Tails

Weekend Reading: Tor and Tails

Carlie Fairchild — Sat, 16 Mar 2019 14:04:18 +0000

Tails is a live media Linux distro designed to boot into a highly secure desktop environment. Tor is a browser that prevents somebody watching your internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.

Learn why anonymity matters and how you can protect yourself with this Linux Journal Weekend Reading.

T or Hidden Services

Why should clients get all the privacy? Give your servers some privacy too!

Tails above the Rest: the Installation

How to get and validate the Tails distribution and install it. We will follow up with what Tails can and can't do to protect your privacy, and how to use Tails in a way that minimizes your risk. Then we will finish with some more advanced features of Tails, including the use of a persistent volume (with this feature, depending on your needs, you could conceivably use Tails as your main Linux distribution).

Tails above the Rest, Part II

Now that you have Tails installed, let's start using it. Read on to find out how to get started.

Tails above the Rest, Part III

In the first two parts on this series, we gave an overview of Tails, including how to get the distribution securely, and once you have it, how to use some of the basic tools. Here, we cover some of the more advanced features of Tails, such as some of its log-in options, its suite of encryption tools and the persistent disk.

Tor Security for Android and Desktop Linux

The Tor Project presents an effective countermeasure against hostile and disingenuous carriers and ISPs that, on a properly rooted and capable Android device or Linux system, can force all network traffic through Tor encrypted entry points (guard nodes) with custom rules for iptables. This action renders all device network activity opaque to the upstream carrier—barring exceptional intervention, all efforts to track a user are afterwards futile.

A Bundle of Tor

The best way to set up Tor on your personal machine.

Dolphins in the NSA Dragnet

Go to Full Article

The Linux Journal NSA Reading List: Tails and Tor

Carlie Fairchild — Sun, 25 Mar 2018 19:33:50 +0000

by Carlie Fairchild

Learn why anonymity matters and how you can protect yourself by reading the following archived Linux Journal articles:

Tails above the Rest: the Installation by Kyle Rankin: how to get and validate the Tails distribution and install it. I will follow up with what Tails can and can't do to protect your privacy, and how to use Tails in a way that minimizes your risk. Then I will finish with some more advanced features of Tails, including the use of a persistent volume (with this feature, depending on your needs, you could conceivably use Tails as your main Linux distribution).

Tails above the Rest, Part II by Kyle Rankin: now that you have Tails installed, let's start using it. Read on to find out how to get started.

Tails above the Rest, Part III by Kyle Rankin: in the first two parts on this series, I gave an overview of Tails, including how to get the distribution securely, and once you have it, how to use some of the basic tools. Here, I cover some of the more advanced features of Tails, such as some of its log-in options, its suite of encryption tools and the persistent disk.

Tor Security for Android and Desktop Linux by Charles Fischer: the Tor Project presents an effective countermeasure against hostile and disingenuous carriers and ISPs that, on a properly rooted and capable Android device or Linux system, can force all network traffic through Tor encrypted entry points (guard nodes) with custom rules for iptables. This action renders all device network activity opaque to the upstream carrier—barring exceptional intervention, all efforts to track a user are afterwards futile.

A Bundle of Tor by Kyle Rankin: the best way to set up Tor on your personal machine.

Go to Full Article

Tor Security for Android and Desktop Linux

Charles Fisher — Wed, 12 Apr 2017 15:32:53 +0000

by Charles Fisher

Introduction

Internet service providers in the United States have just been given the green light to sell usage history of their subscribers by S J Res 34, opening the gates for private subscriber data to become public. The law appears to direct ISPs to provide an "opt-out" mechanism for subscribers to retain private control of their usage history, which every subscriber should complete.

This comes at an interesting time for the new Trump presidency, as he appears to be preparing the Justice Department to prosecute Susan Rice for accessing telephone records of his associates while she was the National Security Advisor for the Obama administration. It is ironic and unconscionable that President Trump has chosen to erode internet usage privacy for his constituents while fiercely defending the telephone records of those closest to him.

Orbot for Android

A rooted Android device is required for the highest levels of service for Tor and is now a "must-have" for users who place great value on privacy. Android stock devices (where root is controlled by the Original Equipment Manufacturer [OEM] and/or the carrier) are able to use the network with applications that are aware of the local Tor client, but full root control of User ID zero is a precondition for total obfuscation of device network traffic. Carriers and OEMs work very hard to lock devices and prevent users from rooting, but they are also quite lazy in applying security updates, and a thriving industry has emerged for Android owners seizing privileged access by exploiting security flaws. A few relevant resources for rooting are Sunshine, KingRoot and KingoRoot. Depending upon the hardware model, these programs can be effective in breaking Android systems free. Research on these tools and methods is best conducted in the discussion forums for XDA Developers.

