π― What Is Tails?
The Amnesic Incognito Live System
A portable operating system that boots from USB, routes everything through Tor, and forgets everything when you shut down. Used by Snowden, journalists, activists, and anyone needing real anonymity.
Your computer's hard drive is never touched. RAM is wiped on shutdown. It's like your session never happened.
Why Tails Beats Everything Else
What Makes Tails Special
- Amnesic: Leaves no traces on the computer
- Tor by default: All connections forced through Tor
- Encrypted persistence: Optional encrypted storage
- MAC spoofing: Random hardware addresses
- Metadata cleaning: Strips identifying information
- Emergency shutdown: Wipes RAM instantly
Who Uses Tails
- Edward Snowden: Leaked NSA documents using Tails
- Journalists: Protecting sources, SecureDrop submissions
- Activists: Organizing under oppressive regimes
- Whistleblowers: Leaking corporate/government wrongdoing
- Regular people: Escaping domestic surveillance, research
β οΈ Tails Won't Protect Against
- Hardware keyloggers
- Compromised firmware/BIOS
- Physical surveillance (cameras)
- Your own operational mistakes
- Torture (rubber hose cryptanalysis)
Tails is a tool, not magic. Use it correctly or it's useless.
Getting Started: From Download to Boot
What You Need
- USB stick: 8GB minimum, USB 3.0 recommended
- Computer: 2GB RAM minimum, 64-bit processor
- Internet: For initial download (1.3GB)
- 45 minutes: For setup and verification
- Second USB (optional): For persistent storage
Download and Verify
Never Skip Verification
Governments create fake Tails images. Verify or get compromised.
- Go to:
https://tails.net/(bookmark the real site) - Download Tails image (.img file)
- Download signature file (.sig)
- Verify with GPG:
# Import Tails signing key
wget https://tails.net/tails-signing.key
gpg --import tails-signing.key
# Verify the image
gpg --verify tails-amd64-5.19.img.sig tails-amd64-5.19.img
# Should see: "Good signature from Tails developers" If verification fails, DO NOT USE. Your download is compromised.
Create Tails USB
From Linux
# Find your USB device
lsblk
# Usually /dev/sdb or /dev/sdc
# Write image (DESTROYS USB DATA)
sudo dd if=tails-amd64-5.19.img of=/dev/sdX bs=16M status=progress
# Sync and eject
sync
sudo eject /dev/sdX From Windows
- Download Etcher:
https://etcher.balena.io/ - Run Etcher as Administrator
- Select Tails image
- Select USB drive (CAREFUL!)
- Flash
From Mac
# Find disk number
diskutil list
# Unmount
diskutil unmountDisk /dev/diskN
# Write image
sudo dd if=tails-amd64-5.19.img of=/dev/rdiskN bs=1m
# Eject
diskutil eject /dev/diskN Boot Tails
- Shut down computer completely
- Insert Tails USB
- Power on, access boot menu:
- PC: Usually F12, F2, ESC, or DEL
- Mac: Hold Option key
- Select USB device
- Tails boot screen appears
First Boot Options
- Troubleshooting Mode: If normal boot fails
- External Hard Disk: For old computers
- Advanced Options: Disable Tor (DANGEROUS)
Usually: Just press Enter for normal boot.
Your First Tails Session
Welcome Screen Configuration
Language and Region
Choose carefully. This affects:
- Keyboard layout
- Timezone (anonymity implications)
- Language (stylometry risk)
Tip: Don't use your real timezone if hiding location.
Additional Settings (Important!)
- Administration Password: Set if you need sudo access
- MAC Address Anonymization: Keep enabled
- Offline Mode: Only if no internet needed
- Bridge Mode: If Tor is blocked in your country
Connecting to Network
Tor Connection
After login, Tor Connection assistant opens:
- Direct connection: If Tor works in your country
- Bridge mode: If Tor is blocked
- Hide that you're using Tor: Uses obfs4 bridges
Wait for "Connected to Tor successfully!" before doing anything sensitive.
Network Precautions
- Never use without Tor connection
- Avoid networks that require login (hotels, cafes)
- Public WiFi is good (anonymous)
- Home network reveals location
- Consider using phone hotspot (bought with cash)
Built-In Privacy Tools
Tor Browser
Pre-configured for maximum security. JavaScript disabled on Safest setting. Don't install addons. Don't change settings. Don't login to personal accounts.
Thunderbird Email
Configured for Tor. Use with anonymous email only (ProtonMail, Tutanota). Never use personal email.
KeePassXC
Password manager. Store passwords in persistent volume. Use strong master password. Generate random passwords for everything.
OnionShare
Share files anonymously. Creates temporary .onion address. Receiver needs Tor Browser. Self-destructs after transfer.
Electrum Bitcoin
Bitcoin wallet over Tor. Still not anonymous (Bitcoin is transparent). Consider using for Monero conversion only.
MAT2 (Metadata Cleaner)
Removes metadata from files. Right-click any file β "Remove metadata". Essential before sharing documents.
Additional Software
Can install temporarily (lost on reboot):
# Update first
sudo apt update
# Examples
sudo apt install vlc # Media player
sudo apt install gimp # Image editing
sudo apt install git # Version control For permanent software, use persistent volume.
Persistent Storage: Remembering Safely
β οΈ Persistence Reduces Anonymity
Persistent storage can link sessions together. Only use if necessary. Never store identifying information.
