# Tails is a live system that aims to preserve your privacy and anonymity.
It helps you to use the Internet anonymously and circumvent censorship almost
anywhere you go and on any computer but leaving no trace unless you ask it to
# It is a complete operating system designed to be used from a DVD, USB stick, or SD
card independently of the computer's original operating system. It is Free Software
and based on Debian GNU/Linux.
# Tails comes with several built-in applications pre-configured with security in
mind: web browser, instant messaging client, email client, office suite, image and
sound editor, etc. - https://tails.boum.org/about/index.en.html
# Tails, The Amnesic Incognito Live System, version 1.5, is out.
https://mailman.boum.org/pipermail/amne ... 00094.html
https://twitter.com/Tails_live/status/6 ... 5682342912
= Tails Site:
= First Steps:
- Getting Started:
- Help & Support:
https://en.wikipedia.org/wiki/Tails_%28 ... _system%29
-- The Tails public development discussion list
-- User support for Tails
- Tails report for July, 2015:
https://tails.boum.org/news/report_2015 ... ex.en.html
- Numerous security holes in Tails 1.4.1:
https://tails.boum.org/security/Numerou ... ex.en.html
- Known issues:
https://tails.boum.org/support/known_is ... ex.en.html
- Direct download - Latest release: (Tails 1.5 ISO image (988MG/942MiB)
http://dl.amnesia.boum.org/tails/stable ... 86-1.5.iso
- Cryptographic signature (Tails 1.5 signature):
https://tails.boum.org/torrents/files/t ... .5.iso.sig
- Verifying the ISO image:
- (If you're not sure what the cryptographic signature is):
SHA256 checksum (for Tails 1.5 ISO image):
- BitTorrent download - Latest release (Tails 1.5 torrent):
https://tails.boum.org/torrents/files/t ... .5.torrent
- Cryptographic signature (BitTorrent):
The cryptographic signature of the ISO image is also included in the Torrent.
Additionally, you can verify the signature of the Torrent file itself before downloading the ISO image:
https://tails.boum.org/torrents/files/t ... orrent.sig
- Seed back!
Seeding back the image once you have downloaded it is also a nice and easy way of helping spread Tails.
- Tails signing key:
- Changelog :
https://git-tails.immerda.ch/tails/plai ... /changelog
 tails (1.5) unstable; urgency=medium
* Major new features and changes
- Move LAN web browsing from Tor Browser to the Unsafe Browser,
and forbid access to the LAN from the former. (Closes: #7976)
- Install a 32-bit GRUB EFI boot loader. This at least works
on some Intel Baytrail systems. (Closes: #8471)
* Security fixes
- Upgrade Tor Browser to 5.0, and integrate it:
· Disable Tiles in all browsers' new tab page.
· Don't use geo-specific search engine prefs in our browsers.
· Hide Tools -> Set Up Sync, Tools -> Apps (that links to the Firefox
Marketplace), and the "Share this page" button in the Tool bar.
· Generate localized Wikipedia search engine plugin icons so the
English and localized versions can be distinguished in the new
search bar. (Closes: #9955)
- Fix panic mode on MAC spoofing failure. (Closes: #9531)
- Deny Tor Browser access to global tmp directories with AppArmor,
and give it its own $TMPDIR. (Closes: #9558)
- Tails Installer: don't use a predictable file name for the subprocess
error log. (Closes: #9349)
- Pidgin AppArmor profile: disable the launchpad-integration abstraction,
which is too wide-open.
- Use aliases so that our AppArmor policy applies to
/lib/live/mount/overlay/ and /lib/live/mount/rootfs/*.squashfs/ as well as
it applies to /. And accordingly:
· Upgrade AppArmor packages to 2.9.0-3~bpo70+1.
· Install rsyslog from wheezy-backports, since the version from Wheezy
conflicts with AppArmor 2.9.
· Stop installing systemd for now: the migration work is being done in
the feature/jessie branch, and it conflicts with rsyslog from
· Drop apparmor-adjust-user-tmp-abstraction.diff: obsoleted.
· apparmor-adjust-tor-profile.diff: simplify and de-duplicate rules.
· Take into account aufs whiteouts in the system_tor profile.
· Adjust the Vidalia profile to take into account Live-specific paths.
- Upgrade Linux to 3.16.7-ckt11-1+deb8u3.
- Upgrade bind9-host, dnsutils and friends to 1:9.8.4.dfsg.P1-6+nmu2+deb7u6.
- Upgrade cups-filters to 1.0.18-2.1+deb7u2.
