Improving security - Tails

Discussion in 'Security, Privacy & Anonymity' started by USPHARMA, Jan 15, 2014.

  1. USPHARMA

    USPHARMA Junior Member

    Tutorial Part 1 - How to install Tails onto a USB drive.
    -------------------------------------------------------------------

    Tails stands for "The Amnesiac Incognito Live System". Tails is a live system that aims at preserving your privacy and anonymity. It helps you to use the Internet anonymously almost anywhere you go and on any computer but leave no trace using unless you ask it explicitly. It is a complete operating-system designed to be used from a DVD or a USB stick independently of the computer's original operating system. It is free software and based on Debian GNU/Linux.

    Tails comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, email client, office suite, image and sound editor, etc. Tails relies on the Tor anonymity network to protect your privacy online: the pre-installed software is configured to connect through Tor, and direct (non-anonymous) connections are blocked.

    Tails is being constantly updated for security flaws - you WILL need to do this all over again soon to stay safe! This comes from the Tails website - "It's very important to keep your version of Tails up-to-date, otherwise your system will be vulnerable to numerous security holes. The development team is doing its best to release new versions fixing known security holes on a regular basis."

    You will need 2 x 8GB USB thumb drives (4GB may pass), they are very cheap and available almost everywhere.


    *** Update: Meatgrinder has posted steps on how to install Tails to a DVD first, then onto a USB from there. Thanks! ***
    *** Update #2: Vegeta has offered a way to install Tails to USB with the use of a virtual machine. Thanks! ***
    *** If any of the links do not work, please PM me and I will update them for you! ***
    *** All of the following links can and should be downloaded through the Tor network! ***

    1 - Download the latest version of the Tails .iso file from here - remember where you save it (latest stable version: 0.19) -
    https://tails.boum.org/download/index.en.html

    1a - If you are an advanced user, you can download the cryptographic signature on this same page and then verify the download with the Tails key from here -
    https://tails.boum.org/tails-signing.key

    2 - Download the latest version of the Linux Universal-USB-Installer from here (latest stable version: 1.9.3.6) -
    Universal USB Installer – Easy as 1 2 3 | USB Pen Drive Linux

    3 - Run the newly downloaded Universal-USB-Installer

    3a - Read and 'agree to' the disclaimer

    3b - Select "Tails" from the first drop-down list, it's towards the end of the list (step 1)

    3c - Browse to and select the Tails .iso file (step 2)

    3d - Select your USB drive letter (format the drive if its not empty already) (step 3)

    3e - Click 'Create' button then wait for it to finish. Will be a few minutes at least.

    4 - Restart the computer and boot into Tails from the USB drive (see below for details on Booting from a USB drive)

    **** (Steps continue in the next post!) ****


    Booting from a USB drive:
    -------------------------------------
    If it does not automatically boot to the USB drive, you need to select the boot order, some newer computers will allow you to select which drive to boot to with a small menu, without changing BIOS settings. You might instead need to edit the BIOS settings, restart your computer, and watch for a message telling you which key to press to enter the BIOS setup. It will usually be one of F1, F2, DEL, ESC or F10. Press this key while your computer is booting to edit your BIOS settings. You need to edit the Boot Order. Depending on your computer you should see an entry for 'removable drive' or 'USB media'. Move this to the top of the list to force the computer to attempt to boot from USB before booting from the hard disk. Save your changes and continue.

    Many Flash Drives ship USB-FDD formatted and some systems will not detect or even boot USB-FDD. Most systems can however boot USB-ZIP, and or USB-HDD. If you are having a hard time getting your BIOS to detect your flash drive, you can try to format it as USB-HDD or USB-ZIP using the BOOTICE program (or similar).
    (Caution - this is a very advanced program! Use with caution - follow links for the latest version) BOOTICE – Partition Flash Drive – Edit Boot Sector | Portable USB Applications

    For more detailed instruction on how to boot from USB you can read
    How To Boot From a USB Device (Flash Drive or External Hard Drive)

    If you have problems accessing the BIOS, read this
    How to Access BIOS | USB Pen Drive Linux

    I will not accept donations for this tutorial, I offer this only in hope that more people will start using Tor. If you have excess bitcoins you feel like donating to a worthy cause, please send them to Tor or Tails...
    https://www.torproject.org/donate/donate.html.en
    https://tails.boum.org/contribute/how/donate/#bitcoin

    Next up: Installing a Persistent Volume alongside a LiveUSB copy of Tails (this is why you need TWO USB drives)



    Tutorial Part 2 - Setting up a LiveUSB version of Tails, then an Encrypted Persistent Volume.
    -------------------------------------------------------------------------------------------------------------------
    You may want to print this text out on paper for easier reference.


    *** (Continued from first post!) ***

    5 - You should now be presented with a log in prompt for a temporary session administration password - this is reset every time you load Tails, it is optional to enter this, it is used to allow current session access to system functions, if you get any errors about access rights try using an admin password at log in. Also at this point you can optionally select to use a Windows XP camo 'skin' to make Tails look more like XP if you're in a public place for example, this is also optional.