Creating Persistent Volume
- Applications β Tails β Configure persistent volume
- Choose strong passphrase (20+ characters)
- Select what to persist:
- Personal Data (documents)
- Browser Bookmarks
- Network Connections
- Software
- Printers (avoid if possible)
- Thunderbird emails
- GnuPG keys
- Bitcoin wallet
- SSH keys
- Dotfiles
- Restart Tails
- Enter passphrase at welcome screen
Persistent Volume Security
- Encrypted with LUKS (strong)
- Only accessible with passphrase
- Invisible when Tails not running
- Can't be accessed without booting Tails
Best Practices
- Different USB for different identities
- Never mix personal and anonymous data
- Backup encrypted volume separately
- Change passphrase regularly
- Destroy USB if compromised
Advanced Techniques
Emergency Shutdown
Compromised? Police at door? Pull the USB. RAM starts clearing immediately.
Better: Set up emergency shutdown:
- Remove USB quickly
- Or press power button for 5 seconds
- RAM is overwritten with random data
- Cold boot attacks become harder
Using Bridges
If Tor is blocked or suspicious:
- Get bridges from:
https://bridges.torproject.org - Or email:
[email protected](from Gmail/Riseup only) - Configure at welcome screen β Tor Connection
- Use obfs4 bridges (best obfuscation)
Unsafe Browser
Sometimes need non-Tor browser (captive portals):
- Set admin password at welcome
- Applications β Internet β Unsafe Browser
- ONLY use for network login
- Close immediately after
MAC Address Spoofing
Enabled by default. Changes hardware address to random. But:
- Some networks whitelist MACs
- Can make you stand out (random MAC obvious)
- Consider disabling in some situations
- Welcome screen β Additional settings β MAC address
OpSec: Not Getting Caught
Before Using Tails
- Buy USB with cash
- Download Tails from public WiFi
- Don't use your personal computer
- Create cover story for having Tails
- Consider hidden USB compartment
While Using Tails
- Never login to personal accounts
- Don't use identifying speech patterns
- Avoid unique typing patterns
- Change physical locations
- Use different USB for different activities
- Watch for cameras
- Shield screen from shoulder surfing
After Using Tails
- Properly shutdown (don't just unplug)
- Hide USB securely
- Consider decoy USBs
- Have plausible deniability story
- Never discuss Tails usage
π¨ The Weakest Link
Tails is nearly perfect technically. Users are not. Most people caught using Tails were betrayed by:
- Logging into personal accounts
- Using identifying writing style
- Same mistakes repeatedly
- Trusting the wrong people
- Poor physical security
Alternatives to Tails
| OS | Pros | Cons | Best For |
|---|---|---|---|
| Whonix | VM isolation, persistent | Complex setup, resource heavy | Long-term anonymity |
| Qubes OS | Compartmentalization, secure | Hardware requirements, learning curve | Security professionals |
| Kodachi | VPN + Tor, DNSCrypt | Less tested, smaller community | Belt-and-suspenders approach |
| Parrot OS | Pentesting tools, AnonSurf | Not amnesic by default | Security research |
Tails remains best for: Hit-and-run anonymity, whistleblowing, anti-forensics.
Mistakes That Will Burn You
- Using Tails at home - ISP sees Tor usage, links to you
- Logging into personal accounts - Instant deanonymization
- Saving files to hard drive - Leaves forensic traces
- Using same USB for different identities - Links them together
- Installing random software - Could be malicious
- Disabling security features - "For convenience"
- Using JavaScript - Enables browser exploits
- Mixing Tor and clearnet - Correlation attacks
- Trusting exit nodes - They see unencrypted traffic
- Not updating Tails - Missing security patches
Real-World Tails Usage
Snowden's Workflow
- Booted Tails from USB
- Accessed NSA documents from encrypted drive
- Contacted journalists via SecureDrop
- Uploaded documents through Tor
- Shut down, no traces
Journalist Source Protection
- Source boots Tails at library
- Accesses SecureDrop .onion site
- Uploads documents
- Provides codename to journalist
- Communication established anonymously
Activist Coordination
- Boot Tails at cafe
- Access group's hidden service
- Share plans via OnionShare
- Coordinate via encrypted chat
- Shutdown before leaving
The Bottom Line on Tails
Tails is the gold standard for anonymous computing. It's what you use when failure means prison or worse. But it's not foolproof.
Strengths:
- True amnesia - no traces left
- Forces all traffic through Tor
- Battle-tested by dissidents worldwide
- Free and open source
- Actively maintained
Weaknesses:
- Can't protect from hardware attacks
- Tor traffic is suspicious
- Small user base (compared to Windows)
- Requires discipline to use correctly
- One mistake can compromise everything
Start Practicing Now
Don't wait until you need anonymity to learn Tails. Download it today. Practice the workflow. Build muscle memory. When you really need it, you'll be ready.
Remember: Tails is like a fire extinguisher. Better to have it and not need it than need it and not have it.
π Essential Resources
- Official docs:
https://tails.net/doc/ - Warning page (READ THIS):
https://tails.net/doc/about/warnings/ - Threat model:
https://tails.net/doc/about/threat_model/ - r/tails subreddit (use via Tor)
Related Guides
- Privacy Live Distros: Tails, Whonix & Amnesic Systems: Compare Tails with Whonix, Kodachi, and other options
- Linux Distros for Privacy: Hardening Guide: Daily-driver distros: Fedora, Debian, Qubes OS
- Tor Deep Dive: Understand the network Tails routes through
- Secure Communications with Signal: Encrypted messaging for non-Tails use