- Upgrade ghostscript to 9.05~dfsg-6.3+deb7u2.
- Upgrade libexpat1 to 2.1.0-1+deb7u2.
- Upgrade libicu48 to 22.214.171.124-12+deb7u3.
- Upgrade libwmf0.2-7 to 0.2.8.4-10.3+deb7u1.
- Upgrade openjdk-7 to 7u79-2.5.6-1~deb7u1.
- Upgrade Tor to 0.2.6.10-1~d70.wheezy+1+tails1.
* Minor improvements
- Tails Installer: let the user know when it has rejected a candidate
destination device because it is too small. (Closes: #9130)
- Tails Installer: prevent users from trying to "upgrade" a device
that contains no Tails, or that was not installed with Tails Installer.
- Install libotr5 and pidgin-otr 4.x from wheezy-backports. This adds
support for the OTRv3 protocol and for multiple concurrent connections
to the same account. (Closes: #9513)
- Skip warning dialog when starting Tor Browser while being offline,
in case it is already running. Thanks to Austin English for the patch!
- Install the apparmor-profiles package (Closes: #9539), but don't ship
a bunch of AppArmor profiles we don't use, to avoid increasing
boot time. (Closes: #9757)
- Ship a /etc/apparmor.d/tunables/home.d/tails snippet, instead
of patching /etc/apparmor.d/tunables/home.
- live-boot: don't mount tmpfs twice on /live/overlay, so that the one which
is actually used as the read-write branch of the root filesystem's union
mount, is visible. As a consequence:
· One can now inspect how much space is used, at a given time, in the
read-write branch of the root filesystem's union mount.
· We can make sure our AppArmor policy works fine when that filesystem
is visible, which is safer in case e.g. live-boot's behavior changes
under our feet in the future... or in case these "hidden" files are
actually accessible somehow already.
* Build system
- Add our jenkins-tools repository as a Git submodule, and replace
check_po.sh with a symlink pointing to the same script in that submodule.
Adjust the automated test suite accordingly. (Closes: #9567)
- Bump amount of RAM needed for Vagrant RAM builds to 7.5 GiB. In
particular the inclusion of the Tor Browser 5.0 series has recently
increased the amount of space needed to build Tails. (Closes: #9901)
* Test suite
- Test that the Tor Browser cannot access LAN resources.
- Test that the Unsafe Browser can access the LAN.
- Installer: test new behavior when trying to upgrade an empty device, and
when attempting to upgrade a non-Tails FAT partition on GPT; also, take
into account that all unsupported upgrade scenarios now trigger
the same behavior.
- Request a new Tor circuit and re-run the Seahorse and GnuPG CLI tests
on failure. (Closes: #9518, #9709)
- run_test_suite: remove control chars from log file even when cucumber
exits with non-zero. (Closes: #9376)
- Add compatibility with cucumber 2.0 and Debian Stretch. (Closes: #9667)
- Use custom exception when 'execute_successfully' fails.
- Retry looking up whois info on transient failure. (Closes: #9668)
- Retry wget on transient failure. (Closes: #9715)
- Test that Tor Browser cannot access files in /tmp.
- Allow running the test suite without ntp installed. There are other means
to have an accurate host system clock, e.g. systemd-timesyncd and tlsdate.
- Bump timeout in the Totem feature.
- Grep memory dump using the --text option. This is necessary with recent
versions of grep, such as the one in current Debian sid, otherwise it
will count only one occurrence of the pattern we're looking for.
- Include execute_successfully's error in the exception, instead
of writing it to stdout via puts. (Closes: #9795)
- Test that udev-watchdog is actually monitoring the correct device.
- IUK: workaround weird Archive::Tar behaviour on current sid.
- Test the SocksPort:s given in torrc in the Unsafe Browser.
This way we don't get any sneaky errors in case we change them and
forget to update this test.
- Directly verify AppArmor blocking of the Tor Browser by looking in
the audit log: Firefox 38 does no longer provide any graphical feedback
when the kernel blocks its access to files the user wants to access.
- Update browser-related automated test suite images, and workaround
weirdness introduced by the new Tor Browser fonts.
- Test that Pidgin, Tor Browser, Totem and Evince cannot access ~/.gnupg
via alternate, live-boot generated paths.
- Adjust tests to cope with our new AppArmor aliases.
- Bump memory allocated to the system under test to 2 GB. (Closes: #9883)
-- Tails developers Mon, 10 Aug 2015 19:12:58 +0200