sign in sign up
<<
Home , Tails (operating system)

Tails for Ultimate

Tails is a -based Linux distro maintained rigorously by a cadre of international independent developers. Point Releases follow a Roadmap for constant improvement. These are scheduled for most months with one or more Interim Security Updates made available for automatic installation.

If it is good enough to keep users anonymous for their nefarious operations on the dark side of the web, then it is good enough for the rest of us who just want to minimize the exposure we present to ISPs as to who we contact, to websites that build our personal profile by tapping our browser’s history, cookies, etc, and to unwanted surveillance that seeks to know who is sending and who is reading our encrypted email to anonymous gmail accounts and private encrypted point-to-point messages.

The network provides source IP address at a destination’s ISP and destination IP address anonymity at a source ISP1. Tor circuits are constructed in real time to route thru an entry, a relay and an exit PC from hundreds of volunteers around the world. Tor IP routing encapsulates two encrypted sub-headers in the IP header, the first is unraveled by the entry PC to forward to the relay PC where the second is unraveled to forward to the exit PC. The response from the destination IP always goes back to the exit PC and comes to the source IP from the same entry PC.

I’m not sure how the return path is done or for that matter if the IP header works like I describe above (I think it did at one point). The destination does not need to be Tor capable and will always respond to the exit node’s IP address as if it were the source, so that makes me think that Tor circuits maintain context for a given return path (and maybe the source path, as well).

Tails has Gnome, browser, Thunderbird email client with gpg cut and paste encryption as well as , Pigeon messaging and more. Mostly I use Gnome to get to “Root Terminal” and then work on a command line (as user amnesia with root privileges) so that I don’t have to do sudo.

1 If the Source ISP and Destination ISP are the same, a three second sample of every packet in an ISP’s network could be analyzed to correlate the IP contents to reveal the intended source and intended destination IP addresses in their network, but not very likely without a court order.

Page 1 of 5 If you are still reading and interested, I will describe how to build Tails on two minimum 16GB flash disks. This is involved and will save a bunch of time compared to learning on your own.

From experience I know that older PCs are best. My 16GB (8GB won’t boot Tails on a Mac) 2017 MacBook Pro boots Tails 3.1.1 only with a wired keyboard and mouse, but boots 4.2.2 with no mouse at all. My 2019 16GB MBP won’t boot any external disk due to a T2 secure boot chip I don’t want to disable even if possible. My trusty 8GB Lenovo Thinkpad T410 is perfect, even that red button for a mouse in the middle of the keyboard works.

I start with a clean clone of Tails, currently at 4.2.2. Getting to a clean clone involves downloading from tails.boum.org, verifying the signature, installing on one of the 16GB USB flash disks, then from that USB flash disk to “Start Tails”. Select “Tails Installer”, insert the second USB flash disk and clone it with “Reinstall (delete all data)”.

Next boot from the newly created first clone and “Start Tails” again, use “Tails Installer” again, insert the temporary first disk and make it a clone the same way as the first clone. This USB flash disk now becomes the second clone Tails boot disk (and is now made safe for Tor). If one Tails boot disk gets corrupt, the other can be used to restore Tails 4.2.2.

We’re not done. Tails only needs 8.2GB on the USB flash disk, so there is room for a FAT partition to bring over files from other PCs, and an encrypted Persistence partition that restores files that we want to restore after every boot because Tails always starts with the same clean boot.

After a first clone boot or continuing from above, select “Utilities ->Disk”. Click on the 16GB flash disk and its free space, then add (click +) a FAT partition leaving room for the Persistence partition to be created after the next first clone boot. Add the same FAT partition on the second clone, give them both a name like Tails FAT. BTW, a boot/reboot is defined as Shutdown and power on.

Reboot the first clone and “Configure persistent volume”. I enable everything except . Reboot again to make it so. I don’t put Persistence on the second clone so that I can tell the difference between a first clone boot and a second clone boot.

Page 2 of 5 This time the Tails Greeter looks a little different. To unlock Persistence you must enter the Passphrase that was used to create the persistent volume (i.e Persistence). There is a “+” to add an Administration Password (user amnesia’s password), which is needed to wake up Tails and to login to “Root Terminal”. Now “Start Tails”. The objective is to use the encrypted Persistence partition to store the files we want to preserve and use for all subsequent reboots. Tails looses everything that is not in encrypted Persistence when Shutdown.

