Privacy-Centric Linux Distro Tails Hits 2.0 Release

A_Mythago writes: The Amnesic Incognito Live System (Tails) has finalized version 2.0, which has several improvements and updates to continue to meet their mission of preserving privacy, anonymity and circumventing censorship without a trace, using a Debian 8.0 custom live distro. More details about Edward Snowden's use of Tails and the distro itself can be found at a previous Slashdot story from 2014.

Additional info

[LichtSpektren]

On the firehose submission of this news, I recommended some additional information be included in TFS:
"This summary could use some more information. I'm here to help! What version of Tor (0.2.7.8) and the Tor browser (5.5, based off Firefox ESR 38.6)? What's new in 2.0 besides the OS and Tor updates (switch from Claws Mail to GNU Icedove, switch from SysVinit to systemd)? Did you know that it uses GNOME classic-mode instead of fallback-mode now? Did you know that Tails will now notify you if you're using virtualization software with proprietary binaries?"

Re:Additional info

[LichtSpektren]

switch from SysVinit to systemd

Yeah, that freaked out the Devuan paranoids https://lists.dyne.org/lurker/message/20160127.151137.ab4c9937.en.html [dyne.org]

The release notes tell you exactly why they're OK with systemd:

"+ Sandbox many services using Linux namespaces and make them harder to exploit.
+ Make the launching of Tor and the memory wipe on shutdown more robust.
+ Sanitize our code base by replacing many custom scripts."

Maybe that will change if a backdoor or serious security vulnerabilities are discovered, but until then, one need not be afraid.

Re:

[Anonymous Coward]

Tails is not immune to the observation that the chance and number of critical security errors increase as approximately the square of the number of new features.

Only recently was the TrueCrypt security review completely, a and a half after the project was abandoned. At least one successor fork, VeraCrypt is not adding features every week.

I would like monthly security fixes and no more than yearly feature additions.

Re:

[LichtSpektren]

Tails is not immune to the observation that the chance and number of critical security errors increase as approximately the square of the number of new features.

Only recently was the TrueCrypt security review completely, a and a half after the project was abandoned. At least one successor fork, VeraCrypt is not adding features every week.

I would like monthly security fixes and no more than yearly feature additions.

That's precisely what TAILS' release cycle is. It's based off of Debian stable, so whatever that wasn't in Jessie won't be added for several years. There are scheduled security updates (as well as emergency releases for when the security vulnerabilities are particularly serious).

Re:

[Coren22]

Heck, mask your Mac address and go to starbucks....this isn't complex stuff here.

Re:

[LichtSpektren]

Heck, mask your Mac address and go to starbucks....this isn't complex stuff here.

All that would obscure is which computer at the Starbucks is doing whatever shady thing is being done online. If you used TAILS, there would be no proof that it ever booted on your computer at all.

Re:

[Coren22]

Go back to my post, and click the Parent link. I was responding to a thread about the download of TAILS being traceable to an IP, which would show intelligence agencies that you went and downloaded TAILS. If you do it from Starbucks with a fake MAC address, the Intelligence agencies have no clue who downloaded TAILS, after that you can use it wherever you like.

Re:

[Coren22]

Thanks, that helped a lot. My download went way faster from that source.

Tried to get it 2 days ago.

[truck_soccer]

I tried to install it through my junker ubuntu laptop but the repository location got a 404 error and then I lost motivation to find out why.

Hmm?

[EmeraldBot]

circumventing censorship without a trace

Perhaps someone may enlighten me here, but if I recall correctly, Tor doesn't actually hide the fact that you're using it, only what you're using it for, yes? Does Tails have some kind of extra protection to obscure even that??

Re:Hmm?

[LichtSpektren]

circumventing censorship without a trace

Perhaps someone may enlighten me here, but if I recall correctly, Tor doesn't actually hide the fact that you're using it, only what you're using it for, yes? Does Tails have some kind of extra protection to obscure even that??

That's kind of backwards. Any webmaster can tell when there's Tor users accessing their server. The purpose of Tor is to prevent a location trace (since all that you'd see is what exit node they came out of, not which node they entered through). The Tor Browser and TAILS supplement this because they're pre-configured (N.B. they strongly recommend you don't alter any of the default settings), so that every TB and TAILS user looks identical (i.e. they leave no special fingerprints that could be used to identify them).

Re:

[Actually, I do RTFA]

Correct, Tor does not usually hide the fact that you are using it. There are some obscuring gateways into Tor, but those only work if you know about them and your adversary doesn't. I wouldn't trust that, and assume if I am using Tor, anyone who wants to know that fact can get it.

The bomb threat made at Harvard (via Tor) a while back was traced to the only person who was on Tor when it was sent. That was the primary thing that lead to his suspicion.

Re:

[LichtSpektren]

Correct, Tor does not usually hide the fact that you are using it. There are some obscuring gateways into Tor, but those only work if you know about them and your adversary doesn't. I wouldn't trust that, and assume if I am using Tor, anyone who wants to know that fact can get it.

The bomb threat made at Harvard (via Tor) a while back was traced to the only person who was on Tor when it was sent. That was the primary thing that lead to his suspicion.

Right. The reason the Tor Browser works is because everyone using it is indistinguishable. What this means is that the less people using it, the weaker its obfuscation of its users becomes.

The Amnesic Incognito Live System

[Anonymous Coward]

This is what happens when you try to force an acronym.

Re:

[godel_56]

The progress of Tails is welcome, but there is a lack of trustworthy hardware to run it on. All current Intel processors are hopelessly and fundamentally flawed [invisiblethings.org]. The state of x86 security was never good, but Intel has taken it to a whole new level, and now provides the perfect platform for invisible backdoors, rootkits, and other malware.

True, so use a computer that can't be traced to you.

Buy a second hand laptop for cash in a private sale, somewhere away from the cameras, and use it only for that purpose. Transfer files using USB keys or disposable data CDs, to or from your working computer which is air-gaped, or at least not used for anything the watchers may be interested in.

On a mint 17.3

[Anonymous Coward]

Dont bother the ppa just download the torrent file for the iso.
you can use ktorrent it is a little tricky but you will figure it out.

An hour to install?

[bigsexyjoe]

Weren't you able to run Tails 1.0 by just putting in a CD and booting from it? What am I missing? I thought Tails was a live OS and you didn't "install" it per say.

Re:

[Zontar The Mindless]

It is the same. They just push an apparently new and eye-crossingly "simplified" solution out in front of it.

Just show us where to grab the ISO so we can burn the damned thing to a DVD or USB already, geez [boum.org].

Re:

[Zontar The Mindless]

Oh, I'm sorry--be sure to hide your user agent, or they'll try to make you download some damned Firefox add-on first, for verifying the download. Fortunately, there's a torrent.

Re:

[Zontar The Mindless]

The torrent took me exactly 1 minute and one second to download.