Go to Full Article

Tails above the Rest, Part II

Kyle Rankin — Thu, 03 Jul 2014 21:37:21 +0000

by Kyle Rankin

Now that you have Tails installed, let's start using it.

I'm halfway through what will likely be a three-part series on the Tails live disk. In the first column, I introduced Tails as a special distribution of Linux, based on Debian, that puts all sorts of privacy- and security-enhancing tools in a live disk you can boot anywhere. Then I talked about how to download and install the distribution securely on a CD or USB disk. In this article, I'm going to follow up with a general overview of the Tails desktop and highlight some of the software you are most likely to use within it. In my next column, I'll cover some of the more advanced features of Tails, including the persistent disk and encryption.

Tails Limitations

Before I talk too much about the security features of Tails, I think it's important to highlight the limitations that Tails has. Although Tails is incredibly useful and makes it much easier to use the Internet securely, it still isn't a magical solution that will solve all of your privacy problems. Before you use Tails, it's important to know where its limitations are and beyond that, mistakes that you might make that could remove some of the protections Tails does have.

Tails uses Tor to anonymize your Internet use, but that within itself has limitations. First, Tails doesn't attempt to hide the fact that you are using Tor or Tails, so if others can sniff the traffic leaving your network, while they may not be able to tell what Web sites you are browsing, they still can tell you are using Tor itself. So, if you are in a situation where you may get into trouble for using Tor, Tails out of the box won't protect you. Second, although traffic between you and Tor and between Tor nodes is encrypted, traffic that leaves Tor is not necessarily encrypted. Tails, like the Tor browser bundle, adds extensions to its Web browser to attempt to use HTTPS-encrypted sites whenever possible, but if you send an unencrypted e-mail or browse to an unencrypted Web site, the traffic leaving Tor still would be unencrypted. Along the same lines, you also still may be vulnerable to man-in-the-middle attacks launched from a malicious Tor exit node itself or from an attacker between the Tor exit node and the site you want to visit, so you still need to pay attention to any certificate warnings you see in your browser.

Go to Full Article

Tails above the Rest: the Installation

Kyle Rankin — Thu, 03 Jul 2014 21:18:31 +0000

by Kyle Rankin

A few columns ago, I started a series aimed at helping everyone improve their privacy and security on the Internet. The first column in this series was an updated version of a Tor column I wrote a few years ago. While the new column talked about how to get up and running with Tor using the Tor Browser Bundle, in my original Tor column, I talked about how to browse even more anonymously by using a Knoppix live CD and live-installing Tor on top of it. That way, when you were done with your session, you simply could reboot and remove the Knoppix disc, and the host computer would be back to normal with no trace of your steps. Although the Tor Browser Bundle is incredibly useful, it doesn't cover the case where you would like to use Tor on a computer you don't own, much less using Tor without leaving a trace.

These days, there is a much better option than a Knoppix live CD—a live DVD/USB distribution called Tails, which does so much more than provide a live CD with Tor installed. Think of it like a live DVD version of the Tor Browser Bundle, only for the entire OS. With Tails, you boot in to a live environment either from a DVD or USB stick that is set with incredibly secure defaults. Tails takes great lengths to provide you with a secure, anonymous environment. Among other things, Tor automatically launches and connects once you start the desktop, and all communications are routed over it. By default, nothing you do in your desktop session persists—everything is not only erased when you reboot, Tails actually goes further and attempts to scrub the contents of RAM before it does reboot. Tails includes a Web browser configured much like in the Tor Browser Bundle with a number of privacy-enhancing plugins and settings already in place. Beyond that, it includes a password manager (Keepassx), GPG encryption software, an e-mail program (Claws), LUKS disk encryption software, secure chat via Pidgin with the OTR (Off the Record) plugin already installed, and it even includes an on-screen keyboard you can use to type in passwords if you are concerned a keylogger might be installed on your host machine.

In the next few columns, I'm going to discuss how to get and validate the Tails distribution and install it. I will follow up with what Tails can and can't do to protect your privacy, and how to use Tails in a way that minimizes your risk. Then I will finish with some more advanced features of Tails, including the use of a persistent volume (with this feature, depending on your needs, you could conceivably use Tails as your main Linux distribution).

Go to Full Article