streaming music and movies.

However, meaningful security takes work. Your own online behavior is important as well, because using Tails isn't proof against user foolishness.

Many users might have a bit of a learning curve with Tails, especially if they're not familiar with the software included with it. You'll have to take extra steps to set up good email and file encryption, and anyone you exchange emails or encrypted files with will also have to work with some special configurations.

Fortunately, the Tails documentation is quite good; you can read it online, and the local copy that comes with Tails is conveniently bookmarked in Iceweasel. And if you're concerned about privacy, it will be worth it.

Carla Schroder has been system and network administrating on mixed Linux, Windows, and Mac networks since 386 processors roamed the Earth, has written three splendid computer books (Linux Cookbook, Linux Networking Cookbook, Book of Audacity), and hundreds of computer how-to articles for various online publications.

This article, Tails 1.0: A bootable Linux distro that protects your privacy, was originally published at Computerworld.com.

Read more about linux and unix in Computerworld's Linux and Unix Topic Center.

Tags Linux and Unixsecurityprivacy

More about Adobe SystemsAMDDebianIntelLinuxMacsMicrosoftOpenOfficePGPTopic

Comments

Comments are now closed

Brandis denies ‘overreach’ on national security laws

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]