Tails Manual

Tails - Introduction
doc
Page 1 of 1
Introduction
English
DE
FR
PT
Introduction
The goal of this documentation is to present The
Amnesic Incognito Live System (Tails) in an easy
to understand and reasonably thorough manner
in hope to give the new user a crash course in
what might be a completely new set of
applications and concepts regarding anonymity
Download
Tails 0.22
December 11, 2013
About
and security on the Internet.
Getting started
It will not fully document the applications
included in Tails, but rather give an overview of
them and go on details only on the Tails-specific
Documentation
configuration.
Help & Support
It is quite long so you might want to not read it
Contribute
in one go but instead read about and warning, as

well as the sections on only those applications you intend to use with the possibility to
return to it whenever you want to try something new or use it for reference.
If you have experience with these applications and concepts from elsewhere and feel
comfortable with the user interface in general, reading this document is maybe not
necessary at all. A word of caution to all users is not to alter the network, proxy and
firewall settings unless you know what you are doing poking around with them too
much might spoil the built-in defences of Tails.
Last edited Tue 29 Oct 2013 06:46:43 PM CET
https://tails.boum.org/doc/introduction/index.en.html
1/17/2014
Tails - About Tails anonymity
doc
about
Page 1 of 2
About Tails anonymity
English
DE
FR
PT
About Tails anonymity

Why do you need
anonymity?
Download
Tails 0.22
December 11, 2013
As you are probably aware of, we currently find

ourselves in a state of steady decline of our
freedoms and privacy, with increasing levels of
mass surveillance and repression all over the
world (see this report from Privacy
Getting started
Documentation
International ).
Without taking any precautions, your Internet
service provider, the State, the police and global
surveillance systems like ECHELON
About
(which is
Help & Support

Contribute
not a conspiracy theory; see this report from the

European Parliament ) can record what you do online: what you read, what you write
and who you communicate with.
This is possible since all messages sent over the Internet contain the IP addresses
of
both the sender and receiver, much like an ordinary mail sent through the postal system
contains addresses of both sender and receiver for two-ways communication. IP
addresses can easily be traced back to the physical location of the computers and their
owners, and from that ultimately back to you.
If you do not mind this fact, then more power to you, but if you do mind, then Tails
might be just what you need.
Moreover, just like with a postcard, any information traveling on the Internet can be read
by many computers that relay them.
https://tails.boum.org/doc/about/anonymity/index.en.html
1/17/2014
Tails - System requirements
doc
about
Page 1 of 1
System requirements
English
DE
FR
PT
System requirements
Tails should work on any reasonably recent PC
computer, say manufactured after 2005. Here is
a detailed list of requirements:
Either an internal or external DVD reader
or the possibility to boot from a USB stick
Download
Tails 0.22
December 11, 2013
About
or SD card.
Tails requires an x86+ compatible processor:
+
Getting started
IBM PC compatible and others but not

PowerPC+ nor ARM+.
1 GB of RAM to work smoothly. Tails is
known to work with less memory but you
Documentation
Help & Support
might experience strange behaviours or

crashes.
Contribute
https://tails.boum.org/doc/about/requirements/index.en.html
1/17/2014
Tails - Warning
doc
Page 1 of 7
about
Warning
English
DE
FR
PT
Warning
Even though we're doing our best to offer you
good tools to protect your privacy while using a
computer, there is no magic or perfect
solution to such a complex problem.
Understanding well the limits of such tools is a
crucial step in, first, deciding whether Tails is the
Download
Tails 0.22
December 11, 2013
About
right tool for you, and second, helping you

making a good use of it.
1. Tor exit nodes can eavesdrop on

communications
2. Tails makes it clear that you are using Tor
and probably Tails
3. Man-in-the-middle attacks
Getting started
Documentation
Help & Support
Contribute
4. Confirmation attacks
5. Tails doesn't encrypt your documents by default
6. Tails doesn't clear the metadata of your documents for you and doesn't
encrypt the Subject: and other headers of your encrypted e-mail
messages
7. Tor doesn't protect you from a global adversary
8. Tails doesn't magically separate your different contextual identities
9. Tails doesn't make your crappy passwords stronger
10. Tails is a work in progress
Tor exit nodes can eavesdrop on

communications
Tor is about hiding your location, not about encrypting your communication.
https://tails.boum.org/doc/about/warning/index.en.html
1/17/2014
Tails - Warning
Page 2 of 7
Instead of taking a direct route from source to destination, communications using the
Tor network take a random pathway through several Tor relays that cover your tracks.
So no observer at any single point can tell where the data came from or where it's going.
The last relay on this circuit, called the exit node, is the one that establishes the actual
connection to the destination server. As Tor does not, and by design cannot, encrypt the
traffic between an exit node and the destination server, any exit node is in a position
to capture any traffic passing through it. See Tor FAQ: Can exit nodes eavesdrop
on communications? .
For example, in 2007, a security researcher intercepted thousands of private e-mail
messages sent by foreign embassies and human rights groups around the world by
spying on the connections coming out of an exit node he was running. See Wired: Rogue
Nodes Turn Tor Anonymizer Into Eavesdropper's Paradise. .
To protect yourself from such attacks you should use end-to-end encryption.
Tails includes many tools to help you using strong encryption while browsing,
sending email or chatting, as presented on our about page.
Tails makes it clear that you are using Tor and

probably Tails
Your Internet Service Provider (ISP) or your local network administrator can
see that you're connecting to a Tor relay, and not a normal web server for example.
Using Tor bridges in certain conditions can help you hide the fact that you are using Tor.
1/17/2014
Tails - Warning
Page 3 of 7
The destination server that you are contacting through Tor can know whether
your communication comes out from a Tor exit node by consulting the publicly available
list of exit nodes that might contact it. For example using the Tor Bulk Exit List tool of
the Tor Project.
So using Tails doesn't make you look like any random Internet user. The
anonymity provided by Tor and Tails works by trying to make all of their users look the
same so it's not possible to identify who is who amongst them.
See also Can I hide the fact that I am using Tails?
Man-in-the-middle attacks
A man-in-the-middle attack (MitM) is a form of active eavesdropping in which the
attacker makes independent connections with the victims and relays messages between
them, making them believe that they are talking directly to each other over a private
connection, when in fact the entire conversation is controlled by the attacker.
While using Tor, man-in-the-middle attacks can still happen between the exit node and
the destination server. The exit node itself can also act as a man-in-the-middle. For an
example of such an attack see MW-Blog: TOR exit-node doing MITM attacks .
Again, to protect yourself from such attacks you should use end-to-end
encryption and while doing so taking extra care at verifying the server authenticity.
Usually, this is automatically done throught SSL certificates checked by your browser
against a given set of recognized certificate authorities ). If you get a security
exception message such as this one you might be victim of a man-in-the-middle attack
1/17/2014
Tails - Warning
Page 4 of 7
and should not bypass it unless you have another trusted way of checking the
certificate's fingerprint with the people running the service.
But on top of that the certificate authorities model of trust on Internet is susceptible to
various methods of compromise.
For example, on March 15, 2011, Comodo, one of the major SSL certificates company,
reported that a user account with an affiliate registration authority had been
compromised. It was then used to create a new user account that issued nine certificate
signing requests for seven domains: mail.google.com, login.live.com, www.google.com,
login.yahoo.com (three certificates), login.skype.com, addons.mozilla.org, and global
trustee. See Comodo: The Recent RA Compromise .
Later in 2011, DigiNotar, a Dutch SSL certificate company, incorrectly issued certificates
to a malicious party or parties. Later on, it came to light that they were apparently
compromised months before or perhaps even in May of 2009 if not earlier. Rogues
certificates were issued for domains such as google.com, mozilla.org, torproject.org,
login.yahoo.com and many more. See, The Tor Project: The DigiNotar Debacle, and what
you should do about it .
This still leaves open the possibility of a man-in-the-middle attack even when
your browser is trusting an HTTPS connection.
On one hand, by providing anonymity, Tor makes it more difficult to perform a man-inthe-middle attack targeted at one specific person with the blessing of a rogue SSL
certificate. But on the other end, Tor makes it easier for people or organizations running
exit nodes to perform large scale MitM attempts, or attacks targeted at a specific
server, and especially those among its users who happen to use Tor.
1/17/2014
Tails - Warning
Page 5 of 7
Quoted from Wikipedia: Man-in-the-middle attack , Wikipedia: Comodo Group#Iran SSL

certificate controversy and Tor Project: Detecting Certificate Authority compromises
and web browser collusion .
Confirmation attacks
The Tor design doesn't try to protect against an attacker who can see or measure both
traffic going into the Tor network and also traffic coming out of the Tor network. That's
because if you can see both flows, some simple statistics let you decide whether they
match up.
That could also be the case if your ISP (or your local network administrator) and the ISP
of the destination server (or the destination server itself) cooperate to attack you.
Tor tries to protect against traffic analysis, where an attacker tries to learn whom to
investigate, but Tor can't protect against traffic confirmation (also known as end-to-end
correlation), where an attacker tries to confirm an hypothesis by monitoring the right
locations in the network and then doing the math.
Quoted from Tor Project: "One cell is enough to break Tor's anonymity" .
Tails doesn't encrypt your documents by

default
The documents that you might save on storage devices will not be encrypted by default.
But Tails provides you with tools to encrypt your documents, such as GnuPG, or encrypt
your storage device, such as LUKS. It is likely that the files you may create will keep
tracks that they were created using Tails.
If you need to access the local hard-disks of the computer you are using, be
conscious that you might then leave trace of your activities with Tails on it.
Tails doesn't clear the metadata of your

documents for you and doesn't encrypt the
Subject: and other headers of your encrypted
e-mail messages
Numerous files format store hidden data or metadata inside of the files. Text processors
or PDF files could store the name of the author, the date and time of creation of the file,
and sometimes even parts of the editing history of the file those hidden data depend
1/17/2014
Tails - Warning
Page 6 of 7
on the file format and the software used. Please note also, that the Subject: as well as
the rest of the header lines of your OpenPGP encrypted e-mail messages are not
encrypted. This is not a bug of Tails or the OpenPGP protocol; it's for backwards
compatibility with the original SMTP protocol. Unfortunately no RFC standard exists yet
for Subject encryption.
Images file formats, like TIFF of JPEG, probably take the prize in this field. Those files,
created by digital cameras or mobile phones, contain a metadata format called EXIF
which can include the date, time and sometimes the GPS coordinates of the picture, the
brand and serial number of the device which took it as well as a thumbnail of the original
image. Image processing software tend to keep those data intact. Internet is full of
cropped or blurred images for which the EXIF thumbnail still contains the full original
picture.
Tails doesn't clear the metadata of your files for you. Yet. Still it's in Tails' design
goal to help you do that. For example, Tails already comes with the Metadata
anonymisation toolkit .
Tor doesn't protect you from a global

adversary
A global passive adversary would be a person or an entity able to monitor at the same
time the traffic between all the computers in a network. By studying, for example, the
timing and volume patterns of the different communications across the network, it
would be statistically possible to identify Tor circuits and thus matching Tor users and
destination servers.
It is part of Tor's initial trade-off not to address such a threat in order to create a lowlatency communication service usable for web browsing, Internet chat or SSH
connections.
For more expert information see Tor Project: The Second-Generation Onion Router ,
part 3. Design goals and assumptions.
Tails doesn't magically separate your different

contextual identities
It is usually not advisable to use the same Tails session to perform two tasks or endorse
two contextual identities that you really want to keep separate from another. For
example hiding your location to check your email and publishing anonymously a
document.
1/17/2014
Tails - Warning
Page 7 of 7
First, because Tor tends to reuse the same circuits, for example amongst a same
browsing session. Since the exit node of a circuit knows both the destination server (and
possibly the content of the communication if not encrypted) and the address of the
previous relay it received the communication from, it makes it easier to correlate the
several browsing requests as part of a same circuit and possibly made by a same user. If
you are facing a global adversary as described above, it might then also be in position to
do this correlation.
Second, in case of a security hole or a misuse in using Tails or one of its application,
information about your session could be leaked. That could reveal that the same person
was behind the various actions made during the session.
The solution to both threats is to shutdown and restart Tails every time you're
using a new identity, if you really want to isolate them better.
Vidalia's "New Identity" button forces Tor to use new circuits but only for new
connections: existing connections might stay open. Plus, apart from the Tor circuits,
other kind of information can reveal your past activities, for example the cookies stored
by your browser. So this feature of Vidalia is not a solution to really separate contextual
identities. Shutdown and restart Tails instead.
Tails doesn't make your crappy passwords

stronger
Tor allows you to be anonymous online; Tails allows you to leave no trace on the
computer you're using. But again, neither of both are magic spells for computer
security.
If you use weak passwords, they can be guessed by brute-force attacks with or without
Tails in the same way. To know if your passwords are weak and learn good practices to
create better password, you can read Wikipedia: Weak Passwords .
Tails is a work in progress

Tails, as well as all the software it includes, are on continuous development and might
contain programming errors or security holes. Stay tuned to Tails development. Do not
rely on it for strong anonymity.
Last edited Sun 08 Sep 2013 05:53:29 PM CEST
1/17/2014
Tails - Features and included software
doc
about
Page 1 of 3
Features and included software
English
DE
FR
PT
Features and included software

Download
1. Included software
1. Networking
Tails 0.22
December 11, 2013
2. Desktop Edition
3. Encryption & Privacy
2. Additional features
About
3. Multilingual support
Getting started
Included software
Documentation
GNOME , an intuitive and attractive desktop

environment
Contribute
Networking
Tor
Help & Support
with:
stream isolation
regular and obfsproxy bridges support
the Vidalia graphical frontend
NetworkManager for easy network configuration
Firefox
preconfigured with:
TorBrowser patches
Torbutton
for anonymity and protection against evil JavaScript
all cookies are treated as session cookies by default; the CS Lite

provides more fine-grained cookie control for those who need it
HTTPS Everywhere
extension
transparently enables SSL-encrypted connections to a great
number of major websites

Pidgin
preconfigured with OTR
for Off-the-Record Messaging
Claws Mail e-mail client, with user-friendly GnuPG support

Liferea feed aggregator
Gobby
for collaborative text writing
Aircrack-ng
for wireless networks auditing
https://tails.boum.org/doc/about/features/index.en.html
1/17/2014
I2P
Page 2 of 3
an anonymizing network
Desktop Edition
OpenOffice.org
Gimp and Inkscape to edit images
Scribus for page layout
Audacity
PiTIVi
for recording and editing sounds
for non-linear audio/video editing
Poedit
to edit .po files
Simple Scan and SANE for scanner support

Brasero to burn CD/DVD
Sound Juicer
to rip audio CDs
Encryption & Privacy

LUKS
and Palimpsest
to install and use encrypted storage devices, for example
USB sticks
GnuPG , the GNU implementation of OpenPGP for email and data encyption and
signing
TrueCrypt a disk encryption software
PWGen , a strong password generator
Shamir's Secret Sharing
Florence
using gfshare
and ssss
virtual keyboard as a countermeasure against hardware keyloggers
MAT to anonymize metadata in files

KeePassX password manager
The full packages list can be found in the BitTorrent files download directory (look for
files with the .packages extension).
Additional features
can be run as a virtualized guest inside VirtualBox
customization (e.g. to add a given missing piece of software) is relatively easy: one
may build a custom Amnesic Incognito Live System in about one hour on a modern
desktop computer
PAE-enabled kernel with NX-bit and SMP support on hardware that supports it
Some basic accessibility features
To prevent cold-boot attacks and various memory forensics, Tails erases memory on
shutdown and when the boot media is physically removed.
Multilingual support
1/17/2014
Page 3 of 3
One can choose at boot time between a big number of languages.

Some of these languages could not be thoroughly tested as we don't speak every
language in the world. If you find issues using one of the supposedly supported
languages, don't hesitate to tell us about it. E.g. Tails probably lacks some non-Latin
fonts or input systems.
If you wish to make it easier to use Tails for your language speakers, see the translators
guidelines.
Last edited Tue 17 Dec 2013 11:01:38 AM CET
1/17/2014
Tails - Can I hide the fact that I am using Tails?
doc
about
Page 1 of 2
Can I hide the fact that I am using Tails?
English
DE
FR
PT
Can I hide the fact that I am using

Tails?
In this context, the term fingerprint refers to
what is specific to Tails in the way it behaves on
Internet. This can be used to determine whether
a particular user is using Tails or not.
Download
Tails 0.22
December 11, 2013
As explained on our warning page, when using

Tails it is possible to know that you are using
About
Tor. But Tails tries to make it as difficult as
Getting started
possible to distinguish Tails users from

other Tor users, especially Tor Browser Bundle
Documentation
(TBB) users. If it is possible to determine

whether your are a Tails users or a TBB user, this
Help & Support
provides more information about you and in

consequence reduces your anonymity.
Contribute
This section explains some issues regarding the fingerprint of Tails and how this could
be used to identify you as a Tails user.
For the websites that you are visiting

The websites that you are visiting can retrieve a lot of information about your browser.
That information can include its name and version, window size, list of available
extensions, timezone, available fonts, etc.
To make it difficult to distinguish Tails users from TBB users, the Tails browser tries
to provide the same information as the TBB in order to have similar fingerprints.
See the fingerprint section of know issues page for a list of known differences between
the fingerprints of the Tails browser and the TBB.
https://tails.boum.org/doc/about/fingerprint/index.en.html
1/17/2014
Tails - Can I hide the fact that I am using Tails?
Page 2 of 2
Apart from that, some of the extensions included in Tails browser are different
than the ones included in the TBB. More sophisticated attacks can use those differences
to distinguish Tails user from TBB users.
For example, Tails includes Adblock Plus which removes advertisements. If an attacker
can determine that you are not downloading the advertisements that are included in a
webpage, that could help identify you as a Tails user.
For the moment, you should consider that no special care is taken regarding the
fingerprint of the Unsafe Browser.
For your ISP or local network administrator

A Tails system is almost exclusively generating Tor activity on the network.
Usually TBB users also have network activity outside of Tor, either from another web
browser or other applications. So the proportion of Tor activity could be used to
determine whether a user is using Tails or the TBB. If you are sharing your Internet
connection with other users that are not using Tails it is probably harder for your ISP
to determine whether a single user is generating only Tor traffic and so maybe using
Tails.
Tails do not use the entry guards mechanism of Tor. With the entry guard
mechanism , a Tor user always uses the same few relays as first hops. As Tails does
not store any Tor information between separate working sessions, it does not store
the entry guards information either. This behaviour could be used to distinguish Tails
users from TBB users across several working sessions.
When starting, Tails synchronizes the system clock to make sure it is accurate. While
doing this, if the time is set too much in the past or in the future, Tor is shut down
and started again. This behavior could be used to distinguish Tails from TBB users,
especially this happens every time Tails starts.
Last edited Mon 06 Jan 2014 12:33:14 PM CET
https://tails.boum.org/doc/about/fingerprint/index.en.html
1/17/2014
Tails - Trusting Tails
doc
about
Page 1 of 3
Trusting Tails
English
DE
FR
PT
Trusting Tails
Trust is a very problematic issue, and that's the
essence of why security is difficult in every field,
including computers and Internet
communication. Do you trust Tails and its
developers? Do you think we have planted
backdoors in Tails so we can take control of your
Download
Tails 0.22
December 11, 2013
About
computer, or that we make Tails generate

compromised encryption keys in order to enable
Getting started
the government to spy on you? Do you simply

trust our word on that we are legit?
Documentation
No matter what your opinion is in this matter you
Help & Support
should ask how you reached that conclusion.

Both trust and distrust need to be established
Contribute
based on facts, not gut feeling, paranoid

suspicion, unfounded hearsay or our word. Of course, we claim to be honest, but written
assurances are worthless. In order to make an informed decision you must look at the
greater picture of what Tails is comprised of, our affiliations, and possibly how others
trust us.
1. Free software and public scrutiny

2. Trusting Debian GNU/Linux
3. Trusting Tor
4. Trusting Tails
Free software and public scrutiny

Free software, like Tails, enables its users to check exactly what the software
distribution consists of and how it functions since the source code must be made
available to all who receive it. Hence a thorough audit of the code can reveal if any
malicious code, like a backdoor, is present. Furthermore, with the source code it is
https://tails.boum.org/doc/about/trust/index.en.html
1/17/2014
Page 2 of 3
possible to build the software, and then compare the result against any version that is
already built and being distributed, like the Tails ISO images you can download from us.
That way it can be determined whether the distributed version actually was built with
the source code, or if any malicious changes have been made.
Of course, most people do not have the knowledge, skills or time required to do this, but
due to public scrutiny anyone can have a certain degree of implicit trust in Free
software, at least if it is popular enough that other developers look into the source code
and do what was described in the previous paragraph. After all, there is a strong
tradition within the Free software community to publicly report serious issues that are
found within software.
Trusting Debian GNU/Linux

The vast majority of all software shipped in Tails comes from the Debian GNU/Linux
distribution . Debian is arguably the Linux distribution whose software packages are
under the deepest public scrutiny. Not only is Debian itself one of the largest Linux
distros, but it's also one of the most popular distros to make derivatives from. Ubuntu
Linux, for instance, is a Debian derivative, and the same goes transitively for all of its
derivatives, like Linux Mint. Thus there are countless people using Debian's software
packages, and countless developers inspect their integrity. Very serious security issues
have been discovered (like the infamous Debian SSH PRNG vulnerability ), but
backdoors or other types of intentionally placed security holes have never been found to
our knowledge.
Trusting Tor
Tails anonymity is based on Tor, which is developed by The Tor Project . The
development of Tor is under a lot of public scrutiny both academically (research on
attacks and defenses on onion routing) and engineering-wise (Tor's code has gone
through several external audits, and many independent developers have read through
the sources for other reasons). Again, security issues have been reported, but nothing
malicious like a backdoor -- we would argue that it's only uninformed conspiracy
theorists that speculate about deliberate backdoors in Tor these days. Furthermore,
Tor's distributed trust model makes it hard for a single entity to capture an individual's
traffic and effectively identify them.
Trusting Tails
One could say that Tails is the union of Debian and Tor. What we do, essentially, is
gluing it all together. Hence, if you trust Debian and The Tor Project, what remains to
establish trust for Tails is to trust our "glue". As has been mentioned, Tails is Free
software, so its source code is completely open for inspection, and it's mainly comprised
by a specification of which Debian software packages to install, and how they should be
1/17/2014
Page 3 of 3
configured. While Tails surely doesn't get the same amount of attention as Debian or
Tor, we do have some eyes on us from especially the Tor community, and also some of
the general security community (see our audits page). Given that Tails' source code is
comparably small and devoid of complexities, we're in a pretty good spot compared to
many other projects of similar nature. Our specification and design document is a good
starting point to understand how Tails works, by the way.
With all this in light (which you ideally also should try to verify), you should be able to
make an informed decision on whether or not you should trust our software.
Last edited Sat 08 Sep 2012 07:15:42 AM CEST
1/17/2014
Tails - Download, verify and install
Page 1 of 6
Download, verify and install
English
DE
FR
PT
Download, verify and install

Tails is Free Software, you can download it,
use it and share it without restriction.
Download
Tails 0.22
December 11, 2013

1. First time user?
2. Download the ISO image
3. Verify the ISO image
4. Install or upgrade Tails
5. Stay tuned
6. Start Tails!
About
Getting started
Documentation
Help & Support
First time user?
Contribute
If you don't know what a metadata or a man-in-the-middle attack is.

If you think no-one can eavesdrop on your communications because you
are using Tor.
If you have no notion of how Tails works.
Then, check first the about and warning pages to make sure that
Tails is the right tool for you and that you understand well its
limitations.
Download the ISO image

You will download Tails in the form of an ISO image+: a single file that you will later burn
on a DVD or install onto a USB stick or SD card.
https://tails.boum.org/download/index.en.html
1/17/2014
Page 2 of 6
Direct download
BitTorrent download
LATEST RELEASE
LATEST RELEASE
Tails 0.22 ISO image

CRYPTOGRAPHIC
SIGNATURE
Tails 0.22 signature

If you're not sure what the
Tails 0.22 torrent

CRYPTOGRAPHIC
SIGNATURE
The cryptographic signature of the
ISO image is also included in the
Torrent.
cryptographic signature is, please

read the part on verifying the ISO
Additionally, you can verify the
image.
signature of the Torrent file itself

before downloading it.
SET UP A WEB MIRROR

If you're running a web server,
SEED BACK!
you're most welcome to help us
Seeding back the image once you
spread Tails by setting up a web
have downloaded it is also a nice
mirror.
and easy way of helping spread

Tails.
Verify the ISO image

It is important to check the integrity+ of the ISO image you downloaded to make sure
that the download went well.
Those techniques rely on standard HTTPS and certificate authorities+ to
make you trust the content of this website. But, as explained on our
warning page, you could still be victim of a man-in-the-middle attack while
using HTTPS. On this website as much as on any other of the Internet.
As a consequence, they don't provide you with a strong way of
checking the ISO image authenticity+ and making sure you
downloaded a genuine Tails. In a dedicated section, we will propose
you some more advanced techniques to check the authenticity of the ISO
image.
1/17/2014
Page 3 of 6
All Tails ISO image are cryptographically signed by our OpenPGP key. OpenPGP
is a standard for data encryption that provides cryptographic privacy and authentication
through the use of keys owned by its users. Checking this signature is the recommended
way of checking the ISO image integrity.
If you already know how to use an OpenPGP key you can download it straight away:
Tails signing key

Otherwise, read our instructions to check the ISO image integrity:
Using Linux with Gnome: Ubuntu, Debian, Tails, etc.
Using Linux with the command line
Using other operating systems
So how can I better check the ISO image authenticity?

The Tails signing key that you downloaded from this website could be a fake one if you
were victim of a man-in-the-middle attack.
Finding a way of trusting better Tails signing key would allow you to authenticate better
the ISO image you downloaded. The following page will give you hints on how to
increase the trust you can put in the Tails signing key you downloaded:
Trusting Tails signing key
Install or upgrade Tails

Upgrading Tails on a USB stick or SD card
If you already have an older version of Tails installed onto a USB stick or SD card, follow
the upgrade instructions from the documentation.
Installing Tails
You can either burn Tails onto a DVD or install it onto a USB stick or SD card.
BURNING A DVD
DVDs are read-only so your Tails can't be altered by a virus or an attacker.
1/17/2014
Page 4 of 6
DVDs are cheap but you will need to burn a new DVD each time you update your
version of Tails.
You could also use a DVD-RW but those are not read-only.
For detailed instructions on how to burn an ISO image under Linux, Windows or Mac
OSX you can consult the corresponding Ubuntu documentation : just replace the
Ubuntu ISO image by the Tails ISO image you downloaded and ignore the part on
verifying the data integrity since you've already done that.
INSTALLING ONTO A USB STICK OR SD CARD
The content of the device will be lost in the operation.
An attacker with physical access to your device or through a virus could alter your
Tails.
USB sticks and SD cards can be upgraded to future versions of Tails.
You can use persistence and store your documents and configuration in an encrypted
persistent volume on the same device.
USB sticks and SD cards are smaller to fit in your pocket.
Some older computers might not be able to start from a USB stick or SD card.
Some USB sticks, SD cards, or SD card adapters have a read-only switch that can
prevent your Tails from being altered, but be aware that this protection is most
probably not ensured by the device itself: do not rely on untrusted computers to
respect this feature.
See the corresponding documentation.
Stay tuned
It's very important to keep your version of Tails up-to-date, otherwise your
system will be vulnerable to numerous security holes. The development team is
doing its best to release new versions fixing known security holes on a regular basis.
New versions are announced on our news mailing-list . Drop your email address into
this box, then hit the button to subscribe:
Subscribe
to the news mailing-list.
There also are RSS and Atom feeds that announce new available BitTorrent files.
Refer to our security announcements feed for more detailed information about the
security holes affecting Tails. Furthermore you will be automatically notified of the
security holes affecting the version you are using at the startup of a new Tails session.
1/17/2014
Page 5 of 6
Since Tails is based on Debian, it takes advantage of all the work done by the Debian
security team. As quoted from (http://security.debian.org/) :
Debian takes security very seriously. We handle all security problems
brought to our attention and ensure that they are corrected within a
reasonable timeframe. Many advisories are coordinated with other free
software vendors and are published the same day a vulnerability is made
public and we also have a Security Audit team that reviews the archive
looking for new or unfixed security bugs.
Experience has shown that "security through obscurity" does not work. Public
disclosure allows for more rapid and better solutions to security problems. In
that vein, this page addresses Debian's status with respect to various known
security holes, which could potentially affect Debian.
Start Tails!
Now that you have a Tails device you can shutdown your computer and start using Tails
without altering your existing operating system.
If you are using a DVD: Put the Tails DVD into the CD/DVD-drive and restart the
computer. You should see a welcome screen prompting you to choose your language.
If you don't get this menu, you can consult the Ubuntu documentation about booting
from the CD
for more information, especially the part on the BIOS settings .
If you are using a USB stick or SD card: Shutdown the computer, plug your device
and start the computer. You should see a welcome screen prompting you to choose your
language.
If your computer does not automatically do so, you might need to edit the BIOS settings.
Restart your computer, and watch for a message telling you which key to press to enter
the BIOS setup. It will usually be one of F1, F2, DEL, ESC or F10. Press this key while your
computer is booting to edit your BIOS settings. You need to edit the Boot Order.
Depending on your computer you should see an entry for 'removable drive' or 'USB
media'. Move this to the top of the list to force the computer to attempt to start from
your device before starting from the internal hard disk. Save your changes and continue.
For more detailed instruction on how to boot from USB you can read About.com: How To
Boot your Computer from a Bootable USB Device
If you have problems accessing the BIOS, try to read pendrivelinux.com: How to Access
BIOS
1/17/2014
Tails - First steps with Tails
doc
Page 1 of 1
First steps with Tails
English
DE
FR
PT
First steps with Tails

Installing onto a USB Stick or SD card
(recommended)
Manually Installing onto a USB Stick or SD
card, using Linux, using Windows using
Mac
Uninstalling Tails or resetting a USB Stick
Download
Tails 0.22
December 11, 2013
About
or SD card, using Linux, using Windows

Upgrading a Tails USB Stick or SD card
Getting started
Start Tails
Startup Options
Administration Password
Tor Bridge Mode
Documentation
Help & Support
Windows Camouflage
Introduction to GNOME and the Tails Desktop
Contribute
Accessibility
Persistence
Warnings About Persistence
Create & Configure the Persistent Volume
Enable & Use the Persistent Volume
Delete the Persistent Volume
Manually copy your persistent data to a new device
Upgrade to more secure persistent volume settings
Report an error
Tails does not start
Shutting down Tails
Last edited Sun 20 Nov 2011 03:31:21 PM CET
https://tails.boum.org/doc/first_steps/index.en.html
1/17/2014
Tails - Installing onto a USB Stick or SD card
doc
first steps
Page 1 of 2
English
DE
FR
PT

Tails includes a custom installer for USB sticks
and SD cards.
In order to use Tails Installer, you need to start
Tails from another media, and clone it onto the
device of your choice, USB stick or SD card. To
Download
Tails 0.22
December 11, 2013
About
do that, you can either:
Getting started
Burn a Tails DVD (recommended).
Use another Tails USB stick or SD card,
for example from a friend.
Documentation
Manually install Tails onto another USB
Help & Support
stick or SD card, if you cannot use a DVD.

Using Tails Installer allows you to later create a
Contribute
persistent volume in the free space left on the

device. This requires a USB stick or SD card of at least 4 GB.
Instructions
All the data on the installed device will be lost.
This operation does not securely delete the lost data on the
installed device.
This operation does not copy the persistent volume of the
device which is being cloned.
1. Start Tails from another media than the device, USB stick or SD card, onto which you
want to install Tails.
2. Choose Applications Tails Tails Installer to start Tails Installer.
https://tails.boum.org/doc/first_steps/installation/index.en.html
1/17/2014
Tails - Installing onto a USB Stick or SD card
Page 2 of 2
3. To install onto a new device, click on the Clone & Install button.
4. Plug the device onto which you want to install Tails.
A new device, which corresponds to the USB stick or SD card, appears in the Target
Device drop-down list.
5. Choose this new device from the Target Device drop-down list.
6. To start the installation, click on the Install Tails button.
7. Read the warning message in the pop-up window. Click on the Yes button to confirm.
After the installation completes, you can start Tails from this new device.
Last edited Sun 22 Dec 2013 07:55:28 PM CET
https://tails.boum.org/doc/first_steps/installation/index.en.html
1/17/2014
Tails - Manually installing onto a USB Stick or SD card
doc
first steps
installation
Page 1 of 1
Manually installing onto a USB Stick or SD card
English
DE
FR
PT
Manually installing onto a USB Stick

or SD card
It is recommended to use Tails Installer to install
Tails onto a USB stick or SD card. But you might
need to use this technique to get a first running
Tails, and be able to use Tails Installer on a
Download
Tails 0.22
December 11, 2013
second device.
About
This technique does not allow you to set up
a persistent volume.
Getting started
Manual installation using Linux

Manual installation using Windows
Documentation
Manual installation using Mac
Help & Support

Contribute
https://tails.boum.org/doc/first_steps/installation/manual/index.en.html
1/17/2014
Tails - Manual installation using Windows
doc
first steps
installation
Page 1 of 5
manual
English
DE
FR
PT

This technique uses the Universal USB Installer,
Download
http://www.pendrivelinux.com/ .
Tails 0.22
INSERT A USB STICK WITH AT LEAST

2GB OF FREE SPACE
About
for more info or more help visit
December 11, 2013
DOWNLOAD THE UNIVERSAL USB

INSTALLER
Getting started
CLICK 'RUN' WHEN PROMPTED
Documentation
Help & Support
Contribute
IF THE SECURITY DIALOG APPEARS, CONFIRM BY CLICKING 'RUN'
https://tails.boum.org/doc/first_steps/installation/manual/windows/index.en.html
1/17/2014
Page 2 of 5
READ THE LICENCE AGREEMENT AND CHOOSE 'I AGREE' TO CONTINUE
SELECT TAILS FROM THE DROPDOWN LIST
1/17/2014
Page 3 of 5
CLICK 'BROWSE' AND OPEN THE DOWNLOADED ISO FILE
CHOOSE THE USB DRIVE
1/17/2014
Page 4 of 5
CLICK 'CREATE'
After the installation completes, you can start Tails from this new USB
stick.
1/17/2014
Tails - Manual installation using Mac
doc
first steps
installation
Page 1 of 5
manual
English
DE
FR
PT

This technique uses the command line.
Download
Tails 0.22
December 11, 2013
1. Setup rEFInd
2. Find out the device name of the USB stick
3. Unmount the USB drive
4. Run isohybrid.pl on the ISO image
About
5. Do the copy
Getting started
6. Notes
Documentation
Help & Support
Setup rEFInd
You need to have rEFInd
Contribute
installed and working on the Mac.
If you need help with rEFInd, look at their installation documentation .

rEFInd will replace your original bootloader.
This could cause your Mac to not boot. It is recommended to create a
full backup and know how to restore. See Apple's instructions .
Find out the device name of the USB stick

The device name should be something like /dev/disk8, /dev/disk9, etc.
If you are not sure about the exact device name, do the following:
https://tails.boum.org/doc/first_steps/installation/manual/mac/index.en.html
1/17/2014
Page 2 of 5
1. Unplug the USB stick.

2. Open Terminal from Applications Utilities Terminal.app
3. Execute the following command:
diskutil list
This returns a list of all the current storage devices. For example:
$ diskutil list
/dev/disk0
#:
0:
1:
2:
3:
4:
TYPE NAME
GUID_partition_scheme
SIZE
*500.1 GB
EFI
Apple_HFS MacDrive
EFI
Microsoft Basic Data BOOTCAMP
209.7
250.0
134.1
115.5
MB
GB
GB
GB
1. Plug back the USB stick and run the same command as before:
diskutil list
A new device should appear in the list of storage devices. Check that the size of the
device corresponds to the size of your USB stick.
$ diskutil list
/dev/disk0
#:
TYPE
0:
GUID_partition_scheme
1:
EFI
2:
Apple_HFS
3:
EFI
4:
Microsoft Basic Data
/dev/disk1
#:
TYPE
0:
FDisk_partition_scheme
1:
Apple_HFS
NAME
MacDrive
BOOTCAMP
NAME
Untitled 1
SIZE
*500.1
209.7
250.0
134.1
115.5
GB
MB
GB
GB
GB
SIZE
*4.0 GB
4.0 GB
In this example, the USB stick is 4.0 GB and the device name is /dev/disk1. Yours are
probably different.
1/17/2014
Page 3 of 5
If you are not sure about the device name you should stop proceeding or
you risk overwriting any hard drive on the system.
Unmount the USB drive

Execute the following command, replacing [device] with the device name found in
step 2.
diskutil unmountDisk [device]
Run isohybrid.pl on the ISO image

You need to modify the ISO image using isohybrid before copying it onto the USB
stick.
1. Download syslinux .
2. Double click on the package to extract it.
3. Copy isohybrid.pl from the /utils folder to the desktop.
4. Copy the ISO image (for example tails-i386-0.17.1.iso) to the desktop.
5. To change directory into the desktop, execute:
cd Desktop
6. To run isohybrid.pl on the ISO image, execute the following command, replacing
[tails.iso] with the path to the ISO image that you want to install.
perl isohybrid.pl [tails.iso]
Here is an example of the commands to execute, yours are probably different:
perl isohybrid.pl tails-i386-0.17.1.iso
If you are not sure about the path to the ISO image or if you get a No such
file or directory error, you can first type `perl isohybrid.pl`, followed by a
1/17/2014
Page 4 of 5
space, and then drag and drop the icon of the ISO image from a file
browser onto Terminal. This should insert the correct path to the ISO image
in Terminal. Then complete the command and execute it.
Do the copy
Execute the following command, replacing [tails.iso] by the path to the ISO image
that you want to copy and [device] by the device name found in step 1.
dd if=[tails.iso] of=[device]
You should get something like this:
dd if=tails-0.17.1.iso of=/dev/disk9
If you don't see any error message, Tails is being copied onto the USB stick. The whole
process might take some time, generally a few minutes.
If you get a "Permission denied" error, try executing the command with
sudo:
sudo if=[tails.iso] of=[device]
Be careful, if the device name is wrong you might overwriting any hard
drive on the system.
Once the command prompt reappears, you can restart your Mac. Wait for
the rEFInd menu and select the USB stick to start Tails.
Notes
This method was successfully tested on the following hardware:
MacBook Pro Model A1150 with OS X 10.6.8, 2006
MacBook Pro Retina 15" Mid-2012 (aka MacBookPro10,1)
The method worked on some hardware but a bug in the video support prevented Tails to
start successfully:
1/17/2014
Page 5 of 5
MacBook Pro Retina with OS X 10.8.3, December 2012

Macbook Pro model A1150
Note that Tails developers are in general not very knowledgeable about Mac. Any
additional information is welcome.
Last edited Sun 05 Jan 2014 06:29:49 PM CET
1/17/2014
Tails - Uninstalling Tails or resetting a USB Stick or SD card
doc
first steps
Page 1 of 1
Uninstalling Tails or resetting a USB Stick or SD card
English
DE
FR
PT
Uninstalling Tails or resetting a USB

Stick or SD card
Instructions for Linux with GNOME: Ubuntu,
Debian, Tails, etc.
Instructions for Windows
Download
Tails 0.22
December 11, 2013
About
Getting started
Documentation
Help & Support
Contribute
https://tails.boum.org/doc/first_steps/reset/index.en.html
1/17/2014
Tails - Resetting a USB stick or SD card using Windows
doc
first steps
reset
Page 1 of 2
Resetting a USB stick or SD card using Windows
English
DE
FR
PT
Resetting a USB stick or SD card using

Windows
The following instructions do not
work on Windows XP.
The version of Diskpart on Windows XP
does not list removable disks.
Using Diskpart
Download
Tails 0.22
December 11, 2013
About
Getting started
You might overwrite any hard

drive on the computer.
Documentation
If at some point you are not sure about
Help & Support
the disk number, stop proceeding.
Contribute
1. Make sure that the USB stick or SD card that
you want to reset is unplugged.
2. Click on the Start button, and choose All Programs Accessories Command
Prompt, to open the Command Prompt ,
More help on how to start the Command Prompt
3. Execute the diskpart command, to start Diskpart.
4. Execute the list disk command to obtain information about each disk in the
computer.
For example:
Diskpart> list disk
https://tails.boum.org/doc/first_steps/reset/windows/index.en.html
1/17/2014
Tails - Resetting a USB stick or SD card using Windows
Page 2 of 2
Disk ###
Status
Size
Free
Dyn
Gpt
-------Disk 0
---------Online
------80 GB
------0 B
---
---
5. Plug the USB stick or SD card that you want to reset. Run the list disk command
again.
A new disk, which corresponds to that device, appears in the list.
For example:
Diskpart> list disk

Disk ###
Status
Size
Free
Dyn
Gpt
-------Disk 0
Disk 1
---------Online
Online
------80 GB
4 GB
------0 B
0 B
---
---
Make sure that its size corresponds to the size of the device that you want to reset.
Note down the disk number assigned by Diskpart to the device.
6. To select the device, execute the following command: select disk=number .
Replace number by the disk number of the device that you want to reset.
7. Execute the clean command to delete the partition table from the device.
8. Execute the convert mbr command to create a new partition table on the device.
9. Execute the create partition primary command to create a new primary
partition on the device.
Troubleshooting
See the Diskpart documentation from Microsoft Support .
https://tails.boum.org/doc/first_steps/reset/windows/index.en.html
1/17/2014
Formatting a USB Drive Back to MBR after GUID | Robert Douglas Bingham
Page 1 of 2
Robert Douglas Bingham

18th May 2011
Formatting a USB Drive Back to MBR after GUID

By therobomeister
Sometimes Macs do crazy things to our filesystems. Shame, theyre a little special. After using a GUID
with HFS+ (Mac Extended Journaled) I often get an error saying that the disk is 200mb, regardless of the
size.
Also, after formatting back to MBR and FAT32 in OSX, the disk often wont work devices such as car
radios, DVD players and home hifis with Mp3 / DivX compatibility. Heres an easy little fix I found on
the Microsoft Technet website thats never failed me.
What You Need

A PC running Windows
Your USB pendrive
Method
1. Plug the pendrive in, and dont click format or anything
2. Run Command Prompt
3. Type the following commands (where x = your disk number. This will make sense soon):
diskpart
list disk
select disk x
clean
create partition primary
select partition 1
active
format fs=fat32 quick
assign
http://robertbingham.wordpress.com/2011/05/18/formatting-a-usb-drive-back-to-mbr-after-guid/
1/13/2014
Formatting a USB Drive Back to MBR after GUID | Robert Douglas Bingham
Page 2 of 2
This filesystem is pretty solid. From there you can do whatever you want with it, as it should be legible
by any machine.
About these ads (http://en.wordpress.com/abouttheseads/)
This entry was posted on Wednesday, May 18th, 2011 at 9:54 am and posted in Tech. You can follow any
responses to this entry through the RSS 2.0 feed.
Subscribe RSS
Blog at WordPress.com. The Elegant Grunge Theme.
Follow
Follow Robert Douglas Bingham

Powered by WordPress.com
http://robertbingham.wordpress.com/2011/05/18/formatting-a-usb-drive-back-to-mbr-after-guid/
1/13/2014
Tails - Upgrading a Tails USB Stick or SD card
doc
first steps
Page 1 of 2
Upgrading a Tails USB Stick or SD card
English
DE
FR
PT
Upgrading a Tails USB Stick or SD

card
Tails Installer also allows you to upgrade a USB
stick or SD card to a newer version of Tails.
The following techniques only work if the device,
Download
Tails 0.22
December 11, 2013
USB stick or SD card, was installed using Tails

Installer. The persistent storage on the
device will be preserved. There are two
About
methods to do the upgrade:
Getting started
Upgrade by cloning from another device

which already runs a newer version of Tails
Documentation
Upgrade from an ISO image of a newer
Help & Support
version of Tails
As for the installation, you need to start Tails
Contribute
Installer from another media than the device

that you want to upgrade.
Clone & Upgrade

1. Start Tails from the device, USB stick or SD card, that you want to clone from.
3. Choose Clone & Upgrade.
4. Plug the device that you want to upgrade.
https://tails.boum.org/doc/first_steps/upgrade/index.en.html
1/17/2014
Tails - Upgrading a Tails USB Stick or SD card
Page 2 of 2
5. Choose the device from the Target Device drop-down list.

6. To start the upgrade, click on the Install Tails button.
Upgrade from ISO

1. Start Tails from another media than the device, USB stick or SD card, that you want
to upgrade.
3. Choose Upgrade from ISO.
4. Plug the device that you want to upgrade.
5. Choose the device from the Target Device drop-down list.
6. Click on the Browse button to specify the location of the ISO image.
If the ISO image is saved on another media, plug it if necessary and click on the
corresponding device in the Places column.
If the ISO image is stored in a persistent volume, the corresponding device
appears first as Encrypted. Click on the device and, in the popup window,
enter the passphrase to unlock it.
https://tails.boum.org/doc/first_steps/upgrade/index.en.html
1/17/2014
Tails - Startup Options
doc
first steps
Page 1 of 3
Startup Options
English
DE
FR
PT
Startup Options
When starting Tails, you can specify startup
options to alter some of its basic functioning.
The two ways of specifying startup options are
the following:
1. Using the boot menu

2. Using Tails Greeter
Download
Tails 0.22
December 11, 2013
About
Getting started
Documentation
Using the boot menu

The boot menu is the first screen to appears
when Tails starts.
Help & Support

Contribute
The failsafe mode disables some features of the kernel and might work
better on some computers. You can try this option if you think you are
experiencing errors related to hardware compatibility while starting Tails.
1. To add a boot option, press Tab when the boot menu appears. A list of boot options
appears at the bottom of the screen.
https://tails.boum.org/doc/first_steps/startup_options/index.en.html
1/17/2014
Page 2 of 3
1. Press Space, and type the boot option that you want to add.
2. If you want to add more than one boot option, type them one after the other, and
separate them by a Space.
3. Then press Enter to start Tails.
Here is a list of options that you can add to the boot menu:
bridge , to activate the Tor Bridge Mode
truecrypt , to enable TrueCrypt
Using Tails Greeter

Tails Greeter is the set of dialogs that appear after the boot menu, but before the
GNOME Desktop appears. This is how to first screen of Tails Greeter looks like:
1/17/2014
Page 3 of 3
To start Tails without options, click on the Login button, or just press Enter.
To set more options, click on the Yes button. Then click on the Forward button.
Here is a list of options that you can set using Tails Greeter:
Set an administration password
Activate Windows Camouflage
Last edited Sun 05 Jan 2014 07:54:37 PM CET
1/17/2014
Tails - Setting an administration password
doc
first steps
startup options
Page 1 of 2
Setting an administration password
English
DE
FR
PT
Setting an administration password

In Tails, an administration password is required
to perform system administration tasks.
For example:
To install new programs and packages
To access the internal hard disks of the
Download
Tails 0.22
December 11, 2013
About
computer
To execute commands with sudo
By default, the administration password is
disabled for better security. This can prevent
an attacker with physical or remote access to
your Tails system to gain administration
privileges and perform administration tasks
against your will.
Getting started
Documentation
Help & Support
Contribute
In order to perform administration tasks, you need to set up an administration password

when starting Tails, using Tails greeter.
1. When Tails greeter appears, in the Welcome to Tails window, click on the Yes
button. Then click on the Forward button to switch to the Administration
password window.
2. In the Administration password window, specify a password of your choice in both
the Password and Verify Password text boxes. Then click on the Login button to
start the GNOME Desktop.
How to open a root terminal

To open a root terminal, you can do any of the following:
Choose Applications Accessories Root Terminal.
https://tails.boum.org/doc/first_steps/startup_options/administration_password/index.en.html 1/17/2014
Tails - Tor Bridge Mode
doc
first steps
Page 1 of 3
startup options
Tor Bridge Mode
English
DE
FR
PT
Tor Bridge Mode

1. What bridges are and when to use them
2. How to use bridges in Tails
3. If using Tor is dangerous in your country
Download
Tails 0.22
December 11, 2013
What bridges are and
About
when to use them
Getting started
When using Tor with Tails in its default

configuration, anyone who can observe the
traffic of your Internet connection (for example
your Internet Service Provider and perhaps your
government and law enforcement agencies) can
know that you are using Tor.
Documentation
Help & Support
Contribute
This may be an issue if you are in a country where the following applies:
1. Using Tor is blocked by censorship: since all connections to the Internet are
forced to go through Tor, this would render Tails useless for everything except for
working offline on documents, etc.
2. Using Tor is dangerous or considered suspicious: in this case starting Tails in its
default configuration might get you into serious trouble.
Tor bridges, also called Tor bridge relays, are alternative entry points to the Tor network
that are not all listed publicly. Using a bridge makes it harder, but not impossible, for
your Internet Service Provider to know that you are using Tor.
If you are in one of the situations described above you might want to use Tor bridges in
Tails. Please also read The Tor Project's dedicated page about bridges
to get a general
idea about what bridges are.
https://tails.boum.org/doc/first_steps/startup_options/bridge_mode/index.en.html
1/17/2014
Tails - Tor Bridge Mode
Page 2 of 3
In order to use bridges, you must know in advance the address of at least one bridge.
The Tor Project distributes bridge addresses in several ways, for example from their
website and via email.
Bridges are less reliable and tend to have lower performance than other
entry points.
How to use bridges in Tails

Tails provides a bridge mode that guides you through the process of setting up bridges
before connecting to Tor.
Note that you must have at hand at least one bridge address before starting Tails. For
example, you can write it down on a piece of paper or store it in a persistent volume.
To activate the bridge mode, add the bridge boot option to the boot menu. For
detailed instructions, see the documentation on using the boot menu.
If using Tor is dangerous in your country

The Tor Project's documentation on bridges mainly focuses on censorship
circumvention, this means when the usage of Tor is blocked by censorship. If using Tor is
dangerous or considered suspicious in your country, then there are some extra rules
that you should follow in order to prevent you from being identified as a Tor user.
Bridges are important tools that work in many cases but they are not an
absolute protection against the technical progress that an adversary
could do to identify Tor users.
1. Always start Tails in bridge mode.
2. Only use obfuscated bridges
since they are harder to identify than other bridges.
3. The less publicly known the bridges are, the better. Unfortunately, since some bridge
addresses can be obtained by anyone from the Tor website or by email, it is also
possible for an adversary to get the same bridge information by the same means. The
Tor Project has some protection against that, but they are far from being perfect.
So the best is if you can find a trusted friend or an organisation in a different country
who runs a "private" obfuscated bridge for you. In this case "private" means that the
bridge is configured with the option PublishServerDescriptor 0. Without this
option The Tor Project can learn about the bridge and may distribute its address to
others and so it could end up in the hands of your adversary.
https://tails.boum.org/doc/first_steps/startup_options/bridge_mode/index.en.html
1/17/2014
Tails - Windows Camouflage
doc
first steps
Page 1 of 2
startup options
Windows Camouflage
English
DE
FR
PT
Windows Camouflage
If you are using a computer in public you may
want to avoid attracting unwanted attention by
changing the way Tails looks into something that
resembles Microsoft Windows XP.
When Tails is starting up the Windows
Download
Tails 0.22
December 11, 2013
About
Camouflage can be activated in Tails greeter by

choosing Yes to More options? and then
Getting started
enabling the checkbox labelled Activate

Microsoft Windows XP Camouflage.
Documentation
This is how your Tails desktop will look like:
Help & Support

Contribute
https://tails.boum.org/doc/first_steps/startup_options/windows_camouflage/index.en.html
1/17/2014
Tails - Windows Camouflage
Page 2 of 2
https://tails.boum.org/doc/first_steps/startup_options/windows_camouflage/index.en.html
1/17/2014
Tails - Introduction to GNOME and the Tails desktop
doc
first steps
Page 1 of 5
Introduction to GNOME and the Tails desktop
English
DE
FR
PT
Introduction to GNOME and the Tails

desktop
The graphical user interface used in Tails is called GNOME
and shares many fundamentals with that of Microsoft
Windows, Mac OS X and most other modern operating
systems, so if you have used any of them, getting used to
GNOME will take no time. As this document is not intended
as a complete guide for GNOME there are only a few things
about it that we will mention here to spare you some time.
Download
Tails 0.22
December 11, 2013
About
Getting started
1. Top navigation bar

1. Applications menu
2. Places menu
3. System menu
4. Applications Shortcuts
5. Notification area
2. Bottom panel
3. Desktop shortcuts
4. Managing files with Nautilus
Documentation
Help & Support
Contribute
Top navigation bar

First of all, in the upper left corner of the screen there is a button with a logo in it,
followed by three menus: Applications, Places and System.
Applications menu
The Applications menu is where you will find shortcuts to the installed applications.
Please explore the different categories and try out those that seem interesting.
https://tails.boum.org/doc/first_steps/introduction_to_gnome_and_the_tails_desktop/index.... 1/17/2014
Page 2 of 5
Places menu
The Places menu is here to make it easy to access storage medias.
System menu
The System menu allows to customize the GNOME desktop or the system.
Here are a few ones that you might want to check:
Preferences Keyboard: change the keyboard layout and other preferences
Page 3 of 5
Preferences Monitors: change the resolution and position of the display
Preferences Passwords and Encryption Keys: manage your OpenPGP keys
Administration Printing: configure printers, see Printing and scanning.
Administration Synaptic Package Manager: install, remove and upgrade software

packages
Applications Shortcuts
On the right of these three menu entries, a few shortcuts allow to launch the most
frequently used applications.
Tor Browser: browse the World Wide Web

See the corresponding documentation
Claws Mail: email client
Pidgin: instant messaging client

KeePassX: password manager

GNOME Terminal: use the command line
Notification area
In the upper right corner you will find a couple of icons, each of which offers an interface
for some system feature or running application. You are encouraged to check these icons
out with the left and right mouse buttons.
Vidalia: graphical controller for Tor

Page 4 of 5
gpgApplet: encryption and decrypt the clipboard using OpenPGP

Florence: virtual keyboard

Network Manager: handle your wireless or cabled network connection
Power Manager: information about your battery, if you are using a laptop
Audio Volume: control the audio volume
System Shutdown: shut down or restart the system
Bottom panel
On the bottom of the screen is another panel.
Desktop shortcut: allows to minimize all open windows to show the desktop.
Then come the buttons for open windows and on the right, a set of four similar rectangle
icons gives access to four different workspaces.
Desktop shortcuts
Computer: access storage media
amnesia's Home: shortcut to the default user's folder
Trash: where the "deleted" files are moved
Tails documentation: open a local copy of Tails website and documentation
Page 5 of 5
Report an error: help you troubleshoot Tails
Managing files with Nautilus

Nautilus is GNOME's file manager, FTP, SFTP client and more.
To manage local files, follow links on the desktop or from the Places menu at top right
corner of the screen. To move files or folders, you can drag them from one window and
drop them to another.
To connect to remote FTP or SFTP server, go to Places Connect to Server....
Tails - Accessibility
doc
first steps
Page 1 of 2
Accessibility
English
DE
FR
PT
Accessibility
Tails uses the GNOME Desktop that provides
many accessibility features as documented in
the GNOME Access Guide . For a summary of
those features, read the quick reference
Download
Tails 0.22
December 11, 2013
section of this guide.
About
To hear screen elements spoken to you or
magnify the screen, see the GNOME Orca
Getting started
section of this guide.
Documentation
The screen reading functionality of
GNOME Orca does not work neither
with the Tor Browser nor with the
Unsafe Web Browser.
Help & Support

Contribute
If you prefer a pointing device over the keyboard, you can use the Florence virtual
keyboard, instead of the GNOME On-Screen Keyboard.
If you are operating a computer one-handed (by joystick, touchscreen, or mouse) or
zero-handed (by head-mouse or eyetracker), you can use the Dasher graphical
predictive text entry application.
If you prefer high contrast, large print or inversed colors, you can change the
default theme:
1. Choose System Preferences Appearance.
2. Select one of the theme to apply it. The following themes are available:
High Contrast
High Contrast Inverse
High Contrast Large Print
High Contrast Large Print Inverse
Large Print
https://tails.boum.org/doc/first_steps/accessibility/index.en.html
1/17/2014
Tails - Accessibility
Page 2 of 2
Low Contrast
Low Contrast Large Print
3. For large print themes, click the Apply Font to change the font size.
4. Click Close.
Last edited Wed 11 Dec 2013 05:07:12 PM CET
https://tails.boum.org/doc/first_steps/accessibility/index.en.html
1/17/2014
Tails - Persistence
doc
first steps
Page 1 of 2
Persistence
English
DE
FR
PT
Persistence
If you start Tails from a USB stick or SD card, you
can create a persistent volume in the free space
left on the device by Tails Installer. The files in
the persistent volume are saved and remain
Download
Tails 0.22
December 11, 2013
available across separate working sessions.
About
You can use this persistent volume to store
different kinds of files:
your personal files and working documents
the software packages that you download and
install in Tails
Getting started
Documentation
Help & Support
the configuration of the programs you use

your encryption keys
Contribute
The persistent volume is an encrypted partition

protected by a passphrase.
Once the persistent volume is created, you can choose to activate it or not each time
you start Tails.
The use of a persistent volume in a system which is designed to
provide anonymity and leave no trace is a complicated issue.
Read carefully the warning section.
How to Use the Persistent Volume

https://tails.boum.org/doc/first_steps/persistence/index.en.html
1/17/2014
Tails - Warnings About Persistence
doc
first steps
persistence
Page 1 of 2
English
DE
FR
PT

1. Storing Sensitive Documents
2. Overwriting Configurations
3. Installing Additional Programs
Download
Tails 0.22
December 11, 2013
4. Browser Plugins
5. Use to the Minimum
About
Getting started
Storing Sensitive
Documents
The persistent volume is not hidden. An
attacker in possession of the device can know
that there is a persistent volume on it. Take into
Documentation
Help & Support
Contribute
consideration that you can be forced or tricked to give out its passphrase.
Note also that secure deletion does not work as expected on USB sticks.
See the corresponding documentation. Read also how to delete the persistent volume.
Overwriting Configurations
The programs included in Tails are carefully configured with security in mind. If you use
the persistence volume to overwrite the configuration of the programs included in Tails,
it can break this security or render these programs unusable.
Be especially careful when using the Dotfiles feature.
Furthermore, the anonymity of Tor and Tails relies on making it harder to distinguish one
Tails user from another. Changing the default configurations can break your
anonymity.
https://tails.boum.org/doc/first_steps/persistence/warnings/index.en.html
1/17/2014
Tails - Warnings About Persistence
Page 2 of 2
Installing Additional Programs

To protect your anonymity and leave no trace, Tails developers select and configure with
care programs that work well together. Installing additional programs may
introduce unpredictable problems and may break the protections built-in Tails.
Tails developers may not want or may not be capable of helping you to solve those
problems.
Browser Plugins
The web browser is a central part in a system like Tails. The plugins included in the
browser are carefully chosen and configured with security in mind. If you install other
plugins or change their configuration, you can break your anonymity.
Use to the Minimum

Use the persistent volume only when necessary and to the minimum. It is
always possible to start Tails without activating the persistent volume. All the features of
the persistent volume are optional and need to be explicitly activated. Only the files and
folders that you specify are saved.
https://tails.boum.org/doc/first_steps/persistence/warnings/index.en.html
1/17/2014
Tails - Create & Configure the Persistent Volume
doc
first steps
persistence
Page 1 of 7
English
DE
FR
PT
Create & Configure the Persistent

Volume
The use of a persistent volume in a
system which is designed to
provide anonymity and leave no
trace is a complicated issue.
1. Start the Persistent Volume Assistant

2. Creating the Persistent Volume
3. Persistent Volume Features
1. Personal Data
2. GnuPG
3. SSH Client
4. Pidgin
Download
Tails 0.22
December 11, 2013
About
Getting started
Documentation
Help & Support
Contribute
5. Claws Mail
6. GNOME Keyring
7. Network Connections
8. APT Packages
9. APT Lists
10. Browser bookmarks
11. Printers
12. Dotfiles
13. Additional software packages
Start the Persistent Volume Assistant

To start the persistent volume assistant, choose Applications Tails Configure
persistent storage.
https://tails.boum.org/doc/first_steps/persistence/configure/index.en.html
1/17/2014
Page 2 of 7
The error message Error, Persistence partition is not unlocked. means that
the persistent volume was not enabled from Tails greeter. So you can not
configure it but you can delete it and create a new one.
Creating the Persistent Volume

When run for the first time, or after deleting the persistent volume, the assistant
proposes to create a new persistent volume on the device from which Tails is running.
1. The persistent volume is an encrypted partition protected by a passphrase. Specify a
passphrase of your choice in both the Passphrase and Verify Passphrase text
boxes.
2. Click on the Create button.
3. Wait for the creation to finish.
If the creation is interrupted before it finishes, you may not be able
to start Tails from this device any more. This can happen if you close the
window of the wizard or unplug the USB stick or SD card during the
creation of the persistent volume. Delete and reinstall Tails to fix this issue.
Persistent Volume Features

When run from a Tails device that already has a persistent volume, the assistant shows
a list of the possible persistence features. Each feature corresponds to a set a files to be
saved in the persistent volume.
Restart Tails to apply the changes after selecting or unselecting one or
several features.
If you unselect a feature that used to be activated, it will be deactivated

after restarting Tails but the corresponding files will remain on the
persistent volume.
Personal Data
When this feature is activated, you can save your personal files and working documents
in the Persistent folder.
1/17/2014
Page 3 of 7
To open the Persistent folder, choose Places Home Folder, and open the Persistent
folder.
GnuPG
When this feature is activated, the OpenPGP keys that you create or import are saved in
the persistent volume.
If you manually edit or overwrite the ~/.gnupg/gpg.conf configuration file
you may lessen your anonymity, weaken the encryption defaults or render
GnuPG unusable.
SSH Client
When this feature is activated, all the files related to the secure-shell client are saved in
the persistent volume:
The SSH keys that you create or import
The public keys of the hosts you connect to
The SSH configuration file in ~/.ssh/config
If you manually edit the ~/.ssh/config configuration file, make sure not to
overwrite the default configuration from the /etc/ssh/ssh_config file.
Otherwise, you may weaken the encryption defaults or render SSH
unusable.
Pidgin
When this feature is activated, all the configuration files of the Pidgin Internet
messenger are saved in the persistent volume:
The configuration of your accounts, buddies and chats.
Your OTR encryption keys and keyring.
The content of the discussions is not saved unless you configure Pidgin to do so.
1/17/2014
Page 4 of 7
All the configuration options are available from the graphical interface. There is no need
to manually edit or overwrite the configuration files.
Claws Mail
When this feature is activated, the configuration and emails stored locally by the Claws
Mail email client are saved in the persistent volume.
All the configuration options are available from the graphical interface. There is no need
to manually edit or overwrite the configuration files.
The emails of a POP3 account created without using the configuration
assistant are not stored in the persistent volume by default. For example,
when configuring a second email account.
To make it persistent choose File Add Mailbox MH... and change the
location of the mailbox from Mail to .claws-mail/Mail.
GNOME Keyring
When this feature is activated, the secrets of GNOME Keyring are saved in the persistent
volume.
GNOME Keyring is a collection of components in GNOME that store secrets, passwords,
keys, certificates and make them available to applications. For more information about
GNOME Keyring see the official documentation .
Network Connections
When this feature is activated, the configuration of the network devices and connections
is saved in the persistent volume.
To save passwords, for example the passwords of encrypted wireless connections, the
GNOME Keyring persistence feature must also be activated.
1/17/2014
Page 5 of 7
APT Packages
When this feature is activated, the packages that you install using the Synaptic package
manager or the apt-get command are saved in the persistent volume.
If you install additional programs, this feature allows you to download them once and
reinstall them during future working sessions, even offline. Note that those packages are
not automatically installed when restarting Tails.
If you activate this feature, it is recommended to activate the APT Lists feature as well.
APT Lists
When this feature is activated, the lists of all the software packages available for
installation are saved in the persistent volume.
Those so called APT lists correspond to the files downloaded while doing Reload from
the Synaptic package manager or issuing the apt-get update command.
The APT lists are needed to install additional programs or explore the list of available
software packages. This feature allows you to reuse them during future working
sessions, even offline.
Browser bookmarks
When this feature is activated, changes to the bookmarks in the Tor Browser are saved
in the persistent volume. This does not apply to the Unsafe web browser.
Printers
When this feature is activated, the configuration of the printers is saved in the persistent
volume.
1/17/2014
Page 6 of 7
Dotfiles
When this feature is activated, all the files in the

/live/persistence/TailsData_unlocked/dotfiles folder are linked in the Home Folder (files in
subfolders of dotfiles are also linked in the corresponding subfolder of your
Home Folder).
This option is useful if you want to make some specific files persistent, but not the
folders they are stored in. A fine example are the so called "dotfiles" (and hence the
name of this feature), the hidden configuration files in the root of your home directory,
like ~/.git and ~/.bashrc.
Additional software packages

This is an experimental feature which does not appear in the assistant.
When this feature is enabled, a list of additional software of your choice is automatically
installed at the beginning of every working session. The corresponding software
packages are stored in the persistent volume. They are automatically upgraded for
security after a network connection is established.
To use this feature you need to enable both the APT Lists and APT Packages features.
If you are offline and your additional software packages don't install, it
might be caused by outdated APT Lists. The issue will be fixed next time
you connect Tails to Internet with persistence activated.
To choose the list of additional software, start Tails with an administrator password and
edit (as an administrator) the file
called /live/persistence/TailsData_unlocked/live-additional-software.conf.
Each line of this file must contain the name of a Debian package to be installed as an
additional software package.
For example, to automatically install the dia software, a diagram editor, and the
fontmatrix software, a font manager, add the following content to

live-additional-software.conf:
dia
fontmatrix
1/17/2014
Page 7 of 7
To learn about the many software packages available in Debian, visit

http://packages.debian.org/stable/ .
Installing additional software is at your own risk. Most additional
software requires extra configuration to be able to connect to the network
through Tor, and will not work otherwise. Some other software might, for
example, modify the firewall and break the security built in Tails. Software
not officially included in Tails is not tested for security.
1/17/2014
Tails - Enable & Use the Persistent Volume
doc
first steps
persistence
Page 1 of 2
English
DE
FR
PT

1. Enable the Persistent Volume

2. Use the Persistent Volume
Download
Tails 0.22
December 11, 2013
About
Getting started
Documentation
Enable the Persistent
Help & Support
Volume
Contribute
1. When starting Tails, in the Use persistence? dialog of Tails Greeter, choose Yes to
enable the persistent volume for the current working session.
2. Enter the passphrase of the persistent volume in the Passphrase text box.
3. If you select the Read-Only check box, the content of persistent volume will be
available and you will be able to modify it but the changes will not be saved.
Use the Persistent Volume

To open the Persistent folder and access you personal files and working documents,
choose Places Home Folder, and open the Persistent folder.
For advanced users, to access the internal content of the persistent volume choose
Places File System, and open the folders live persistent TailsData_unlocked.
https://tails.boum.org/doc/first_steps/persistence/use/index.en.html
1/17/2014
Tails - Delete the Persistent Volume
doc
first steps
persistence
Page 1 of 2
English
DE
FR
PT

To delete the persistent volume of a Tails device,
choose Applications Tails Delete
persistent storage, and click on the Delete
button.
This can be useful in order to delete all the files
saved to the persistent volume in a single
operation. You can later create a new persistent
Download
Tails 0.22
December 11, 2013
About
Getting started
Documentation
Help & Support
Contribute
volume on the same device without having to

reinstall Tails.
This technique may not prevent an attacker to recover the files of
the old persistent volume using data recovery techniques. For more
security, start Tails from another media, and do the following operations on
the device that you want to delete securely:
1. Create an encrypted partition on the whole device. This step deletes
both Tails and the persistent volume from the device.
2. Securely clean all the available disk space on this new encrypted
partition.
3. ?Reinstall Tails on the device.
4. Start Tails from the device and create a new persistent volume.
https://tails.boum.org/doc/first_steps/persistence/delete/index.en.html
1/17/2014
Tails - Manually copying your persistent data to a new device
doc
first steps
Page 1 of 2
persistence
Manually copying your persistent data to a new device

English
DE
FR
PT
Manually copying your persistent

data to a new device
These instructions explain how to manually copy
your persistent data to a new device. Follow
them if you have good reasons to think that your
persistence settings are corrupted or if want to
Download
Tails 0.22
December 11, 2013
be extra careful.
About
Create a new device

1. Install the latest Tails onto a new device using
the usual installing instructions. Do not use
the Tails device that might be corrupted in
the process of installing the new one.
2. Create a persistent volume on this new
Getting started
Documentation
Help & Support
Contribute
device. We advice you to use a different

passphrase to protect this new persistent volume.
3. Enable again on this new device the persistence features of your choice.
4. Restart Tails and enable persistence.
Rescue your files from the old Tails device

1. Plug in the old Tails device from which you want to rescue your data.
2. Choose Applications System Tools Disk Utility to open the GNOME Disk
Utility.
3. In the left panel, click on the device corresponding to the old Tails device.
4. In the right panel, click on the partition labeled as Encrypted. The Partition Label
must be TailsData.
https://tails.boum.org/doc/first_steps/persistence/copy/index.en.html
1/17/2014
Tails - Manually copying your persistent data to a new device
Page 2 of 2
5. Click on Unlock Volume to unlock the old persistent volume. Enter the passphrase
of the old persistent volume and click Unlock.
6. Click on the TailsData partition that appears below the Encrypted Volume
partition.
7. Click on Mount Volume. The old persistent volume is now mounted as
/media/TailsData.
8. Choose Places TailsData from the top navigation bar to open the old persistent
volume.
9. In the file browser, choose File New Tab and navigate to
/live/persistence/TailsData_unlocked in this new tab.
10. Click on the TailsData tab.
11. To import a folder containing persistent data from the old persistent volume to the
new one, drag and drop that folder from the TailsDataonto the TailsData_unlocked
tab. When importing a folder, choose to Merge All the folder, and Replace All files.
Do not import a folder if you do not know what it is used for.
The apt folder corresponds to the APT Packages and APT Lists persistence
features. But it requires administration rights to be imported and this goes beyond
the scope of these instructions. Note that this folder does not contain personal
data.
The bookmarks folder corresponds to the Browser bookmarks persistence
feature.
The claws-mail folder corresponds to the Claws Mail persistence feature.
The dotfiles folder corresponds to the Dotfiles persistence feature.
The gnome-keyring folder corresponds to the GNOME Keyring persistence
feature.
The gnupg folder corresponds to the GnuPG persistence feature.
The nm-connections folder corresponds to the Network Connections persistence
feature.
The openssh-client folder corresponds to the SSH Client persistence feature.
The Persistent folder corresponds to the Personal Data persistence feature.
The pidgin folder corresponds to the Pidgin persistence feature.
Last edited Mon 02 Dec 2013 05:37:57 PM CET
https://tails.boum.org/doc/first_steps/persistence/copy/index.en.html
1/17/2014
Tails - Upgrade to more secure persistence settings
doc
first steps
persistence
Page 1 of 4
Upgrade to more secure persistence settings
English
DE
FR
PT
Upgrade to more secure persistence

settings
Tails 0.21 introduces a more secure access
control over the persistent volume settings. This
also means that before Tails 0.21, an attacker
who could run an exploit from inside your Tails
Download
Tails 0.22
December 11, 2013
session could corrupt the persistent volume

settings. By doing this, an attacker could
possibly gain persistent administrator rights or
About
install malicious software.
Getting started
For more technical details about the security of
Documentation
the persistent volume, read our design

document.
Help & Support
1. Automatic upgrade
Contribute
2. Enabling again your custom persistence

settings
Automatic upgrade
We designed a migration mechanism that allows, in most cases, to upgrade
automatically to those more secure persistent volume settings. To do this upgrade, once
and for all:
1. Start Tails 0.21.
2. Enable persistence without the read-only option. Activating the read-only option
prevents Tails from starting correctly until the upgrade is made.
3. If the upgrade is successful, Tails starts as usual and no notification appears.
But this automatic upgrade might not be sufficient in some cases.
https://tails.boum.org/doc/first_steps/persistence/upgrade/index.en.html
1/17/2014
Page 2 of 4
a. If you skipped the upgrade to Tails 0.21 and upgraded directly to Tails 0.22
or later, then install Tails 0.21 to run the automatic upgrade as described above, or
follow the instructions to manually copy your persistent data to a new device. For
security reasons the automatic upgrade is not available in Tails 0.22 or later.
b. If you have custom persistence settings or use additional software
packages, the corresponding settings are not upgraded automatically.
A notification should appear when starting Tails that indicates which persistence
settings are temporarily disabled. In that case, follow the instructions to enable again
your custom persistence settings.
If you have custom persistence settings or use additional software but no
notification appear on the desktop, then your Tails system might be
corrupted. In that case, follow the instructions to manually copy your
persistent data to a new device.
c. If you have good reasons to think that your persistence settings are
corrupted or if you want to be extra careful, then follow the instructions to manually
copy your persistent data to a new device.
Enabling again your custom persistence

settings
Custom persistence settings and additional software are disabled during the automatic
upgrade because, there is technically a possibility for these files to be corrupted.
These instructions explain how to verify the content of these files and enable again your
custom persistence settings.
1. Start Tails and set an administration password.
2. Choose Applications Accessories Root Terminal to open a terminal with
administration rights.
3. Execute the nautilus command to open the file browser.
4. In the file browser navigate to /live/persistence/TailsData_unlocked.
live-persistence.conf.old
If there is a file named live-persistence.conf.old in the TailsData_unlocked folder, then
some of your persistence settings need to be enabled manually.
1/17/2014
Page 3 of 4
1. In the file browser, right-click on the live-persistence.conf.old file and open it by

choosing Open with Other Application... and then gedit.
2. Switch back to the file browser, right-click on the persistence.conf file and choose
Open with Other Application... and then gedit to open it in a new tab in gedit.
3. Switch between the two tabs corresponding to those files in gedit and compare their
content. Copy from live-persistence.conf.old to persistence.conf the lines
corresponding to your custom settings that have not been upgraded automatically.
Those missing lines should correspond to your custom directories or other custom
persistence settings.
If you detect unexpected lines in live-persistence.conf.old that do not correspond
to any change that you have made, they might have been introduced by an attacker. In
this case, do the following:
1. Report a bug using WhisperBack and explain which are the lines that look suspicious
to you.
2. Keep that Tails device without modifying it in order to analyse it later if needed.
3. Follow the instructions to manually copy your persistent data to a new device.
If you do not detect any suspicious line, close gedit and delete the
live-persistence.conf.old file using the file browser.
live-additional-software.conf.disabled
If there is a file named live-additional-software.conf.disabled in the TailsData_unlocked
folder, then your additional software need to be enabled manually.
1. In the file browser, right-click on the live-additional-software.conf.disabled file and
open it by choosing Open with Other Application... and then gedit.
2. Right-click on the live-additional-software.conf file and choose Open with Other
Application... and then gedit to open it in a new tab in gedit.
3. Copy from live-additional-software.conf.disabled to live-additional-software.conf the
lines corresponding to your additional software.
If you detect unexpected lines in live-additional-software.conf.disabled that do
not correspond to any additional software added by you, they might have been
introduced by an attacker. In this case, do the following:
1. Report a bug using WhisperBack and explain which are the lines that look suspicious
to you.
1/17/2014
Page 4 of 4
2. Keep that Tails device without modifying it in order to analyse it later if needed.
3. Follow the instructions to manually copy your persistent data to a new device.
If you do not detect any suspicious line, close gedit and delete the
live-additional-software.conf.disabled file using the file browser.
Last edited Mon 02 Dec 2013 05:37:57 PM CET
1/17/2014
Tails - Report an error
doc
first steps
Page 1 of 4
Report an error
English
DE
FR
PT
Report an error
In this documentation we use the term bug to
refer to a software error.
Reporting bugs is a great way of helping us
Download
Tails 0.22
December 11, 2013
improving Tails.
About
Remember that the more effectively you
report a bug, the more likely we are to fix it.
1. Check if the bug is already known

2. How to write a useful bug report
3. Use WhisperBack
1. Start WhisperBack
2. Write the report
Getting started
Documentation
Help & Support
Contribute
3. Optional email address

4. Optional OpenPGP key
5. Send your report
4. Special cases
1. No internet access
2. Tails does not start
Check if the bug is already known

Have a look at:
the list of known issues
the list of things to do
the list of things that will be fixed or improved in the next release
https://tails.boum.org/doc/first_steps/bug_reporting/index.en.html
1/17/2014
Page 2 of 4
How to write a useful bug report

The first aim of a bug report is to tell the developers exactly how to reproduce
the failure.
If that is not possible, try to describe what went wrong in detail. Write down the
error messages, especially if they have numbers.
Write clearly and be precise. Say what you mean, and make sure it cannot be
misinterpreted.
Be ready to provide extra information if the developers need it. If they did not need it,
they would not be asking for it.
You can also refer to the great How to Report Bugs Effectively , by Simon Tatham.
Use WhisperBack
WhisperBack is an application written specifically to report bugs anonymously
from inside Tails. If you are not able to use WhisperBack, see the special
cases.
WhisperBack will help you fill-up a bug report, including relevant technical details and
send it to us encrypted and through Tor.
Start WhisperBack
To start WhisperBack, choose Applications System Tools WhisperBack.
Write the report

WhisperBack lets you give plenty of useful information about your bug:
Summary a summary of the bug, try to be short, clear and informative
Name of the affected software
Exact steps to reproduce the error
Actual result and description of the error
Desired result
You can also have a look at the technical details to include in your bug report. It will
give us information about your hardware, your version of Tails and the startup process.
Optional email address
1/17/2014
Page 3 of 4
Giving us an email address allows us to contact you to clarify the problem. But it also
provides an opportunity for eavesdroppers, like your email or Internet provider, to
confirm that you are using Tails.
Optional OpenPGP key

You can also indicate an OpenPGP key corresponding to this email address. You can
either give:
a key ID, if the key is available on public key servers
a link to the key, if the key is available on the web
a public key block, if the key is not publicly available
Send your report

Once you are done writing your report, send it by clicking the Send button.
Once your email has been sent correctly you will get the following notification: Your
message has been sent.
Special cases
You might not always be able to use WhisperBack. In those cases, you can also send
your bug report by email directly.
Note that if you send the report yourself, it might not be anonymous unless you take
special care (e.g. using Tor with a throw-away email account).
No internet access
WhisperBack won't be able to send your bug report.
The following steps can be used as an alternative method:
1. In Tails, start WhisperBack
2. In the bug report window, expand "technical details to include"
3. Copy everything in the "debugging info" box
4. Paste it to another document (using gedit for instance)
5. Save the document on a USB stick
6. Boot into a system with Internet connection and send your report
1/17/2014
Tails - Tails does not start
doc
first steps
Page 1 of 3
bug reporting
English
DE
FR
PT

If Tails does not start properly, refer first to the
known issues page. Similar issues might have
already been reported for the same model of
computer.
Otherwise refer to the following sections,
Download
Tails 0.22
December 11, 2013
About
depending on whether or not the boot menu

appears when starting Tails:
1. Tails does not start at all

2. Tails does not start entirely
Getting started
Documentation
Help & Support
Contribute
Tails does not start at all

The following section applies if the boot menu does not appears when starting Tails.
Send us an email including the following information:
1. Which is the brand, and model of the computer?
2. What exactly happens when trying to start? Report the complete error message that
appears on the screen, if any.
3. From which media are you trying to start Tails: DVD, USB stick installed manually,
USB stick installed with Tails Installer, SD card? Keep in mind that, we do not support
any other installation method than the ones listed above.
4. Have you been able to start Tails successfully on this computer before, from another
media, or with another version of Tails? If so, which ones?
5. Does the same media start successfully on other computers?
https://tails.boum.org/doc/first_steps/bug_reporting/tails_does_not_start/index.en.html
1/17/2014
Tails - Tails does not start
Page 2 of 3
6. Have you been able to start Tails successfully on the same computer using different
installation methods? For example, it might start from a DVD but not from a USB
stick.
7. What installation method did you use to set up Tails?
If you are knowledgeable about BIOS configuration, you can also try the following:
1. Make sure the computer is configured to start with legacy BIOS support first, and not
UEFI.
2. Try to upgrade your BIOS version.
Tails does not start entirely

The following section applies if the boot menu appears but not Tails Greeter when
starting Tails.
1. In the graphical boot menu, press TAB.
2. Remove the quiet option from the boot command line.
3. Add the debug and nosplash option.
4. Hopefully, this displays useful messages while starting Tails. You can then include
them in a bug report to be sent:
either using WhisperBack if you are able to start Tails from another media,
either by sending us an email
5. If the error message is /bin/sh: can't access tty; job control
turned off followed by (initramfs), then try removing the

live-media=removable option.
When removing this option, if an adversary installed a fake Tails
on an internal hard disk, then you will likely be starting this
dangerous operating system instead of the genuine Tails that you
intended to use.
If removing live-media=removable allows you to start Tails, please report a bug as

documented above: this allows us to improve the list of problematic USB sticks. In
this case, you should install Tails on another, better supported USB stick.
https://tails.boum.org/doc/first_steps/bug_reporting/tails_does_not_start/index.en.html
1/17/2014
Tails - Shutting down Tails
doc
first steps
Page 1 of 1
Shutting down Tails
English
DE
FR
PT
Shutting down Tails

There are several ways of shutting down Tails:
By clicking on the system shutdown icon
located in the upper right corner of the
notification area and choosing Shutdown
Immediately or Reboot Immediately.
Download
Tails 0.22
December 11, 2013
About
Getting started
Documentation
By pressing the power button of the

computer.
By removing physically the device Tails is
running from.
Help & Support

Contribute
This method does not work with DVD, see ticket #5447 .
This method does not work after using the Tails Installer, see ticket
#5677 .
While shutting down, the data stored in RAM+ is erased to protect from cold boot
attacks.
https://tails.boum.org/doc/first_steps/shutdown/index.en.html
1/17/2014
Tails - Connect to the Internet anonymously
doc
Page 1 of 1
Connect to the Internet anonymously
English
DE
FR
PT
Connect to the Internet

anonymously
Networking with NetworkManager
Logging in to captive portals
Controlling Tor with Vidalia
Browsing the web with Tor Browser
Download
Tails 0.22
December 11, 2013
Chatting with Pidgin & OTR

Using I2P
Why Tor is slow?
About
Getting started
Documentation
Help & Support
Contribute
https://tails.boum.org/doc/anonymous_internet/index.en.html
1/17/2014
Tails - Networking with NetworkManager
doc
anonymous internet
Page 1 of 2
English
DE
FR
PT

The name is quite self-explanatory this is what
you should use to manage your network, which
usually only consists of establishing an Internet
connection. In many cases this is done more or
less automatically. For example, if you are
connected with wire, NetworkManager will try to
Download
Tails 0.22
December 11, 2013
About
obtain network access automatically. If you want

to connect via wireless with a supported wireless
Getting started
adapter, you are basically two clicks away.
Documentation
Click on its icon in the notification area to find
the list of available connections:
Help & Support

Contribute
https://tails.boum.org/doc/anonymous_internet/networkmanager/index.en.html
1/17/2014
Tails - Networking with NetworkManager
Page 2 of 2
All wireless networks your computer is picking up are listed there, as are all wired
networks you have access to (usually one per wire), so the second click is used for
choosing any one of these. If the network is protected you will be prompted for a
password.
Mobile and Dial-Up Modems

NetworkManager supports mobile modems but do not support dial-up modems at the
moment. See the corresponding ticket.
VPN
There is currently no documented method of using VPN with Tails. See the
corresponding ticket.
Last edited Thu 04 Apr 2013 11:32:57 PM CEST
https://tails.boum.org/doc/anonymous_internet/networkmanager/index.en.html
1/17/2014
Tails - Logging in to captive portals
doc
anonymous internet
Page 1 of 2
English
DE
FR
PT

Many publicly accessible Internet connections
(usually available through a wireless network
connection) require its users to register and
login in order to get access to the Internet. This
include both free and paid for services that may
be found at Internet cafs, libraries, airports,
Download
Tails 0.22
December 11, 2013
About
hotels, universities etc. Normally in these

situations, a so called captive portal intercepts
Getting started
any website request made and redirects the web

browser to a login page. None of that works
Documentation
when Tor is used, so a browser with unrestriced

network access is necessary. Note that this
Help & Support
means that the Unsafe Browser is NOT

anonymous, so use it carefully.
Contribute
Tails includes an "Unsafe Browser" for this purpose, and it can be started via the menu:
Application -> Internet -> Unsafe

Browser. Its red/yellow theme should make it fairly obvious that a different (and in this
case, unsafe) browser is used compared to the normal, safe web browser included in
Tails.
Security recommendations:
While this browser can be used unrestrictively for anything, it is highly recommended
to only use it for the purpose stated above, i.e. to access and login on captive portals.
Do not run this browser at the same time as the normal, anonymous web browser.
This makes it easy to not mistake one browser for the other, which could have
catastrophic consequences.
When using windows camouflage the red theme is disabled in order to raise less
suspicion. It is still possible to quietly identify the Unsafe Browser since it has English
Wikipedia as its default (and only) search engine in the Navigation Toolbar. The lack
of the onion icon added by Torbutton is another such small visual reminder.
https://tails.boum.org/doc/anonymous_internet/unsafe_browser/index.en.html
1/17/2014
Tails - Controlling Tor with Vidalia
doc
anonymous internet
Page 1 of 3
English
DE
FR
PT

Vidalia is an anonymity manager. Basically this means
that it can be used to control Tor, and is automatically
launched on network connection.
1. The Network Map

2. The New Identity feature
3. Connect Through a Bridge
4. Configuring a Tor relay
5. Configuring Hidden Services for Tor
As soon as the Tor client managed to establish a route
to the Tor network, Vidalia hides as an onion icon in
the notification area of the screen.
Download
Tails 0.22
December 11, 2013
About
Getting started
Documentation
Help & Support
Contribute
Right-clicking this icon displays a configuration menu.
https://tails.boum.org/doc/anonymous_internet/vidalia/index.en.html
1/17/2014
Page 2 of 3
The Network Map

The network map displays a window showing a map of the Tor network, a list of Tor
relays and a list of currently used routes and their status.
In here, all the Tor nodes in the Tor network are listed, as are all your circuits and
connections that go through the Tor network. This requires a bit of technical knowledge
of how Tor works in order to understand and use, but it is not at all necessary. From the
connection listing it should at least be relatively easy for you to see which exit node and
country it appears your connections come from.
The New Identity feature
1/17/2014
Page 3 of 3
As explained on our warning page, this feature of Vidalia is not a solution

to really separate different contextual identities. Shutdown and restart
Tails instead.
Connect Through a Bridge

See the corresponding documentation.
Configuring a Tor relay

You can also configure Vidalia to set up yourself as a Tor relay. This helps out the Tor
network by relaying the traffic of others.
See the corresponding documentation from The Tor Project.
Configuring Hidden Services for Tor

Tor allows clients and relays to offer hidden services. That is, you can offer a web server,
SSH server, etc. without revealing your IP address to its users. In fact, because you don't
use any public address, you can run a hidden service from behind a firewall.
See the corresponding documentation from The Tor Project.
Last edited Mon 14 Oct 2013 02:10:01 PM CEST
1/17/2014
Tails - Browsing the web with Tor Browser
doc
anonymous internet
Page 1 of 4
English
DE
FR
PT

Download
Tails 0.22
December 11, 2013
About
Tor Browser is a rebranded version of the Mozilla
Getting started
Firefox web browser. Given its popularity many

of you have probably used it before and its user
Documentation
interface is like any other modern web browser.

Here are a few things worth mentioning in the
context of Tails.
Help & Support

Contribute
1. HTTPS Encryption
2. HTTPS Everywhere
3. Torbutton
4. Protection against dangerous JavaScript
5. NoScript to have even more control over JavaScript
HTTPS Encryption
Using HTTPS instead of HTTP encrypts your communication while browsing the web.
All the data exchanged between your browser and the server you are visiting are
encrypted. It prevents the Tor exit node to eavesdrop on your communication.
HTTPS also includes mechanisms to authenticate the server you are communicating
with. But those mechanisms can be flawed, as explained on our warning page.
https://tails.boum.org/doc/anonymous_internet/Tor_Browser/index.en.html
1/17/2014
Page 2 of 4
For example, here is how the browser looks like when we try to log in an email account
at lavabit.com , using their webmail interface :
Notice the small area on the left of the address bar saying "lavabit.com" on a blue
background and the address beginning with "https://" (instead of "http://"):
These are the indicators that an encrypted connection using HTTPS
is being used.
You should try to only use services providing HTTPS when you are sending or retrieving
sensitive information (like passwords), otherwise its very easy for an eavesdropper to
steal whatever information you are sending or to modify the content of a page on its
way to your browser.
HTTPS Everywhere
1/17/2014
HTTPS Everywhere
Page 3 of 4
is a Firefox extension shipped in Tails and produced as a
collaboration between The Tor Project
and the Electronic Frontier Foundation . It
encrypts your communications with a number of major websites. Many sites on the web
offer some limited support for encryption over HTTPS, but make it difficult to use. For
instance, they may default to unencrypted HTTP, or fill encrypted pages with links that
go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems
by rewriting all requests to these sites to HTTPS.
To learn more about HTTPS Everywhere you can see:
the HTTPS Everywhere homepage
the HTTPS Everywhere FAQ
Torbutton
Tor alone is not enough to protect your anonymity and privacy while browsing the web.
All modern web browsers, such as Firefox, support JavaScript , Adobe Flash , cookies
and other services which have been shown to be able to defeat the anonymity provided
by the Tor network.
In Tails all such features are handled from inside the browser by an extension called
Torbutton
which does all sorts of things to prevent the above type of attacks. But that
comes at a price: since this will disable some functionalities and some sites might not
work as intended.
To learn more about Torbutton you can see:
the Torbutton homepage
the Torbutton FAQ
Protection against dangerous JavaScript

Having all JavaScript disabled by default would disable a lot of harmless and possibly
useful JavaScript and render unusable many websites.
1/17/2014
Page 4 of 4
That's why JavaScript is enabled by default in Tails.

But we rely on Torbutton to disable all potentially dangerous JavaScript.
We consider this as a necessary compromise between security and usability and as of
today we are not aware of any JavaScript that would compromise Tails anonymity.
For more technical details you can refer to the Torbutton design document .
NoScript to have even more control over

JavaScript
For more information you can refer to the NoScript website
and features .
1/17/2014
Tails - Chatting with Pidgin
doc
anonymous internet
Page 1 of 3
Chatting with Pidgin
English
DE
FR
PT
Chatting with Pidgin

For chatting and instant messaging, Tails
includes the Pidgin Instant Messenger .
You can use it to connect to IRC
or XMPP
Download
Tails 0.22
December 11, 2013
(also known as Jabber) servers, and have several

accounts connected at the same time.
About
To start Pidgin choose Applications
Getting started
Internet Pidgin Instant Messenger or click

on the Pidgin icon in the application shortcuts.
Documentation
For more detailed documentation refer to the
Help & Support
official Pidgin user guide .
Contribute
1. Predefined accounts
2. Off-the-record (OTR) encryption
3. Random username generation
4. Adding support for another protocol
Predefined accounts
Two accounts are configured in Pidgin by default:
irc.oftc.net to connect to the OFTC IRC server, and join the #tails and #tor chats.
127.0.0.1 to connect to the I2P IRC server.
Those accounts are deactivated when Tails is started. To activate them, choose
Accounts Enable Accounts , and select the account that you want to enable in the
submenu.
https://tails.boum.org/doc/anonymous_internet/pidgin/index.en.html
1/17/2014
Page 2 of 3
Off-the-record (OTR) encryption

As explained on its official page , Off-the-Record messaging allows you to have private
conversations over instant messaging by providing:
Encryption No one else can read your instant messages.
Authentication You are assured the correspondent is who you think it is.
Deniability The messages you send do not have digital signatures that are
checkable by a third party. Anyone can forge messages after a conversation to make
them look like they came from you. However, during a conversation, your
correspondent is assured the messages he sees are authentic and unmodified.
Perfect forward secrecy If you lose control of your private keys, no previous
conversation is compromised.
To learn how to use OTR with Pidgin, refer to the documentation from Security in-a-box:
How to Use OTR to Initiate a Secure Messaging Session in Pidgin .
To store your OTR keys and preferences across separate working sessions,
you can activate the Pidgin persistent volume feature.
In a private OTR conversation over IRC, a message sent using the /me
command is not encrypted. The person receiving the message is
notified by a warning.
Random username generation

Every time you start Tails, a random username is generated for all Pidgin accounts.
The generator uses a list of common English first names, and modifies them, so that
they are almost unique, and does not reveal that you are using Tails.
It is based on the language confluxer by Christopher Pound .
If you want to reuse the same username across separate working sessions,
you can activate the Pidgin persistent volume feature.
Adding support for another protocol

For security reasons, it is only possible to use IRC and XMPP with Pidgin in Tails. Here are
the prerequisites to enable another protocol that is supported by Pidgin otherwise:
1/17/2014
Page 3 of 3
a. The support in Pidgin for this protocol has been successfully tested in Tails.
b. Someone volunteers to maintain the corresponding support in Tails on the long term.
c. Someone has verified that the security record of the desired plugin (including open
bugs) is good enough.
If you want to work on this issue, see our contribute page.
Last edited Fri 09 Aug 2013 03:42:29 PM CEST
1/17/2014
How to Use OTR to Initiate a Secure Messaging Session in Pidgin | Security In A Box
how-to booklet
hands-on guides
How to Use OTR to Initiate a Secure Messaging Session in

Pidgin
List of sections on this page:
3.0 About Pidgin and OTR

3.1 How to Configure the Pidgin-OTR Plugin
3.2 The First Step - How to Generate a Private Key and Display its Fingerprint
3.3 The Second Step - How to Authenticate a Messaging Session
3.4 The Third Step - How to Authenticate the Identity of Your Correspondent
3.0 About Pidgin and OTR

Both your correspondent and yourself must configure the OTR plugin before you can enable private and secure Instant
Messaging (IM) sessions. Given that this OTR plugin was designed especially for Pidgin, it will automatically detect when both
parties have installed and properly configured the OTR plugin.
Note: If you request a private conversation with a friend who has neither installed nor configured OTR, it will automatically
send a message explaining how they can obtain the OTR plugin.
3.1 How to Configure the Pidgin-OTR Plugin

To enable the OTR plugin, perform the following steps:
Step 1. Double click

refer to Figure 1).
or select Start > Programs > Pidgin to launch Pidgin and activate the Buddy List window (please
Step 2. Open the Tools menu, and then select the Plugins item as follows:
Page 1 of 7
mobile security
How-to Booklet
Hands-On Guides
Avast! - Anti-Virus
Spybot - Anti-Spyware
Comodo Firewall
KeePass - Secure
Password Storage
TrueCrypt - Secure File
Storage
Cobian Backup - Secure
File Storage
Recuva - File Recovery
Eraser - Secure File
Removal
CCleaner - Secure File
Deletion and Work
Session Wiping
RiseUp - Secure Email
Service
Pidgin with OTR Secure Instant
Messaging
How to Install the
Pidgin and OTR
software and then
Register and Set
Up Your Account
to Pidgin
How to Use OTR
to Initiate a
Secure Messaging
Session in Pidgin
How to Create a
Google Talk
Account
Portable Pidgin
and OTR
FAQ and Review
Jitsi - Secure Audio,
Video and Instant Text
Messaging
Thunderbird with
Enigmail and GPG Secure Email Client
gpg4usb - email text
and files encryption
Firefox with add-ons Secure Web Browser
Tor - Digital Anonymity
and Circumvention
Social networking tools:
Facebook, Twitter, and
others
Mobile Security
Figure 1: The Buddy List window with the Plugins item selected from the Tools menu
This will activate the Plugins window as follows:
Step 2. Scroll down to the Off-the-Record Messaging option, then click its associated check box to enable it.
https://securityinabox.org/en/pidgin_securechat
1/17/2014
Page 2 of 7
Figure 2: The Pidgin Plugins window with Off-the-Record Messaging selected

Step 3. Click
to begin configuring the Off-the-Record Messaging windows.
Basically, there are 3 steps involved in configuring OTR properly to effectively enable private and secure IM sessions and they
are explained below:
The First Step: This involves generating a unique private key associated with your account, and displaying its fingerprint.
The next two steps involve securing the IM session and authenticating your buddies.
The Second Step: This involves one party requesting a private and secure messaging session with another party currently online.
The The Third Step involves authenticating or verifying the identity of your Pidgin buddy. (Note: In Pidgin, a buddy is
anyone you correspond with during IM sessions. This process of verifying a buddy's identity is known referred to as
authentication in Pidgin. This means establishing that your buddy is exactly the person who he/she is claims to be.
3.2 The First Step - How to Generate a Private Key and Display its Fingerprint
Secure chat sessions in Pidgin are enabled by generating a private key for the relevant account. The Off-the-Record
configuration window is divided into the Config and the Known fingerprints tabs. The Config tab is used to generate a key for
each of your accounts and to set specific OTR options. The Known fingerprints tab contains your friends' keys. You must possess
a key for any buddy with whom you wish to chat privately.
Figure 3: The Off-the-Record Messaging screen displaying the Config tab

Step 1. To optimise your privacy, check the Enable private messaging, Automatically initiate private messaging and Don't log
OTR conversations options in the Config tab as shown in Figure 3 above.
Step 2. Click
notifying you that a private key is being generated appears as follows:
to begin generating your secure key; a screen
1/17/2014
Page 3 of 7
Figure 4: The Generating private key confirmation box

Note: Your buddy must perform the same steps for his/her own account.
Step 3. Click
after the private key (which resembles the following), has been generated:
Figure 5: An example of a fingerprint of the key generated by the OTR engine

Important: You have now created a private key for your account. This will be used to encrypt your conversations so that nobody
else can read them, even if they do manage to monitor your chat sessions. The fingerprint is a long sequence of letters and
numbers used to identify the key for a particular account, as shown in Figure 5 above.
Pidgin automatically saves and verifies your fingerprint, and those of your buddies, so that you will not have to remember them.
3.3 The Second Step - How to Authenticate a Private Conversation

Step 1. Double-click the account of a buddy who is currently on-line to begin a new IM conversation. If both of you have the
OTR plugin installed and properly configured, you will notice that a new OTR button appears at the bottom right corner of your
chat window.
Figure 6: A Pidgin messaging window displaying the OTR icon outlined in black
Step 2. Click
follows:
to activate its associated pop-up menu, and then select the Start private conversation item as
Figure 7: The pop-up menu with the Start private conversation item selected
Your Pidgin IM window will then resemble the following screen:
1/17/2014
Page 4 of 7
Figure 8: The Pidgin IM window displaying the Unverified button

Note: Pidgin automatically begin communicating with your buddy's IM program, and generating messages whenever you attempt
to enable a private and secure chat session. As a result of this, the
that you are now able to have an encrypted conversation with your buddy.
OTR button changes to
, indicating
Warning! Although this conversation is now secure, the identity of your buddy has not been verified yet. Beware: Your buddy
might actually be someone else pretending to be your buddy.
3.4 The Third Step - How to Authenticate the Identity of Your Pidgin Buddy
You may use one of three methods of identification to authenticate your Pidgin buddy; you could use 1). a pre-arranged secret
code phrase or word, 2). pose a question, the answer to which is only known to both of you or 3) manually verify the fingerprints
of your key using a different method of communication.
The Secret Code Phrase or Word Method

You can arrange a code phrase or word in advance, either by meeting each other in person or by using another communications
medium (like a telephone, voice chat by Skype or a mobile phone text message). Once you both type in the same code phrase or
word, your session will be authenticated.
Note: The OTR secret code word recognition feature is case sensitive, that is, it can determine the difference between capital
(A,B,C) letters and lower case (a,b,c) ones. Bear this in mind when inventing a secret code phrase or word!
Step 1 . Click the OTR button in the chat window, then select the Authenticate Buddy item as follows:
Figure 9: The Unverified pop-up menu with the Authenticate buddy item selected
This will activate the Authenticate Buddy window, prompting you to select an authentication method.
Step 2. Click
and select Shared Secret as follows:
Figure 10: The Authenticate buddy screen with the drop-down list revealed
Step 3. Enter the secret code word or phrase as follows:
1/17/2014
Page 5 of 7
Figure 11: The Shared Secret screen

Step 4. Click
to activate the following screen:
Figure 12: The Authenticate Buddy window for a fictitious correspondent

Note: At this time your buddy will see window shown on figure 13 at his/her end and will have to enter the same code word. If
they match, your session will be authenticated.
Figure 13: The Authenticate Buddy window for a fictitious correspondent

Once the session is authenticated, the OTR button will change to
you are really speaking with your buddy.
. Your session is now secure and you can be sure that
The Question and Answer Method

Another method of authenticating each other, is the question and answer method. Create a question and an answer to it. After
reading the question, your buddy must type in the exact answer, and if their answer matches yours, your identity will be
automatically authenticated.
Step 1. Click the OTR menu in active message window to activate its associated pop-up menu, and then select Authenticate
Buddy item (please refer to Figure 9).
1/17/2014
Page 6 of 7
Figure 14: A Pidgin chat window displaying the OTR icon

An Authenticate Buddy window will pop up prompting you to choose the method for authentication.
Step 2. Click the drop-down menu and select the Question and Answer item as follows:
Figure 15: The Authenticate buddy screen

Step 3. Enter a question and its corresponding answer. This question will be sent to your buddy.
Figure 16: The Questions and Answer screen
1/17/2014
Page 7 of 7
If your buddy's answer matches yours, then your identities will have been mutually authenticated or verified, and both parties
are who they claim to be!
. Your session will now be secure and you can
Once the session has been authenticated, the OTR button will change to
be certain of your chat buddy's identity.
Notice that when you Select > Buddy List > Tools > Plugins > Off The Record Messaging > Configure Plugin, the Known
fingerprints tab now displays your buddy's account, and a message that their identity has been verified.
Figure 17: The Off-the-Record Messaging screen displaying the Known Fingerprints tab
Congratulations! You may now chat privately. The next time you and your buddy chat (using the same computers), you can skip
the first and third steps, above. You should only have to request a secure connection and have your buddy accept it.
How to Install the Pidgin and OTR software and
then Register and Set Up Your Account to Pidgin
Printer-friendly version
Espaol Ting Vit

PDF version
ABOUT THIS WEBSITE
CREDITS
up
Burmese
How to Create a Google Talk Account
DISCLAIMER
Franais
SEARCH
Bahasa Indonesia
DOWNLOAD
CONTACT
1/17/2014
Tails - Using I2P
doc
anonymous internet
Page 1 of 1
Using I2P
English
DE
FR
PT
Using I2P
I2P
is an alternative anonymity network to Tor
which supports most common Internet activities

like web browsing, email, filesharing etc. Unlike
Tor, whose main focus arguably is on accessing
sites from the "normal" Internet, I2P is more
oriented towards being a closed darknet ,
Download
Tails 0.22
December 11, 2013
About
separate from the "normal" Internet. Any one

running I2P can run an anonymous server, a so
Getting started
called Eepsite, that is only accessible within I2P

using the .i2p top level domain (similar
Documentation
to .onion for Tor hidden services). For instance,

the I2P homepage can also be accessed through
Help & Support
I2P via http://www.i2p2.i2p .
Contribute
I2P is not started by default in Tails, but can be
started manually throught the menu:
Applications -> Internet -> I2P

Once started, the so called router console will open in Tor Browser, which shows I2P's
current status, links to many useful I2P resources (forums, email, filesharing etc.) and
offers the possibility to shutdown I2P. I2P is integrated in the browser in such a way that
all .i2p addresses are accessed correctly through I2P while all other addresses are
handled by Tor, all at the same time.
https://tails.boum.org/doc/anonymous_internet/i2p/index.en.html
1/17/2014
Tails - Why is Tor slow?
doc
anonymous internet
Page 1 of 2
Why is Tor slow?
English
DE
FR
PT
Why is Tor slow?

Users often find that the Tor network is slow.
This page describes some reasons that make Tor
slow. For further explanations, see Why Tor is so
slow?
Tor circuits lengthen the

connections
Tor provides anonymity by building circuits with
three relays. So instead of connecting directly to
the destination server, a connection is made
between each relay of the circuit and this takes
more time.
Download
Tails 0.22
December 11, 2013
About
Getting started
Documentation
Help & Support
Contribute
Furthermore, Tor tries to build circuits with relays in different countries which make
connection travel more and appear slower.
Quality of the relays

The Tor relays are run by volunteers in a decentralized way. So all relays are not of the
same quality. Some are big and fast, while some others are smaller and slower. As a
whole, the network could be faster it had more capacity. To improve the capacity of the
Tor network, you can either run a Tor relay yourself or help existing relays .
Misuse of the Tor network

Some people misuse the Tor network, sometimes on purpose or sometimes by lack of
knowledge. For instance, Tor is sometimes used to conduct DDoS attacks . By doing
this, the Tor relays are the ones who actually suffer from the attack, instead of the
intended target. Some people use peer-to-peer software through Tor which is bad for
the network. If you want to use peer-to-peer, it is better to use I2P.
https://tails.boum.org/doc/anonymous_internet/why_tor_is_slow/index.en.html
1/17/2014
Tails - Encryption & privacy
doc
Page 1 of 1
Encryption & privacy
English
DE
FR
PT
Encryption & privacy

Your data won't be saved unless explicitly
asked
Using the virtual keyboard
Create and use encrypted volumes
TrueCrypt
Encrypt, decrypt, sign, and verify text using
Download
Tails 0.22
December 11, 2013
About
OpenPGP and Tails gpgApplet

Encrypt text with a passphrase
Getting started
Encrypt and sign text using public-key

cryptography
Decrypt and verify text
Securely delete files and clean diskspace
Documentation
Help & Support
using Nautilus Wipe

Manage passwords using KeePassX
Contribute
https://tails.boum.org/doc/encryption_and_privacy/index.en.html
1/17/2014
Tails - Your data won't be saved unless explicitly asked
doc
encryption and privacy
Page 1 of 1
Your data won't be saved unless explicitly asked
English
DE
FR
PT
Your data won't be saved unless

explicitly asked
As stated in the about page, Tails is designed to
leave no trace on the computer you're using
unless you ask it explicitly. It is important to
understand some of the consequences of that.
Download
Tails 0.22
December 11, 2013
Starting a computer on a media containing Tails

doesn't change anything on the operating
About
system actually installed on your hard drive: as a
Getting started
live system, Tails doesn't need to use your hard

drive during the whole session. Be your hard
Documentation
drive absent or damaged, it wouldn't prevent

your computer to start Tails. Consequently,
Help & Support
removing the DVD or USB stick containing Tails

is enough to retrieve your usual operating
Contribute
system.
You should save anything you want to keep for later access into a separate device (other
USB stick, other DVD or any device you would choose), or use the persistence feature.
Last edited Thu 04 Apr 2013 11:32:57 PM CEST
https://tails.boum.org/doc/encryption_and_privacy/your_data_wont_be_saved_unless_expl... 1/17/2014
Tails - Using the virtual keyboard
doc
Page 1 of 1
English
DE
FR
PT

If you think that the computer that you are using
is not trustworthy, for example when using a
public computer in a library, everything that you
type might be recorded by a hardware
Download
Tails 0.22
December 11, 2013
keylogger .
About
You can use the Florence
virtual keyboard to
protect you against a hardware keylogger when
Getting started
typing passwords and sensitive text. To display

the virtual keyboard, click on the keyboard icon
in the notification area.
Documentation
Help & Support
Contribute
There is currently
no virtual keyboard in Tails Greeter, so a hardware
keylogger could record your persistent volume passphrase or

administration password.
https://tails.boum.org/doc/encryption_and_privacy/virtual_keyboard/index.en.html
1/17/2014
Tails - Create and use encrypted volumes
doc
Page 1 of 8
English
DE
FR
PT

The simplest way to carry around the documents you want to use with
Tails and make sure that they haven't been accessed nor modified is
to store them in an encrypted volume: a dedicated partition on a USB
stick or an external hard-disk.
Download
Tails comes with utilities for LUKS, a standard for disk-encryption
About
Tails 0.22
December 11, 2013
under Linux.
Getting started
The Gnome Disk Utility, allows you to create encrypted volumes
The Gnome Desktop, allows you to open encrypted volumes
1. Create an encrypted partition
1. Open the Gnome Disk Utility
2. Identify your external storage device
3. Format the device
4. Create a new encrypted partition
5. Use the new partition
2. Open an existing encrypted partition
Documentation
Help & Support
Contribute
Create an encrypted partition

Open the Gnome Disk Utility
From the menu Applications System Tools Disk Utility.
https://tails.boum.org/doc/encryption_and_privacy/encrypted_volumes/index.en.html
1/17/2014
Page 2 of 8
Identify your external storage device

The disk utility will list all the current storage devices on the left side of the screen:
Plug in the external storage device that you want to use.

A new device should appear in the list of storage devices. Click on it with the cursor:
1/17/2014
Page 3 of 8
Format the device

Check that the description of the device on the right side of the screen corresponds to
your device: its brand, its size, etc.
Click on Format Drive to erase all the existing partitions on the device. If you're not
sure, don't change the default option: Master Boot Record.
1/17/2014
Page 4 of 8
You will be prompted with a confirmation message.
Create a new encrypted partition

Now the schema of the partitions in the middle of the screen shows an empty device.
Click on Create Partition.

A window with options to configure the new partition will appear.
1/17/2014
Page 5 of 8
Size: you can decide to create a partition on the whole device or just on part of it. In this
example we are creating a partition of 2.0 GB on a device of 3.9 GB.
Type: you can change the filesystem type of the partition. If you are not sure you can
leave the default value: Ext4.
Name: you can set a name for the partition. This name will remain invisible until the
partition is open but will help you to identify it during use.
Encrypt underlying device: check this box to encrypt the partition!
Then click on Create.
You will be asked to enter a passphrase for the new partition.
Then click on Create.

Creating the partition might take a few seconds after which the schema of the device will
display the new encrypted partition:
1/17/2014
Page 6 of 8
At this point you can create other partitions in the free space left on the device, if you
want, by clicking on it and doing again Create Partition.
Use the new partition

Now you can access this new volume from the Places menu with the name you gave it.
You won't be asked for its passphrase unless you unplug it and plug it again.
Open an existing encrypted partition

When plugging a device containing an encrypted partition, Tails won't mount it
automatically but it will appear in the Places menu. If several partitions appear as
1/17/2014
Page 7 of 8
Encrypted, like in the example, you can use its size to guess which one is the one you
want to open.
You will be asked to enter the passphrase to unlock the volume.
In case you get it wrong, you will be warned with an error message. You can try to open
the partition as before and as many times as you want.
In case you get it right, it will open a file browser in this partition.
1/17/2014
Page 8 of 8
Once you are done using the device, to close the encrypted partition choose Places
Computer, right-click on the device, and select Safely Remove Drive.
1/17/2014
Tails - TrueCrypt
doc
Page 1 of 1
TrueCrypt
English
DE
FR
PT
TrueCrypt
Security considerations
Download
Although TrueCrypt looks like free software,
December 11, 2013
concerns
over its licence
Tails 0.22
prevent its inclusion
in Debian. Truecrypt is also developed in a

closed fashion, so while the source code is freely
available, it may receive less review than might
a comparable openly developed project.
For the above reasons, Tails developers do not
recommend TrueCrypt. We include TrueCrypt
only to allow users of the (old and now
unsupported) Incognito live system to access the
data on previously created media.
About
Getting started
Documentation
Help & Support
Contribute
In the future, we would like to replace TrueCrypt with a compatible alternative .

However, there might be some time during which that is not possible, and moving away
from TrueCrypt
is the only sensible way we can go. This means that you should not
create new TrueCrypt media if you intend to stay with Tails in the long run.
Using TrueCrypt in Tails

TrueCrypt is not enabled by default when Tails starts. In order to use TrueCrypt, add the
truecrypt boot option to the boot menu. For detailed instructions, see the
documentation on using the boot menu.
Once Tails has started, to start TrueCrypt choose Applications Accessories
TrueCrypt.
Last edited Sat 05 Oct 2013 02:49:23 PM CEST
https://tails.boum.org/doc/encryption_and_privacy/truecrypt/index.en.html
1/17/2014
Tails - Tails gpgApplet
doc
Page 1 of 1
Tails gpgApplet
English
DE
FR
PT
Tails gpgApplet
Tails includes a custom applet, called Tails
gpgApplet, to manipulate text using OpenPGP.
Download
Tails 0.22
December 11, 2013

It is unsafe to write confidential
text in a web browser since
JavaScript attacks can access it from
inside the browser. You should rather
write your text in a separate
application, encrypt it using Tails
gpgApplet, and paste the encrypted
text in your browser, before sending it
by email for example.
Tails gpgApplet is located in the notification
About
Getting started
Documentation
Help & Support
Contribute
area.
With Tails gpgApplet you can:

Encrypt text with a passphrase
Encrypt and sign text with a public key
Decrypt and verify text
https://tails.boum.org/doc/encryption_and_privacy/gpgapplet/index.en.html
1/17/2014
Tails - OpenPGP passphrase encryption
doc
Page 1 of 3
gpgapplet
OpenPGP passphrase encryption
English
DE
FR
PT
OpenPGP passphrase encryption

With Tails gpgApplet you can encrypt text with
a passphrase using the passphrase encryption
of OpenPGP.
Download
Tails 0.22
December 11, 2013
About
Getting started
Documentation
Help & Support
Contribute
This technique requires you to share a secret passphrase with the

people who will decrypt the text. OpenPGP also allows you to use
public-key cryptography to send confidential messages without having a
shared passphrase. See the corresponding documentation.
1. Write your text in a text editor. Do not write it in the web browser!
For example, open gedit from the menu Applications Accessories gedit Text
Editor.
2. Select with the mouse the text that you want to encrypt. To copy it into the
clipboard , right-click on the selected text and choose Copy from the menu.
Tails gpgApplet now shows lines of text, meaning that the clipboard contains nonencrypted text.
https://tails.boum.org/doc/encryption_and_privacy/gpgapplet/passphrase_encryption/index... 1/17/2014
Page 2 of 3
3. Click on Tails gpgApplet and select Encrypt Clipboard with Passphrase from the
menu.
If you receive the error message The clipboard does not contain valid input
data, try to copy your text again, starting from step 2.
4. In the Passphrase dialog box, enter a passphrase of your choice. Repeat the same
passphrase in the second dialog box.
5. Tails gpgApplet now shows a padlock, meaning that the clipboard contains encrypted
text.
6. To paste the encrypted text into another application, right-click in the application
where you want to paste it and choose Paste from the menu.
For example, you can paste it into the web browser to send it by email.
Page 3 of 3
You can also decrypt a text that is encrypted with a passphrase using Tails
gpgApplet.
Tails - OpenPGP public-key cryptography
doc
Page 1 of 3
gpgapplet
OpenPGP public-key cryptography
English
DE
FR
PT
OpenPGP public-key cryptography

With Tails gpgApplet you can encrypt or sign
text using the public key encryption of
OpenPGP.
Download
Tails 0.22
December 11, 2013
About
Getting started
Documentation
Help & Support
Contribute
This technique requires you to use public-key cryptography. If you

never used OpenPGP keys before, you might rather want to encrypt your
text using a passphrase with OpenPGP passphrase encryption. See the
corresponding documentation.
1. Write your text in a text editor. Do not write it in the web browser!
For example, open gedit from the menu Applications Accessories gedit Text
Editor.
2. Select with the mouse the text that you want to encrypt or sign. To copy it into the
clipboard , right-click on the selected text and choose Copy from the menu.
Tails gpgApplet now shows lines of text, meaning that the clipboard contains nonencrypted text.
https://tails.boum.org/doc/encryption_and_privacy/gpgapplet/public-key_cryptography/ind... 1/17/2014
Page 2 of 3
3. Click on Tails gpgApplet and select Sign/Encrypt Clipboard with Public Keys from
the menu.
If you receive the error message The clipboard does not contain valid input
data, try to copy your text again, starting from step 2.
4. If you want to encrypt the text, select one or more public keys for the recipients of
the encrypted text in the Choose keys dialog box. To select a public key, doubleclick on the corresponding line in the Select recipients list box.
5. If you want to sign the text, select the secret key with which you want to sign the text
in the Sign message as drop-down list.
6. If you want to hide the recipients of the encrypted text, select the Hide recipients
check box. Otherwise anyone who sees the encrypted text can know who the
recipients are.
7. Click on the OK button.
If you receive the warning message Do you trust these keys, answer it
accordingly.
8. If you selected one or several public keys to encrypt the text, Tails gpgApplet now
shows a padlock, meaning that the clipboard contains encrypted text.
If you only selected a secret key to sign the text, Tails gpgApplet now shows a seal,
meaning that the clipboard contains signed text.
9. To paste the encrypted or signed text into another application, right-click in the
application where you want to paste it and choose Paste from the menu.
Page 3 of 3
For example, you can paste it into the web browser to send it by email.
To store your GnuPG keys and configuration across separate working

sessions, you can activate the GnuPG persistent volume feature.
You can also decrypt or verify a text that is encrypted or signed using
public-key cryptography using Tails gpgApplet.
Tails - Decrypt or verify a text created using OpenPGP
doc
Page 1 of 2
gpgapplet
Decrypt or verify a text created using OpenPGP

English
DE
FR
PT
Decrypt or verify a text created

using OpenPGP
With Tails gpgApplet you can decrypt text that
is encrypted using OpenPGP or verify text
that is signed using OpenPGP.
Download
Tails 0.22
December 11, 2013
1. Select with the mouse the encrypted text that

you want to decrypt or the signed text that
you want to verify. Include the lines -----
About
BEGIN PGP MESSAGE----- and -----END PGP
Getting started
MESSAGE-----.
To copy it into the clipboard , right-click on
the selected text and choose Copy from the
menu.
2. If the text that you selected is encrypted,
Documentation
Help & Support
Contribute
Tails gpgApplet now shows a padlock,

meaning that the clipboard contains encrypted text.
If the text that you selected is only signed, but not encrypted, Tails gpgApplet now
shows a seal, meaning that the clipboard contains signed text.
https://tails.boum.org/doc/encryption_and_privacy/gpgapplet/decrypt_verify/index.en.html
1/17/2014
Tails - Decrypt or verify a text created using OpenPGP
Page 2 of 2
3. Click on Tails gpgApplet and select Decrypt/Verify Clipboard from the menu.
4. If the text that you selected is only signed and the signature is valid, the GnuPG
results window described in step 6 appears directly.
If the text is signed and the signature is invalid, a GnuPG error message appears
that mentions BAD signature from.
If the text is encrypted with a passphrase, the Enter passphrase dialog box
appears. Enter the passphrase that has been used to encrypt the text and click OK.
If the text is encrypted using public-key cryptography, three different dialog boxes
can appear.
a. If the passphrase for the corresponding private key is not already cached in
memory, a dialog box appears with the following message: You need a
passphrase to unlock the secret key for user. Enter the passphrase for this
secret key and click OK.
b. If the passphrase for the corresponding secret key is already cached in memory, a
dialog box appears with the following message: The passphrase is cached in
memory. Click on the Authorize button to use the passphrase cached in
memory.
c. If no secret key for which the text is encrypted is available in your keyring, a
GnuPG error message appears that mentions decryption failed: secret key not
available.
5. If the passphrase provided in step 4 is incorrect, a GnuPG error message appears
that mentions decryption failed: bad key.
6. If the passphrase provided in step 4 is correct, or if the signature of the text is valid,
or both, a GnuPG results window appears.
The decrypted text appears in the Output of GnuPG text box.
In the Other messages provided by GnuPG text box, the message Good
signature from, confirms that the signature of the text is valid.
To store your GnuPG keys and configuration across separate working
sessions, you can activate the GnuPG persistent volume feature.
https://tails.boum.org/doc/encryption_and_privacy/gpgapplet/decrypt_verify/index.en.html
1/17/2014
Tails - Securely delete files and clean diskspace
doc
Page 1 of 7
English
DE
FR
PT

1. Why use secure deletion?
2. Warning about USB sticks and solid-state drives
3. Securely delete files
Download
Tails 0.22
December 11, 2013
1. Select the files you want to securely delete

2. Securely delete them using Nautilus Wipe
4. Securely clean available disk space
1. Navigate to the disk you want to securely clean
2. Securely clean the available space using Nautilus
Wipe
About
Getting started
Documentation
Help & Support
Why use secure deletion?
Contribute
Operating systems do not actually remove the

contents of a file when it is deleted, even after emptying the trash or explicitly
removing the file, from the command line for example.
Instead, they simply remove the file's entry from the file system directory, because this
requires less work and is therefore faster. The contents of the filethe actual
dataremain on the storage medium. The data will remain there until the operating
system reuses the space for new data.
Likewise, reformatting, repartitioning or reimaging a system is not always guaranteed to
write to every area of the disk, though all will cause the disk to appear empty or, in the
case of reimaging, empty except for the files present in the image, to most software.
Finally, even when the storage medium is overwritten, physical properties of the medium
may make it possible to recover the previous contents. In most cases however, this
recovery is not possible by just reading from the storage device in the usual way, but
requires using laboratory techniques such as disassembling the device and directly
accessing/reading from its components.
Quoted from Wikipedia: Secure file deletion .
https://tails.boum.org/doc/encryption_and_privacy/secure_deletion/index.en.html
1/17/2014
Page 2 of 7
Warning about USB sticks and solid-state drives

The methods described below will not work as expected on USB sticks and
solid-state drives.
The existing hard drive-oriented techniques for secure deletion of individual files are not
effective.
Overwriting twice the entire drive is usually, but not always, sufficient to securely clean
the drive.
Unfortunately, Tails does not currently allow you to perform this task with
graphical tools. See the corresponding ticket.
For more details read, the corresponding section of the Wikipedia article on Secure file
deletion .
Securely delete files

In Tails you can securely delete files thanks to an extension of the Nautilus file manager
called Nautilus Wipe .
Select the files you want to securely delete

Open Nautilus, either from the Places menu or the Computer icon on the desktop.
Navigate to the folder containing the files that you want to delete.
Select the files that you want to delete with the mouse.
1/17/2014
Page 3 of 7
Securely delete them using Nautilus Wipe

Securely delete them by doing right-click Wipe.
1/17/2014
Page 4 of 7
Confirm.
The deletion will start. It can last from a few seconds to several minutes, according to the
size of the files. Be patient
1/17/2014
Page 5 of 7
Once the deletion will be done you should be prompted with a message saying:
Securely clean available disk space

In order to clean up the contents of all files that were previously suppressed but not
securely deleted from a disk, it is also possible to securely clean all the free space on the
disk.
This method does not work as expected on solid-state drives or USB sticks.
The disk or the folder may or may not contain other files. Those files will not be deleted
during the operation.
Navigate to the disk you want to securely clean

Open Nautilus, either from the Places menu or the Computer icon on the desktop.
Navigate to a folder on the disk that you want to clean.
Securely clean the available space using Nautilus Wipe

Securely clean the available diskspace by doing right-click Wipe available
diskspace.
1/17/2014
Page 6 of 7
Confirm.
The cleaning will start. It can last from a few minutes to a few hours, according to the
size of the available diskspace. Be patient
Note that a file called oooooooo.ooo is created in the folder. Nautilus Wipe will try to
make it as big as possible to use all the available diskspace and then will securely delete
it.
1/17/2014
Page 7 of 7
Once the cleaning will be done you should be prompted with a message saying:
1/17/2014
Tails - Manage passwords with KeePassX
doc
Page 1 of 3
Manage passwords with KeePassX
English
DE
FR
PT
Manage passwords with KeePassX

Using the KeePassX
password manager you
Download
Tails 0.22
can:
Store many passwords in an encrypted
database which is protected by a single
passphrase of your choice.
December 11, 2013
About
Always use different and stronger passwords,

since you only have to remember a single
Getting started
passphrase to unlock the entire database.

Generate very strong random passwords.
1. Create and save a password database
2. Restore and unlock the password database
3. KeePassX user guide
Documentation
Help & Support
Contribute
4. Use KeepassX to type a password into

Pinentry
Create and save a password database

Follow these steps to create a new password database and save it in the persistent
volume for use in future working sessions.
To learn how to create and configure the persistent volume, read the documentation on
persistence.
1. When starting Tails, enable the persistent volume.
2. In the Persistent Volume Assistant, verify that the Personal Data feature is
activated. If it is deactivated, activate it, restart Tails, and enable the persistent
volume.
https://tails.boum.org/doc/encryption_and_privacy/manage_passwords/index.en.html
1/17/2014
Page 2 of 3
3. To start KeePassX, choose Applications Accessories KeePassX.

4. To create a new password database, choose File New Database
5. The password database is encrypted and protected by a passphrase.
Specify a passphrase of your choice in the Password text box, then click OK.
Type the same passphrase again in the next dialog, then click OK.
6. To store the password database in the persistent volume for use in future working
sessions:
Choose File Save Database.
Enter keepassx in the Name text box.
Select Persistent in the list of folders in the left pane.
Click Save.
Restore and unlock the password database

Follow these steps to unlock the password database saved in the persistent volume from
a previous working session.
1. When starting Tails, enable the persistent volume.
2. To start KeePassX, choose Applications Accessories KeePassX.
3. If a password database is found in the persistent volume, a dialog appears and asks
for the passphrase to unlock that password database. Enter the passphrase and click
OK.
4. If you enter an invalid passphrase the following error message appears:
The following error occured while opening the database:
Hash test failed.
The key is wrong or the file is damaged.
Then click OK and try again.
KeePassX user guide

To read the official KeePassX user guide, choose Help KeePassX Handbook.
Use KeepassX to type a password into

Pinentry
1/17/2014
Page 3 of 3
When using OpenPGP with Claws Mail or GPG Applet for example, you need to enter a
password in a Pinentry dialog box. But you cannot copy and paste into it. This is a
security feature of Pinentry based on the fact that otherwise the data in the clipboard
could be accessed by another application against your will.
Use the AutoType feature of KeepassX to type a password into a Pinentry dialog box.
1. Before the Pinentry dialog box appears, open KeepassX and unlock the database.
2. Use OpenPGP with Claws Mail or GPG Applet until the Pinentry dialog box appears.
3. Click on the KeepassX logo in the notification area to switch to KeepassX. Right-click
on the entry from which you want to use the password, and choose Perform
AutoType.
Do not enter a user name in the KeepassX entry, otherwise KeepassX will
type it together with the password in the Pinentry dialog box, and the
resulting password will be incorrect.
1/17/2014
Tails - Work on sensitive documents
doc
Page 1 of 1
Work on sensitive documents
English
DE
FR
PT
Work on sensitive documents

Tails aims at providing a "safe" environment to
produce and optionally publish sensitive
documents.
Office suite
Graphics
Download
Tails 0.22
December 11, 2013
About
Desktop publishing
Audio
Getting started
Printing and scanning
Documentation
Help & Support
Contribute
https://tails.boum.org/doc/sensitive_documents/index.en.html
1/17/2014
Tails - Office suite
doc
sensitive documents
Page 1 of 1
Office suite
English
DE
FR
PT
Office suite
Tails includes OpenOffice.org , which is a full-
Download
near drop-in replacement for Microsoft(R) Office.
Tails 0.22
It includes a word processor, a spreadsheet and

a presentation application.
About
You can launch them from the Applications
Getting started
featured office productivity suite that provides a
December 11, 2013
Office
Documentation
Help & Support
Contribute
https://tails.boum.org/doc/sensitive_documents/office_suite/index.en.html
1/17/2014
Tails - Graphics
doc
Page 1 of 1
sensitive documents
Graphics
English
DE
FR
PT
Graphics
Tails includes The GIMP
for The GNU Image
Manipulation Program for bitmap graphics. GIMP

lets you draw, paint, edit images, and much
more.
For vector-based drawing, Tails includes
Download
Tails 0.22
December 11, 2013
About
inkscape .
Getting started
Both are accessible from Applications Graphics
menu.
Documentation
Help & Support
Contribute
https://tails.boum.org/doc/sensitive_documents/graphics/index.en.html
1/17/2014
Tails - Desktop publishing
doc
sensitive documents
Page 1 of 1
Desktop publishing
English
DE
FR
PT
Desktop publishing
Scribus
is an Open Source Desktop Page
Layout accessible from the Applications

Graphics. It can be used for many tasks; from
booklets design to newspapers, magazines,
newsletters and posters to technical
documentation. It has sophisticated page layout
Download
Tails 0.22
December 11, 2013
About
features like precision placing and rotating of

text and/or images on a page, manual kerning of
Getting started
type, bezier curves polygons, precision

placement of objects, layering with RGB and
Documentation
CMYK custom colors. The Scribus document file

format is XML-based. Unlike proprietary binary
Help & Support
file formats, even damaged documents can be

recovered with a simple text editor.
Contribute
https://tails.boum.org/doc/sensitive_documents/desktop_publishing/index.en.html
1/17/2014
Tails - Audio
doc
Page 1 of 1
sensitive documents
Audio
English
DE
FR
PT
Audio
Audacity
is a multi-track audio editor for
Linux/Unix, MacOS and Windows. It is designed

for easy recording, playing and editing of digital
audio.
Download
Tails 0.22
December 11, 2013
About
Getting started
Documentation
Help & Support
Contribute
https://tails.boum.org/doc/sensitive_documents/audio/index.en.html
1/17/2014
Tails - Printing and scanning
doc
sensitive documents
Page 1 of 1
English
DE
FR
PT

1. Printing
2. Scanning
Printing
To configure a printer or manage your printing
jobs choose System Administration
Download
Tails 0.22
December 11, 2013
About
Getting started
Printing.
Documentation
To check the compatibility of your printer with
Help & Support
Linux and Tails, consult the OpenPrinting

database
of the Linux Foundation.
Contribute
To reuse the configuration of the printers across separate working

sessions, you can activate the Printers persistent volume feature.
Scanning
Tails includes Simple Scan , a tool to scan both documents and photos.
To start Simple Scan choose Applications Graphics Simple Scan.
https://tails.boum.org/doc/sensitive_documents/printing_and_scanning/index.en.html
1/17/2014
Tails - Advanced topics
doc
Page 1 of 1
Advanced topics
English
DE
FR
PT
Advanced topics
Protection against cold boot attacks
Virtualization
Enable a wireless device
Enable MAC Changer
Download
Tails 0.22
December 11, 2013
About
Getting started
Documentation
Help & Support
Contribute
https://tails.boum.org/doc/advanced_topics/index.en.html
1/17/2014
Tails - Protection against cold boot attacks
doc
advanced topics
Page 1 of 2
English
DE
FR
PT

While using a computer, all the data
manipulated is written temporarily in RAM :
texts, saved files, but also passwords and
encryption keys. The more recent the activity,
Download
Tails 0.22
December 11, 2013
the more likely it is for the data to still be in

RAM.
About
After a computer is powered off, the data in RAM
Getting started
disappears rapidly, but it can remain in RAM up

to several minutes after shutdown. An attacker
having access to a computer before it disappears
Documentation
completely could recover important data from
Help & Support
your session.
Contribute
This can be achieved using a technique called
cold boot attack+ . To prevent this attack, the data in RAM is overwritten by random
data when shutting down Tails. This erases all traces from your session on that
computer.
On some computers Tails might fail to:
erase all the data in RAM on shutdown
completely shutdown or restart (in this case there is no guarantee that
all the data in RAM is erased).
Moreover, an attacker having physical access to the computer while Tails is running can
recover data from RAM as well. To avoid that, learn the different methods to shutdown
Tails rapidly.
As far as we know, cold boot attacks are not a common procedure for data recovery, but
it might still be good to be prepared.
https://tails.boum.org/doc/advanced_topics/cold_boot_attacks/index.en.html
1/17/2014
Tails - Virtualization
doc
Page 1 of 2
advanced topics
Virtualization
English
DE
FR
PT
Virtualization
Download
1. Security issues
2. Tips and tricks
Tails 0.22
December 11, 2013
Certain users might not want to restart the

computer every time they wish to use the
About
Internet anonymously with Tails. For those, a so

called virtual machine
can be used to run Tails
inside the "host" operating system installed on

the computer (e.g. Microsoft Windows, Mac OS X,
etc.). Essentially these programs emulate real
computers that you can run "guest" operating
systems (in this case Tails) in so they appear in a
window within the host operating system. Using
one of these technologies allows for convenient
Getting started
Documentation
Help & Support
Contribute
access to Tails's features in a protected environment while you at the same time have
access to your normal operation system.
Security issues
There are a few security issues with this approach though.
When running Tails inside a virtual machine, both the host operating system and the
virtualization software are able to monitor what you are doing in Tails.
The main issue is if the host operating system is compromised with a software keylogger
or other malware, which Tails does not provide any protection against in fact, that is
impossible.
Moreover traces are likely to be left on the local hard disk.
https://tails.boum.org/doc/advanced_topics/virtualization/index.en.html
1/17/2014
Tails - Virtualization
Page 2 of 2
As such, this is only recommended when the other alternative is not an option or when
you are absolutely sure that your host system is clean.
That's why Tails warns you when you are running it inside a virtual machine. Do not
expect Tails to protect you if you run it in a virtual machine if you do not trust the host
computer, Tails is not magical!
If you read this warning while you are not aware to be using a virtual machine: there
could be a ?bug in the virtualization detection software Tails uses... or something really
weird is happening.
If you are unsure, and if you can afford it, run Tails from a DVD, USB stick or SD card
instead.
Tips and tricks

Some tips can help making the host operating system and virtualization software a tiny
bit more secure.
In the future, it will be possible to easily start Tails within Windows.
https://tails.boum.org/doc/advanced_topics/virtualization/index.en.html
1/17/2014
Tails - Enable a wireless device
doc
advanced topics
Page 1 of 2
English
DE
FR
PT

When Tails starts, Wi-Fi, Bluetooth, WWAN and
Download
Tails 0.22
WiMAX devices are enabled.

But all other kinds of wireless devices such as
GPS and FM devices are disabled by default. If
you want to use such a device, you need to
December 11, 2013
About
enabled it first.
Getting started
This technique uses the command line.
Documentation
1. When starting Tails, set up an administration
Help & Support
password.
2. To find out the index of the wireless device
that you want to enable, open a root terminal,
Contribute
and execute the following command:
rfkill list
For example, the command could return the following:
0: phy0: Wireless LAN

Soft blocked:
Hard blocked:
1: hci0: Bluetooth
Soft blocked:
Hard blocked:
2: gps0: GPS
Soft blocked:
Hard blocked:
no
no
no
no
yes
no
https://tails.boum.org/doc/advanced_topics/wireless_devices/index.en.html
1/17/2014
Tails - Enable a wireless device
Page 2 of 2
The device index is the number that appears at the beginning of the three lines
describing each device. In this example, the index of the Bluetooth device is 1, while
the index of the GPS device is 2. Yours are probably different.
3. To enable the wireless device, execute the following command in the root terminal,
replacing [index] with the index found at step 2:
rfkill unblock [index]

Here is an example of the command to execute. Yours is probably different:
rfkill unblock 2
4. To verify that the wireless device is enabled, execute the following command in the
root terminal again:
rfkill list
This output should be very similar to the one of step 2, but the device enabled at step
3 should not be soft blocked anymore.
For example, the command could return the following:
0: phy0: Wireless LAN

Soft blocked: no
Hard blocked: no
1: hci0: Bluetooth
Soft blocked:
Hard blocked:
2: gps0: GPS
Soft blocked:
Hard blocked:
no
no
no
no
Last edited Wed 26 Jun 2013 01:50:09 PM CEST
https://tails.boum.org/doc/advanced_topics/wireless_devices/index.en.html
1/17/2014
Tails - Enable MAC Changer
doc
advanced topics
Page 1 of 1
Enable MAC Changer
English
DE
FR
PT
Enable MAC Changer

Macchanger is shipped in Tails but
there is currently no documented
method of using it.
See the corresponding ticket.
First of all, you should know that all network
cards, both wired and wireless, have a unique
identifier stored in them called their MAC
address. This address is actually used to address
your computer on the local network. It will
usually not go out on the Internet but some
public Wi-Fi connections transmit that MAC
address to a central authentication server, for
Download
Tails 0.22
December 11, 2013
About
Getting started
Documentation
Help & Support
Contribute
example when logging into their service. It is

never useful enabling this option if you are using a public computer only use this if you
are using a computer that can be linked to you on a public network.
The reason why this is not always enabled is that is might cause problems on some
networks, so if you experience network problems while it is enabled you might want try
disabling it.
https://tails.boum.org/doc/advanced_topics/mac_changer/index.en.html
1/17/2014

Tails Manual

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Tails Manual

Uploaded by

Copyright:

Available Formats

Tails - Introduction

December 11, 2013

and security on the Internet.

Help & Support

It is quite long so you might want to not read it

in one go but instead read about and warning, as

Last edited Tue 29 Oct 2013 06:46:43 PM CET

Tails - About Tails anonymity

About Tails anonymity

About Tails anonymity

December 11, 2013

As you are probably aware of, we currently find

Help & Support

not a conspiracy theory; see this report from the

Tails - System requirements

December 11, 2013

IBM PC compatible and others but not

might experience strange behaviours or

Last edited Tue 29 Oct 2013 06:46:43 PM CET

December 11, 2013

right tool for you, and second, helping you

1. Tor exit nodes can eavesdrop on

Tor exit nodes can eavesdrop on

Tails makes it clear that you are using Tor and

Quoted from Wikipedia: Man-in-the-middle attack , Wikipedia: Comodo Group#Iran SSL

Tails doesn't encrypt your documents by

Tails doesn't clear the metadata of your

Tor doesn't protect you from a global

Tails doesn't magically separate your different

Tails doesn't make your crappy passwords

Tails is a work in progress

Last edited Sun 08 Sep 2013 05:53:29 PM CEST

Tails - Features and included software

Features and included software

Features and included software

December 11, 2013

GNOME , an intuitive and attractive desktop

Help & Support

for anonymity and protection against evil JavaScript

all cookies are treated as session cookies by default; the CS Lite

transparently enables SSL-encrypted connections to a great

number of major websites

preconfigured with OTR

for Off-the-Record Messaging

Claws Mail e-mail client, with user-friendly GnuPG support

for collaborative text writing

for wireless networks auditing

Tails - Features and included software

for recording and editing sounds

for non-linear audio/video editing

to edit .po files

Simple Scan and SANE for scanner support

to rip audio CDs

Encryption & Privacy

to install and use encrypted storage devices, for example

virtual keyboard as a countermeasure against hardware keyloggers

MAT to anonymize metadata in files

Tails - Features and included software

One can choose at boot time between a big number of languages.

Last edited Tue 17 Dec 2013 11:01:38 AM CET

Tails - Can I hide the fact that I am using Tails?

Can I hide the fact that I am using Tails?

Can I hide the fact that I am using

December 11, 2013