My /home/amnesia/startup file is pretty simple. From Tails “Root Terminal”: cat /home/amnesia/startup export H=/home/amnesia export P=/live/persistence/TailsData*/dotfiles . /home/amnesia/.bashrc mkdir /tmpdir mount -t vfat /dev/sdb2 /tmpdir cd /tmpdir vi /home/amnesia/.bashrc and look for the alias ll, change it to: alias ll=‘ls -la —color=auto’ (that’s dashdashcolor)

Use fdisk -l on Tails to determine which device is the FAT partition, /dev/sdb2 in the above, so you’ll want to insert the that clone in the same USB port for every boot. FYI, MacOS auto- mounts a flash disk when inserted and can be accessed by the name of the FAT partition, e.g. /Volumes/“Tails FAT”.

Now copy /home/.bashrc and /home/startup to /live/persistence/ Tails*/dotfiles. Copy them to /tmpdir for backup. I make a temporary mount on the second clone and copy these files over to its FAT as well. If you are like me and experiment a lot, you will need to reclone the first clone regularly, so these files on the second clone will save some time typing.

Reboot. From the “Root Terminal” command line: cd /home/am* . startup

Page 3 of 5 and now ll and ll $P will both show .bashrc and startup, in the FAT partition and in Persistence respectively.

I think I know how to migrate GPG Suite GPG Keys from MacOS to Tails, so that will hopefully be my next article. It is anything but straight forward. FYI, you need to be a user with GPG Suite privileges, not root, on MacOS to export keys with gpg.

On MacOS: gpg -a —export-secret-keys [email protected] > /Volumes/“Tails FAT”/anomin-secret-gpg.asc gpg -export-ownertrust > /Volumes/“Tails FAT”/anomin- ownertrust.asc

Jeff Rhodes aka Anomin January 2020

Page 4 of 5 -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFstif4BEAC9sBhBqVrv0NMnVUko7aO9kCk7fL+Lc12KGYVlVH7clfClDPZg S4Y5NRvVrBR7G3h9mXRovaMXLEkcWEgdzpuEgKMmqEUAVKYBcj+gr1Q//81j5obS q5W0PZVp7YYwVpNGPMOFQ4kv9g0Mh6pD3t+o3tgC0tR9LWa5M1EYc/PVw2s42HJx MiByvbtamoaVfXHH/+hfIcWck+DRhY67Ko02EV/aGAvt586sDZOMmdWRoS/O2VSw zPa3IR/DohDktx/xTthBHiIxd1NmmjJHN1v7YpUp+LYVjZB0Rfz1pon2V5235Au2 EaJdOuNW4IXtceXlsdh6oJXYy75iLBcWFkRqobWx3AaR25QWnjzJN2l3yDtiJuYN hIKSvbOARFaChOJAJYUAf78rbxqDRxVbMPwIEuPf1OY2hYyEGD5kLsItFor1B5RV Npwed12fe7IiBICvg5jS+8HeHDYU/UmR2y8Tai14hoVPbGC1v3s1/TowZ7F9QKcm 8ariCAxBxoajV/9h+5Wdy5muEVFZP+CnivFNBQvyhUDKEjIUuOnR95kOPMeSOnyj eInvIbfJQ06r7I2EvXymGU815OqriCtjMSemmTEfNUoLtliZzoiY4P40cEMtO3Kj s3S8PwvDxQH0B9gVCeBTV3Oc+EEuC9VHzvrjY/bhj/KkEG6D9MxvkyjvKwARAQAB tBxBbm9taW4gPGFub21pbkBhbm9taW4uc3BhY2U+iQJUBBMBCAA+FiEEC3QLaLXd jM2+XAfnCBYmnlbNos8FAlstif4CGwMFCQtJ2AAFCwkIBwIGFQoJCAsCBBYCAwEC HgECF4AACgkQCBYmnlbNos9t0Q//XZyC436K8l2vD0CBNHRzMt3NuC0gOGi5uSY7 6eUTK0ofi4Bor55zlvFF8VgeCkKPGTMw69i2DQYCsd8dv/UIBvBDkBtdQHBvf17Y iV16X/zIMoXbeIjpX58eIw7hr1XMNUsUaI5rlHKsi9WjT/JJJU+lsJfPK30+BoBU F+wDbbP5w8I3bF5Gt5d8EMiJ4hTrjPH9lUkXJWBApJviUmopxbG/WTICQO1IFy4C ULoU7KE3a7IeUIdNnSikKDgjfVu59SvpIkzHL1OG3pDSi31JQmk9LXIVdb8J516a 6JIFtasP7LXeDX/EKTQV+8NrOaKFsgXZ9bWBvmPW0v6TXIIbEXFtRrcddzYO3Z/P EKOFiBsHp72lvlOwQaYO/o+RkKieqIbfol2F+nHUw6gVteKrK0lSbYsXsosRrawY gsHuNolkRE7kJh3MZHTVo4EDse26Cj++lCanC7Q4GslzCjVONHnCJ1YvkTzgCEjV rHG4XSxpp0cwUPiFp4Xn1jgtfIYARZhtG0pHx7rhiSY1LRJYDudrHSVPmdbWyTTJ Ri8U1vA6W7mo8oBhord3uxDQivcn75oDNQnF/VZ0v24FqqV/wodfizSIK+TZhCn9 HzKCjgaHnKNTCjAl3qJyCDA8eXV5EnMFUKqDZiXGA7DLrnW7okqttIQlQ4mjoOci /wvQLz65Ag0EWy2J/gEQAN3+S1c8FPXk3dicUA0hJSPAp4vcywayNumlnVnj4utQ V1TQ1B8HHu0BlDNH43cDhunaPccjc3tGmQYE8430/AJMHnCKmopa0u6hTeWPhkA5 pKnO8Y153ekZSuCbRHsEYjT3SFvpM/b/1iUSez8wbHHO+5efCJzWlJNVMkjVVeI8 W9sYKtTRYLyxwP+RhJvGRNfxG3uxGb0+M3twNqajjg5XgFZzaWRw7n5+OjuVe9Y6 4USog+KKMiTJ7JN/KQfZqB/wKcAnzOdjP0UIvuvSbKa+/dg7CQvaORJCeL+pe7gh rUMGCWZ0Z6IMPxXWO3YXvkldLnDbVa1sH3/9rWemaI1n3yZPzZqotGiWwLezubQQ 8bH/FumMFQj0APHEf4LFFDp18Gt8/fIn8SYOzPp9WNk8msXVPX08WOuMyIBP/KDY 0C7K14FzWvYt+DD160El7lE69txcWgNTfncQbhW/nDeb5W9r6nIDjv6wzAU7AatW ugmVzPnnzVXs2PNJW3kjCvAgUtVCDnTOYJQzsWPKOYCZMQ9LkeHlUgN4+HHHVw7z RsRAediWddvOJKjmNfdfqZvm0N2ocWpVqjWuN3m2gxstYMaPAn603JBQXZVdaZjA sbq5X14Q5O0/U70vB+r5lHsMbo8EOk/lG7mgJuzp4w1p8NMPoGb9Ber2uHfphgKt ABEBAAGJAjwEGAEIACYWIQQLdAtotd2Mzb5cB+cIFiaeVs2izwUCWy2J/gIbDAUJ C0nYAAAKCRAIFiaeVs2iz/f6EACghgwaJHOSlOgRTKUkpMQPOALLf6+o6gIAVek9 MVZlMXKFwn1WOYAr7G52F6xqALHij8lTsS7l3KLk+E6z2SoQygA6bBhcZ39GRuoM /pSSwfSzs3el0VoN60HW4rQX4MF7vIgvjozoX1B/XAHeex5McqWhPBxXWV0G5CII AQB2x3wqaEKC8xvffh934UZf7SiUKsLgvBit6wtJfz0rd0T/RyMtSI9SPOSpVhxt 8Av/o7dShnSIOFF/s66J782D3XA9aWD3E0DfW93bNmC8Y24j9wy0T5LdNzFwZ5nz bbkgm9RpGx8lGrhQ/+rLSj1GOg5c9GR0+ybMOkApYDPEQuTRzKWKA6B2tXz+0ZZO 9C185kJNXkWtvyud3lhGscDjjh4AwhKf9b/UWWfSsV6zjYMAvcW84SbQSt+F6Dyo oWo+2cQ+FaF5x0zDjoab6zOHF6ydMGmmk4879TY8ttaSN8vxMVWEtSBfrUXtLxTM 4/neO8lD0O5ND2Vss251YPbt3tML54gjIU1zt1eexSFbD8HZLxOgBvdOcZUFS/qD vzz9XDhHVQogRCdSaV3aF8sC5siX/LzgFab5hePKQgRN8uwIaSGGmFG5l6M3ImEH hnw+WZV6hlHp0xIKMPCZ6HC0x/1n7hddsKVzu8BBfa62TZz85vK8jnC7QS2KSZhM 4XmOPA== =5+zO -----END PGP PUBLIC KEY BLOCK-----

Page 5 of 5