Tails – The Secret Agent’s IT Toolkit

TAILS-LOGO-NEWAre you a spy? An investigative journalist? A political dissident? A reforming activist? Someone living under a repressive regime where saying, writing, or surfing the wrong thing is likely to land you in jail (think China, Russia, Saudi Arabia, even at times the UK or the USA)? Or just someone who would really rather not have the government, Google, or the cyber-criminal fraternity rifling through your private communications? Then you need TAILS.

TAILS is The Amnesic Incognito Live System; you can’t get much more anonymous than an incognito amnesiac. On one flash drive, it contains everything you need to surf the Web safely, send and receive encrypted e-mail, chat securely, and write those subversive documents, afterwards leaving no trace on the computer you used. It also comes fully endorsed by investigative reporters Laura Poitras and Glenn Greenwald, who have just won Polk Awards and a Pulitzer Prize for their reporting on the NSA/GCHQ scandal [Laura Poitras and Glenn Greenwald], and by their NSA source: Edward Snowden, security whistleblower extraordinaire. And astonishingly, it’s free!

Tails – Getting Started

Interested? Find yourself an empty USB flash drive; 8 GB is good, but you can manage with 4. Whatever its size, you are going to be using all of it, so you probably don’t need a huge capacity. You will also need a blank CD or DVD. Rewritable is best, because Tails is updated regularly. First navigate to the Tails website at https://tails.boum.org/, go to the download page, and get the ISO image file, either as a direct download or a torrent. If you’re paranoid, get the signature file as well so you can verify the ISO file hash, using e.g. HashTab.

Now burn the ISO to disc using a burner like ImgBurn or CDBurnerXP, or Windows’ own, and reboot your computer from the CD/DVD in the drive. If the BIOS priority is set to boot the hard disk first, not the CD drive, you will need to press Esc or one of the function keys to bring up the BIOS menu for selecting the boot medium – see your PC manual. Choose your CD drive, then choose Tails Live from the menu that comes up, and now a basic Linux Debian system will start to boot. You’ll eventually be presented with a dialog box offering “More options” – click “Yes” to tick, then “Forward”. Now you’re in the “Welcome to Tails” screen which you can default, but I always like to select “Windows XP camouflage” – useful if you’re in an internet café in Pakistan – it makes everything feel more secret somehow. (The name’s Ward. James Ward. Yes, I know: pathetic).


Now you get either a blue screen (really, not a BSOD), or a very good look-alike of the cheery Windows XP desktop we all know and love. (I guess the TAILS team will eventually need to change this). And a menu with everything you need, although you may not recognize it, because the browser comes as IceWeasel (which is secure Firefox), and the mail client as Claws Mail (which is secure, simple and intuitive; you’ll get the hang of it just by playing with it). There’s other stuff including Open Office and the Pidgin Internet Messenger chat application (which I don’t know much about as I never chat to anyone – I’m an unsocial media user). IceWeasel, Claws Mail, and Pidgin can be found cunningly disguised on the taskbar.

Tails-Tor-WindowsXPWindows XP? Not quite.

The network will either connect directly (ethernet) or you’ll need to select the network icon and enter the wireless network password. Then you need to wait for the Tor secure anonymisation routing to be set up (Tor – The Onion Router. Note the little green onion in the taskbar). When it is, you can browse.

The problem with this live system is clearly that you can’t store anything permanently on it. Short of leaving files on the computer itself, which you don’t want to do, you are stuck with temporary data. So you’ll either have to memorise it before you destroy it, or move on to the next stage.

Tails – Install To USB Drive

Tails-InstallerNow to transfer the live system to your USB flash drive: plug in the flash drive, and select “Start | Tails| Tails Installer | Clone & Install”. On the dialog box that comes up, check that the flash drive is selected as the target device. Do this carefully, or you may wipe any other USB device that is connected. Note the target device in the screenshot – if I had pressed the button, I would have wiped my backup drive!

Now press “Install Tails” to transfer the Tails live system from the CD to the flash drive. Once that is done, go back to the main menu and select “Start | System | Administration | Reboot”. When the system begins to shut down, press Enter when prompted, ignoring any further system messages, and wait. Don’t bother to remove the flash drive. At this point Tails is clearing the PC’s memory of all traces of your activity, and if you have a lot (I have 8 GB) this may take a little while. Eventually the system will reboot; press the key to enter the BIOS and select to boot from the USB Flash Drive.

You should be quickly back in the Tails boot menu; select the same options that you did before to boot Tails. This time it will be snappier, because the flash drive is faster than the CD drive.

Tails – Creating a Persistent Volume

Now you have the basic Tails system that you saw before. The last stage is to give yourself somewhere to store your stuff permanently. This you do by configuring the Persistent Storage volume.

Select “Start | Tails | Configure persistent volume”.