    7 - Once Tails is up and running, insert the second USB drive. Click the 'Applications/Accessories' menu, then highlight 'Tails', then click 'Tails USB Installer'.

    7a - Click the 1st option "Clone & Install"

    7b - Select your target device from the drop-down menu (your second USB drive!)

    7c - Click 'Next', then wait for it to finish (however long to copy about 1gb to a USB drive - usually a few minutes). This will install a new copy of Tails onto your second USB drive, this will be your new proper Tails USB.

    8 - Shutdown this session of Tails with the Power Button up in the right-hand corner. Don't forget to take out the FIRST USB you created and BOOT INTO THE NEW SECOND TAILS USB! You can format the first USB drive later on, that copy of tails is no longer required.

    9 - Log in to the new Tails USB, once logged in click the 'Applications' menu, then highlight the 'System Tools' sub-menu, then click on "Configure Persistent Volume". (The size of the persistent volume is automatically determined by how much left over space is on the USB drive after installing Tails in the previous steps.)

    9a - Choose your pass-phrase for the persistent volume - you will need to enter this every time you login to Tails. The persistent volume is an encrypted partition protected by a pass-phrase. Once the persistent volume is created, you can choose to activate it or not each time you start Tails. It is a good place to store sensitive materials. When choosing your pass-phrase remember that short, easily guessed pass-phrases are very easily cracked - it would take one Intel I7 2600k CPU over 200,000,000 YEARS to brute-force crack an AES-256 encrypted 32 random character pass-phrase using lowercase, UPPERCASE, 0-9 & "$p3c|4!" characters ;) )

    9b - Click "Create" and wait for it to finish.

    9c - On completion, a window will popup allowing you to select what Tails will save in the new persistent volume automatically, internet shortcuts, PGP keys, nudie pictures, application settings etc... I recommend selecting everything.

    10 - Close and reboot with your modem plugged in and switched on, log back into Tails with your new persistent volume.

    11 - Make sure your modem is plugged in and turned ON! Click the 'System' menu, then highlight the 'Preferences' submenu, then click on 'Network Connections'. Now, only YOU know what type of internet connection you pay for, I cannot help you with that! My personal internet connection was amazingly simple to setup (i was quite surprised by its pre-configured setups, it has many different countries options for local telcos pre-installed).

    Another note - Tails is PRE-CONFIGURED to go through Tor! It is pre-installed with Vidalia and a Torified browser called 'IceWeasel'. It SHOULD automatically open up when connected to the internet. If not, Use the 'IceWeasel' browser menu shortcut to get onto the Road. Also, this operating system is NOT persistent for security measures, meaning that any changes you make (that are not saved in the persistent volume) will not be saved on restarting Tails! Example is Desktop Backgrounds and general GUI appearance settings (if you manage to get these settings saved and persistent, please let us know!)
     
  2. USPHARMA

    USPHARMA Junior Member

    Good news! If you have an Intel Mac that has an optical drive (CD/DVD) it IS possible to boot Tails from a USB on it.

    Here's how to do it:


    1. Download the latest Tails image from [CLEARNET WARNING]https://tails.boum.org/download/index.en.html and burn the image to a DVD
    2. Boot from the DVD by holding down 'c'. Make sure you hold down 'c' from the time you hear the chime until a black screen pops up. You should hear the DVD spinning in the drive
    3. Once Tails boots, plug in your USB. Make sure no files you want to keep are on it, because they will be destroyed.
    4. Click the Applications menu on the top left and select Tails>Tails Installer
    5. Select Clone & Install
    6. Select the USB under Target Device. Its should be something like /dev/sda1
    7. Click create USB and confirm on the warning.
    8. Reboot the computer and boot back into MacOS. Eject the Tails DVD.
    9. Download plp boot manager (affectionately called Plop) and burn it to a CD

    [CLEARNET WARNING] Plop - Documentation / Manual / Examples - Free Boot Manager, builtin usb driver, native usb, boot different operating systems, cdrom, usb, freeware, option rom bios

    10. Make sure your Tails USB is plugged in.
    11. Reboot your Mac and boot from the Plop CD by holding down 'c' (see step 2 above).
    12. Once Plop boots it will give you a menu. Select USB from the menu and your Mac will boot into Tails.


    Unfortunately things go wrong sometimes. Macs are very temperamental about booting anything that's not MacOS. It it fails (for whatever reason), just be patient and try it again. It will work eventually. It has taken me up to 6 reboots to get a Mac to boot Tails from a USB

    Once you have booted Tails from a USB on your Mac, you will be able to use Persistence. You can go to Applications>Tails>configure persistent volume to set it up.


    If your Mac does NOT have an optical drive, unfortunately it is not yet possible (to my knowledge) to boot Tails from a USB stick at this time.There are some instructions on the Tails website, but I have not been able to get a Mac to boot Tails this way. Maybe it will work for you. Tails developers seem to be working on this problem. It the meantime you may want to consider alternatives such as Whonix