Protecting privacy with Tails

Tails is an unusual Linux distribution developed by the Tor Project; it is designed to help users work around internet censorship and avoid surveillance. It is a "portable" operating system that is meant to be run from a USB stick or ISO image and to leave no trace on the computer it was run on. Tails routes connections to the internet over the Tor network and includes a selection of applications and tools suited to working with sensitive documents, communicating securely, and preserving users' anonymity. The tradeoff, of course, is that Tails is less convenient and requires users to learn a new set of tools to avoid compromising their own security and anonymity. Tails 7.1 was released in October, and it seemed like as good a time as any to take it for a spin.

About Tails

In July, I attended DebConf25; one of the talks that I covered was on the Tor Project's mission and the work that it does. Tails team lead intrigeri touched on the history of Tails and the types of users who rely on it. The distribution was first announced in 2009, under the name amnesia. The Privacy Guides site has a good introductory article on Tails that identifies some of the groups who might benefit from the project, how to use it to protect anonymity, and when the distribution's features may not be sufficient to provide safety.

The staff here at LWN.net really appreciate the subscribers who make our work possible. Is there a chance we could interest you in becoming one of them?

Journalists, particularly those trying to evade state surveillance, are just one of the groups that the Tails project is trying to serve. LWN does not, of course, generally need to concern itself with things like state surveillance or protecting the anonymity of sources: we glean most of the information for our articles from public discussions, not clandestine meetings with code-named sources in parking garages. Even so, I was curious about the distribution and what it would be like to use for real work.

Running Tails

Tails 7.1 is based on Debian 13.1 ("trixie"); it includes the Linux 6.12.48 kernel, GNOME 48.3, Tor Browser 14.5.8, Thunderbird 140, Tor 0.4.8.19, as well as many other applications suited for desktop productivity work.

The project's installation page includes detailed instructions for creating a Tails disk using Linux, macOS, and Windows. Tails is not actually installed, as such: instead, it is meant to be run off of a USB thumb drive or a CD/DVD on any compatible PC or laptop that the user owns or can borrow.

Currently, Tails is only available for x86_64 systems. This is a bit unfortunate; when the project began, Apple hardware was Intel-based and prospective Tails users could (for example) make use of company-issued Macs to run Tails if they wanted to do some computing without saving personal data on the system. Now, of course, Apple hardware is Arm-based, and users no longer have the option of booting Tails on newer (since 2020) Macs. The project has looked into porting Tails to Arm platforms, but such a port does not seem imminent given the complexity of targeting Arm devices.

The system requirements for Tails are modest: users need a target PC with at least 3GB of RAM and an 8GB or larger USB stick. Users will probably want a larger USB stick, though, if they want to carry much data in persistent storage. The project recommends avoiding gaming PCs with NVIDIA and AMD graphics cards for compatibility reasons, but that is if "you, or your organization, are considering acquiring a laptop dedicated to running Tails". Many users, of course, won't have that luxury and will need to pop the Tails stick into the nearest available PC regardless of its graphics card and hope for the best. I did try the distribution on a gaming laptop from 2022 with an NVIDIA card, and did not run into any problems.

Once a user boots into Tails the first thing they will encounter is the "Welcome to Tails" utility; it runs on every startup, not just the first time Tails is booted. It allows users to customize basic settings, such as language, keyboard layout, whether to enable networking, and more.

The Welcome utility is also used to create or enable persistent storage which is used for documents, images, or whatever one might need to save between sessions to work on as well as network settings, browser bookmarks, SSH keys, and so forth. Users can also set an administrative password for Tails, if desired, but there is no option to create a regular user. Instead, Tails creates a user named "amnesia" by default.

If there is extra space on the USB stick, or if a user has an external USB drive or similar, the Welcome utility can help to create an encrypted LUKS partition to preserve settings and data. The feature, like the rest of Tails, is clearly designed to be usable by non-technical users. It does not, for example, ask users to decide the type of partition to use, or how much disk space to allocate to the persistent storage; it reserves 8.6GB for the Tails install and uses the remainder of the space for storage.

While users can create persistent storage from the Welcome utility, there is another utility for configuring what is saved to persistent storage. For example, users might want to set it up to save the monitor configuration rather than having to tweak the resolution or multiple-monitor setup each time Tails is started. Or users might prefer not to save those settings if Tails will be used on different hardware each time. The documentation for persistent storage is worth reading.

Once the user has finished making their selections in the Welcome utility, clicking the "Start Tails" button will start the desktop session. This starts the GNOME desktop and opens a second utility to connect to the Tor network. The network connection utility can connect directly to the Tor network or through a bridge relay to help hide the fact that the computer is connecting to the Tor network. It has a set of default bridges, or the user can supply their own.

Software

Tails comes with a full suite of software for typical desktop use: it include the LibreOffice suite, GIMP, Inkscape, Thunderbird, Audacity, Brasero, and so forth. Those applications should need little introduction, .

As a privacy-focused distribution, it also includes a handful of privacy and encryption tools such as OnionShare, KeePassXC, Metadata Cleaner, and (of course) the Tor Browser. Tails also has an unsafe browser for making connections directly, rather than over the Tor network. It is primarily for connecting to "captive portals", such as a web page used to log into Wi-Fi on flights or in cafes that offer internet access. Users cannot reach captive portals via the Tor network, so there needs to be a way to gain internet access to be able to establish a Tor connection. It uses an adapted version of the red theme for Firefox to ensure that users are aware they're in unsafe mode.

The Tor Browser is based on Firefox's extended support release (ESR) branches, but is heavily modified to enhance privacy and security. The project has a design document that explains the philosophy behind the browser, the adversary model it is meant to protect against, and some of the security measures. Unfortunately, that document is out of date; it was last updated in 2018. However, it is worth reading to understand some of the choices behind the browser. The Tails project has helpful documentation on using Tor Browser as well.

OnionShare is used to send and receive files over the Tor network, and can also be used to host an onion site or for anonymous chat. Each of the services work by starting a service on the Tor network and providing an onion address, which can be shared (along with a key) to provide access. The application is also available for other Linux distributions, macOS, Windows, as well as iOS and Android (via Google or F-Droid). It would be a convenient way for Tails users to communicate and collaborate with users on other platforms.

Metadata Cleaner is a utility to remove information from standard document types and images that might be used to identify people. For example, it can strip metadata from JPEGs or PDFs. It uses the mat2 library to actually strip metadata. Unfortunately, the Metadata Cleaner project is in need of a new maintainer; it has been unmaintained since 2024, and no one has stepped forward yet to maintain it in the future.

Most LWN users are probably already familiar with KeePassXC; it is a fairly popular password manager for Linux. The version included with Tails, though, is the default keepassxc package from trixie that has many features (such as web browser integration) disabled. LWN covered the decision to turn those features off in 2024. This means, for example, that users will not be able to automatically fill in forms or passwords via KeePassXC in the browser. However, that sort of convenience feature may be best left out of a distribution focused on privacy. If, for example, a user shares the same password database between their regular desktop and Tails, it would be best if using a username and password requires an additional step to avoid accidentally exposing their identity.

Users can install additional software from Debian's repositories using Synaptic or apt. Users have a choice of installing software only for the current Tails session, or saving software to persistent storage where it will be installed each time Tails is restarted. The base installation is not modified when additional software is added, and users can choose to start their Tails session without any additional software. Tails will also upgrade these packages, if needed, once it has a network connection.

Upgrading Tails

Tails does not update the software in the base distribution on a package-by-package basis, however. Tails checks to see if there are upgrades available after connecting to the Tor network; if updates are available, it will start a utility that prompts the user to upgrade. If the user accepts, the upgrade utility will download the new image and write it to the USB stick. Once that is done, it prompts the user to reboot to use the new image. Obviously this method is not available if one is running Tails from a CD or DVD.

Another option is to use the Tails Cloner utility. This might be necessary if, for example, a USB stick does not have enough free space for the upgrade or automatic upgrade fails for some reason. USB sticks, especially cheap ones, can be prone to errors and failure. Another reason that cloning might be preferable is if users do not have reliable or speedy access to the internet: one instance of Tails could be used to upgrade multiple USB sticks.

Tails Cloner is also good for keeping backups of one's Tails installation; one of the first things I did after setting up Tails to my liking was to make a clone of the setup to another USB stick for safekeeping.

Tails development

The Tails project has a GitLab instance that hosts all of the repositories used for software developed especially for the distribution. Tails welcomes contributors; the project has contribution documentation to help interested folks get started. There is also documentation for building custom images that would be of interest to would-be contributors as well as folks who just want to tinker with their own version of Tails.

The project's release schedule is aligned with the Tor Browser schedule. According to the project documentation, this means that a new version of Tails is published roughly every four weeks, when a new version of Firefox (and thus Tor Browser) is released. There may be additional releases outside of that schedule in the event of a critical security vulnerability. According to the calendar, the 7.2 release of Tails is expected on November 13, and 7.3 is expected on December 11.

Final thoughts

Using Tails is definitely more cumbersome than using a standard Linux desktop distribution like Debian or Fedora. It is not, however, a terrible experience by any means. I've used locked-down corporate laptops that were far more frustrating to use than Tails; in no small part this is because Tails is designed to protect the user (rather than a corporate master) and allow them to customize the environment as needed but with some guardrails built in.

The project's documentation is a little terse but seems fairly complete, clear, and current for the most part. There are some areas that could do with a refresh, such as the starting from Windows section that explains how to boot to Tails from Windows 8 or 10, but does not mention 11. The Mac section is also in need of an update, given that modern Apple hardware is incompatible with Tails. Overall, though, it's a good overview for anyone looking to use the distribution and its tools.

Tails seems to be a practical solution for the use cases that it designed to address; I say "seems to be" because I do not consider myself enough of a privacy or security expert to declare it suitable with authority.

There is at least one high-profile case of a Tails user being identified through a zero-day vulnerability in software included in the distribution. That was, however, many years ago and it was the result of an extraordinary effort. If a person is being specifically targeted by state actors with extensive resources, Tails may not be enough to keep them safe.

Tails might be worth checking out even for users who are not dealing with persistent security threats or evading censorship. Test-driving Tails prompted me to try out some applications, such as OnionShare, that I intend to keep around on my regular Linux desktop for future use. I've decided to keep an updated Tails USB stick handy just in case I need or want to (for example) check email or browse the web on a computer that is not my own. It is good to know that Tails is an option in the event that I would ever need the kind of protection that it offers, and that it is there for users who need it now.

---

to post comments