|
|
Subscribe / Log in / New account

Distributions

Tails reaches 1.0

By Nathan Willis
April 30, 2014

Version 1.0 of the privacy-centric Tails distribution was released on April 29. As the release announcement notes, the 1.0 release is an important milestone, but in the case of Tails, this milestone primarily designates the distribution's stability and increased adoption, rather than a significant new set of features (although the project has unveiled a nice new logo with the release, too). Tails 1.0 continues to offer the lean, anonymous, and secure Internet-access experience of previous releases (we last took a look at the project in 2011), while fixing a fresh set of security vulnerabilities.

The 1.0 release is based on Debian "squeeze" with a select set of package updates backported from Debian unstable—including newer releases of the kernel and Tor. It is available for download via HTTP and BitTorrent.

Tails started out under the name "Amnesia" because, in addition to providing security-hardened applications, one of its key goals was to provide an environment that does not leave any persistent traces of activity between one session and the next. The current name still reflects this concern: "Tails" is an acronym for "The amnesic incognito live system."

The distribution is designed to be run from removable media—preferably read-only media—which is a common feature among "live" distributions. But Tails goes further than most; in addition to not using persistent storage on the boot media (in the case of read-write media like USB stick or flash memory cards), Tails is configured to not use any swap space on the hard disks of the computer it is running on, and it erases the contents of the RAM it used when it shuts down.

All Internet applications included in Tails come pre-configured to use Tor, which helps provide anonymity and deters eavesdropping. In addition, Tails comes with a Tor configuration that isolates applications to different Tor circuits, which guards against attackers correlating the applications as having originated from the same system. The Tor project calls this option stream isolation; the gist is that a different Tor circuit is built for each application, with different entry and exit nodes, making it significantly harder for any attacker to observe multiple circuits and discover that they come from the same computer. The Tails documentation notes that it hopes to offer even finer-grained isolation in future releases, such as isolating each browser tab from the others.

[Tails, showing virtual keyboard and Pidgin]

Speaking of the browser, Tails ships a version of Iceweasel (Debian's rebranding of Firefox), with the patches from the Tor Browser Bundle applied and several security and anonymity extensions installed. In version 1.0, the browser is Iceweasel 24.5. All of the usual caveats about the limitations of Tor and unintentionally sacrificing one's anonymity (through logging in to online accounts or installing unsafe browser add-ons) still apply, of course, but the Tails documentation does a good job of explaining them. The other Internet applications provided include Claws Mail (with GnuPG support), Pidgin (with off-the-record messaging support), the collaborative text editor Gobby, and the I2P overlay-network tool.

In addition, there is a large collection of encryption and security utilities included, from common offerings like the KeePassX password manager to less-well-known programs like Shamir's Secret Sharing Scheme (SSSS). A plaintext "secret" can be fed into SSSS to be split into several encrypted chunks that can be distributed separately; the secret can then be unlocked only by re-combining the chunks. Finally, a set of common desktop applications is included (such as GIMP and Apache OpenOffice), so that Tails users can actually work with real documents.

In a nice move, the installed applications also include tools necessary for scanning and ripping audio CDs, not just file editors. Beyond the actual selection of applications, Tails also offers several nice touches that demonstrate the project's attention to detail. For example, it changes the MAC addresses reported for the system's network adapters, to guard against that information being used to identify the physical computer used. One of the functional changes in the 1.0 release is that Tails now does this MAC disguising by default. There is also a boot-time option to further obscure the nature of the system with a Windows camouflage mode that visually mimics a Windows XP desktop, and an onscreen virtual keyboard is provided to protect against hardware keylogging attacks.

[Tails boot-time options]

Despite the fact that Tails is geared toward usage as a live distribution, the distribution can be configured to use persistent storage, and can be customized with additional applications. Clearly there is value to be found in these options, since the anonymity and security features do not strictly require amnesiac behavior. But a Tails image installed on flash storage can also be upgraded in place when there is a new release, without using persistent storage.

Tails gained a lot of press coverage in the past year when NSA whistleblower Edward Snowden was reported to have used the distribution—and, evidently, to have used it to successfully remain beyond the grasp of those people not fond of his whistleblowing. In part, the 1.0 release is an acknowledgment that Tails has reached prime time, even though it has been a reliable option for several years.

The 1.0 release announcement notes that Tails is by no means finished with its development work. An update is scheduled for June that will be built on Debian "wheezy" (thus refreshing a lot of packages). The project is also hard at work on some other initiatives, such as a way to sanitize the metadata stored in files saved by Tails applications, using the Metadata anonymisation toolkit. Further out, the project is planning to eventually release its own same-day security updates and to sandbox critical applications. Creating a secure and anonymous operating system, it seems, is work that will never be done.

Comments (none posted)

Brief items

Distribution quotes of the week

The buildds will be very, very angry with us for a couple of days due to the above autosync. Have some patience. Upload your merges, and don't babysit the queues. You'll thank me for it. You might even want to go out for a walk, get some fresh air, feed a duck, that sort of thing.
-- Adam Conrad (Utopic Unicorn opens for development)

Yes, the media has been reduced to using scary looking penguins to dissuade people from using Linux.
-- Jim Lynch

Comments (none posted)

Debian 7.5 released

The fifth point release for Debian 7 "wheezy" has been released. "This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available."

Full Story (comments: none)

Tails 1.0 released

Version 1.0 of the Tails ("the amnesic incognito live system") distribution has been released. Tails is a Debian-based distribution intended for anonymous access to the net. The 1.0 release evidently brings few new features; the point, instead, is to indicate that Tails has reached a new level of stability.

Comments (2 posted)

Distribution News

Debian GNU/Linux

Debian adopts a code of conduct

Debian's general resolution on the adoption of a code of conduct has passed; project members selected the option that states that the code can only be modified via another general resolution. See this page for details.

Full Story (comments: none)

Debian drops the SPARC architecture

The Debian release team has announced that the SPARC port can no longer be found in the testing distribution. "The main reasons were lack of porter commitments, problems with the toolchain and continued stability issues with our machines. The fate of SPARC in unstable has not been decided yet. It might get removed unless people commit to working on it." See this bug entry for discussion on the future of this port.

Full Story (comments: 11)

Debian Source Requirements

Manuel A. Fernandez Montecelo recently kicked off a discussion on Debian's source code requirements. Scott Kitterman presents a brief response from the FTP Team. "Recently there have been a number of questions about source requirements for the Debian archive. The FTP master view of this are based on both item 1 of the social contract (Debian will remain 100% free) and item 2 of the DFSG (The program must include source code ...). We consider source packages to be part of the Debian system and as such all files in source packages must come with their source as required by the DFSG (and be distributable under a free license)."

Full Story (comments: 16)

Newsletters and articles of interest

Distribution newsletters

Comments (none posted)

Fedora Present and Future: Part IV (Fedora Magazine)

Part IV of Matthew Miller's series on Fedora.next looks at the Base Design. "The plan is to have Base to be self hosting, so that it can build itself, and be self-contained and self-sustaining. If you tried to do that right now, you’d end up with about 1,800 packages, which sounds rather insane — and it is! So, the build requirement cleanup, after the first review that Harold Hoyer and Phil [Knirsch] did, would get us down to maybe a couple of hundred packages. Without self-hosting, we’re already down to 127 packages."

Comments (none posted)

Page editor: Rebecca Sobol
Next page: Development>>


Copyright © 2014, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds