Tails: Secure Operating System

Motivation

The reality is if you're engaged in Nationalist activity in the modern world, you will at times have to use a computer and technology for activity. This activity may be looking up information on maps, researching tools & techniques, or communicating with others. While you may be perfectly fine using a standard operating system if you're enaged in legal activism, if you're engaged in radical action that may cross the line of what the system deems illegal, you need to be more secure.

The two major operating systems (Windows and Mac) are largely designed around being easy to use, fast, and efficient for the standard user -- not for radicals. For example, Windows 11 comes standard with a keyogger (they claim this is for spell-check and auto-complete features) and Mac OS will send the hash of every image file on your machine to their servers (they claim this is for CSAM prevention)

If you're engaged in the struggle, putting your life and security on the line, should you trust these operating systems to do anything related to your radical activities? If you have a brain, the answer is a very strong NO. This is where Tails comes in.

What is Tails?

Tails is a privacy and security first Linux operating system that was specifically designed for defense against governments and other powerful institutions. Unlike many other operating systems it is not installed a standard computer hard drive, but installed onto a USB flashdrive which can be then booted onto any computer (Laptop or PC). In doing this, no information is saved to any hard drive leaving limited if any digital footprint on the computer that are running the Tails USB flashdrive.

Tails's claim to fame largely comes from when Edward Snowden said he used Tails to securely communicate with journalists while leaking the NSA data in 2013/14.

Tails comes standard with software applications for text editing, office (LibreOffice), video/audio editing, encryption, web browsing, and a variety of other tools. However unlike a standard operating system which when connected to the internet makes direct connections to a servers, Tails by default routes all network connectivity through the Tor network. Tor will secure and hide you IP address from website you interact with, check out this post on Tor for info on how it works and why it is secure.

Tails comes with a number of other security features such as MAC address spoofing, Application Isolation, SecureBoot, Kernel hardening, Cold Boot protection, and the use of only vetted open source software. For more information on the technical specification and security of Tails check out https://tails.net/contribute/design/

These features combined make a portable, secure, and private operating system that is surprisingly very user friendly even to those who have less technical knowledge. You do not need to understand linux, kernels, bash, or any other advanced topic. Below is the Tails Desktop

Tails

How to install it?

Tails is very easy to install regardless of technical background. All that's for installation needed is a USB drive 8 GB or larger that you can dedicate to using tails (all data on the device will be overwritten). I would recommend that you use cash if you're buying a new USB device.

The basic process is to download the operating system image from tails.net, verify it, then burn onto your USB using an disk writing software (balenaEtcher). Once you've done that you reboot your computer with the USB plugged in and press the key to boot from drives (this key is different for different computer manufacturers), select the USB device that's plugged in and you'll boot into tails.

I recommend you use the instructions from Tails, as these are more detailed, OS specific, and very beginner friendly. Those instructions can be found here : https://tails.net/install/index.en.html.

I'm not putting any content for direct installs in this section as you should refer to that site, as those may be updated with new versions or instructions, they also have better material if you run into any issues.

Persistent Storage

Each time Tails boots it reverts to it's original state, this is part of its secure amnesic configuration that is quite useful for a secure machine. There are times however where you need to save data securely (text files, spreadsheets, or todo lists) and not just temporarily view information on a machine for research or other purposes.

Tails has a solution for this called Persistent storage. Tails uses LUKS + DMcrypt (both of which are secure and standard for disk encryption on Linux) to create a volume in the remaining space on the USB tails was installed on. On boot you'll have an option to unlock this persistent storage and view/edit these files. If unlocked, there will be a folder called Persistent that has all the files/folders you've saved there from last usage. Persistent storage also gives the ability to save useful features like wifi passwords and settings.

As far as security, Persistent storage is very secure - far more than taking physical notes or saving files within Mac/Windows. One thing to note is that this is only as secure as your password, if you write the password down on paper or have a very weak password, Persistent storage can't save you against a state actor. Use a 5-7 word phrase password with numbers/symbols, this is both easy to remember and what is recommended by Tails/Security researchers (example greencatsgrowoverthemoononwenesday49#)

For general information on Persistent storage see - https://tails.net/doc/persistent_storage/index.en.html

Info on setting up persistent storage - https://tails.net/doc/persistent_storage/index.en.html

Info on configuration (chosing what you want to be saved there) - https://tails.net/doc/persistent_storage/create/index.en.html

Info on how to unlock persistent storage when starting tails https://tails.net/doc/persistent_storage/use/index.en.html

Important Considerations

Tails is only as good as your use of it, if make basic security mistakes, tails will not save you. Below are several mistakes that are the most common.

  • Use on insecure hardware

    • If you use Tails on a computer that is compromised or insecure at a hardware level you may be putting yourself at risk.
    • With this in mind, avoid using on any hardware that is not owned by you. For example using Tails on a work or school computer is a bad idea as it is unknown if they've done anything to the firmware/bios or hardware (such as hardware keylogger) of that machine.
  • Failure to compartmentalize

    • Tails, with it's integration of Tor makes de-anonymization near impossible, unless you decide to make it easy for them. In short avoid bringing in your real world "normal" computer life with you to tails.
    • Do not log in to your bank account, normal email account, school login page, work timesheet or other service directly connected to your real world identity. Doing so will tie you to the use of Tor/Tails, and if done at the same time as you're researching information for radical action, may directly tie your real identity to that research.
    • Do not re-use usernames, passwords, profile pictures or anything else that you share with your everyday life
  • Metadata

    • Metadata can reveal a lot and put you in real danger. Some file metadata (images) may include device type, time of creation, and exact GPS location where it was created.
    • If you're creating and uploading files from Tails particularly images, PDFs, Documents, videos, and other more complex file types -- you need to be removing metadata.
    • Tails has a great tool for this which can be found under Applications > Accessories called Metadata Cleaner. Use it religiously anytime you're sharing any files.
  • Extreme precautions

    • If what you're doing is extremely high profile, you may of course be the target of a state actor who may know of unknown vulnerabilities within Tails or Tor. When in these situations, avoid using your home internet connection to connect to Tor (use a coffee shop or library) and avoid downloading any files onto your Tails computer.

Alt options

Are there other options for secure operating systems? In short, yes, however non have the ease of use and extreme security tails provides.

  • Whonix

    • Whonix is a virtual machine (VM) based OS that uses two VMs, one acting as a Tor connected network handler while the other is the main operating system that only connects to the other VM for network access.
    • While useful, Whonix is not as concealable as Tails (it will appear in your VM software) and is not as easy to use for the average user or portable as Tails.
    • If the base OS from which you're running the VMs is compromised then this could put you in at great risk, whereas Tails does not have this problem.
  • Debian/Ubuntu/Qubes

    • Multiple Linux open source distros could be used securely, however it will require solid technical and Linux knowledge to do things correctly. Not only does everything need to be done correctly, there is no room for mistakes; it must be done right the first time.
    • A secure setup on one of these operating systems would include use of Tor as a proxy for all network connectivity, a robust firewall, and LUKS (full disk encryption). This setup while a great improvement from Windows/Mac, would still not be as secure and portable as Tails.

Resources

https://tails.net/about/index.en.html - About Tails

https://tails.net/install/index.en.html Installing Tails

https://tails.net/doc/persistent_storage/index.en.html Persistent storage

https://en.wikipedia.org/wiki/Tails_(operating_system) - General Wiki info