Follow the wizard, and make sure you choose a strong password or passphrase. More on this another time, but choose at the least a password of 10 characters selected from the roughly 62 (including shift-character) available on the average keyboard. A password like D7C8t9{@#} would take around 2 weeks to break using currently-available technology. Add a couple more characters, and you’re into the years.

Select “Create”, and Tails will set up a persistent volume for you on the unused part of the flash drive; TAILS itself uses about 3 GB, so on an 8 GB drive you will have a persistent storage space of about 5GB. You have no choice about this – all the remaining space is used, so using a 16 GB drive will give you 13 GB of storage whether you like it or not.

Tails-Persistence-WizardIt will take some time, depending on the capacity of the flash drive, to set up your persistent storage. When it’s finished, you get to select what to persist (Personal Data is obviously selected by default). You might as well select every button to tick it. This will enable your network connection data, e-mail setup, bookmarks, and other details to be retained.

Now reboot once more, to enable your persistent storage. This time, there will be a button to select that storage – press it and enter your password. Also, set up an Administration password on your way in. You will need it if you want to transfer files to and from other drives and partitions on the PC; otherwise such access is locked out. You can get at your storage using the File Manager (My Computer or My Documents). The computer user is given the name amnesia (I forget why). Your storage space starts in amnesia’s Persistent folder, and encompasses any folders you create under Persistent, similarly to folders under C:\User\YourName in Windows. If you selected all the available options during persistence setup, all the essential details of your sessions are also stored in the persistent volume, so your bookmarks, e-mail account details, and so on are all saved and you don’t have to enter them every time you log in, as you would with the CD.

Have a play with your new system. Configuring the browser and e-mail is fairly straightforward; just try things out until you get it right. The office suite is Open Office, which is OK, although I would have preferred Libre Office, but I’m not about to cavil at that. Double-click My Computer, then, when the file manager comes up, press F3. You will get two independent panes, and right-clicking or dragging files will enable you to transfer them from one to the other. You can also access the hard drive(s) from here, but you will need the Admin password.

Tails – Additional Tips & Summing Up

A few things will strike you as you play: you can only connect to the internet through the Tor anonymisation network (The Onion Router); there are no plugins and few extensions in IceWeasel, and Claws Mail doesn’t show the pictures in HTML e-mails. If you are a Linux user, you will find that you can use the Synaptic Package Manager to install some (not all) software, but the next time you boot up it will have mysteriously disappeared. Create an icon on the desktop, and it will disappear too.

There are good reasons for this. Tails is seriously, and I mean seriously, locked down to stop you accidentally giving away information that could locate you, or compromise your communications. Tails is not a toy. It is meant to be used by people whose freedom or lives could depend on getting it right.

Just about the only things that stay on the flash drive system, apart from your bookmarks, and e-mail and other basic configurations, are your documents, in your secure storage space. When you shut down, the computer memory is wiped, and there is no trace of you left on it, unless you have transferred something to the hard drive.

Now you can use any PC, anywhere, safely and securely, provided you observe a few precautions, and provided there is a reasonably normal wireless or ethernet connection. Some specially-configured connections (e.g. at the local library, in my case) will keep you out.

Some bonus features for you. Plug in the flash drive in Windows, and look at it with File Manager. You will see the basic Linux system folders. Secret Squirrel recommends that you make these folders Hidden in Windows. At the same time, create a non-hidden folder called “My Books” or whatever, and move a reasonably convincing number of non-controversial files into it. Now if Big Brother checks your drive, he won’t notice the Tails system, unless he is savvy enough to check the partition size and enable View Hidden Files.

Also, if you plug the drive into a Linux machine, it will recognise the encrypted volume immediately, and offer to let you into it if you type the password/passphrase. Then you can get at Persistent directly – quite neat.

If the PC is on a LAN, you can access Windows shares on other PCs by using “Connect to Server” from the File Manager “File” menu. Specify the LAN IP address of the machine to which you want to connect, select “Windows share” and the share name (e.g. “Documents”), leave the folder name blank, and enter the domain name (usually WORKGROUP) and user credentials for the target PC, and you should connect immediately.

Finally, as both teams say, Tails and Tor can’t help you if you don’t use them right. Read up about them on their websites, and don’t try to do anything clever with the setup. The teams are experts who have been doing this stuff for a long time. If you ignore their recommendations, don’t blame them if it’s your door that the secret police knock on next!

If you value freedom and democracy, please donate to the teams! They are mostly volunteers, operating on a shoestring to give web security to medical and relief workers, reporters, dissidents, and ordinary families in repressive countries world-wide. The website URLs are given below.

Recently (29th April) Tails Version 1.0 was released, described by the developers as “an important milestone that denotes the maturity of a free software project”, five years on from the first public release.

More next time on using the applications and Tor, especially e-mail encryption with Claws.


Tagged , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.