In this context, the term fingerprint refers to what is specific to Tails in the way it behaves on Internet. This can be used to determine whether a particular user is using Tails or not.

As explained on our warning page, when using Tails it is possible to know that you are using Tor. But Tails tries to make it as difficult as possible to distinguish Tails users from other Tor users, especially users of Tor Browser outside of Tails. If it is possible to determine whether you are a user of Tor Browser inside or outside of Tails, this provides more information about you and in consequence reduces your anonymity.

This section explains some issues regarding the fingerprint of Tails and how this could be used to identify you as a Tails user.

For the websites that you are visiting

The websites that you are visiting can retrieve a lot of information about your browser. That information can include its name and version, window size, list of available extensions, timezone, available fonts, etc.

To make it difficult to distinguish Tails users, Tor Browser in Tails tries to provide the same information as Tor Browser on other operating systems in order to have similar fingerprints.

Refer to the fingerprint section of our list of known issues to know if there are differences between the fingerprints of Tor Browser inside and outside of Tails.

Apart from that, some of the Tor Browser extensions included in Tails are specific to Tails. More sophisticated attacks can use those differences to distinguish Tails users.

For example, Tails includes Adblock Plus which removes advertisements. If an attacker can determine that you are not downloading the advertisements that are included in a webpage, that could help identify you as a Tails user.

For the moment, you should consider that no special care is taken regarding the fingerprint of the Unsafe Browser.

For your ISP or local network administrator

  • Tor bridges are most of the time a good way of hiding the fact that you are connecting to Tor to a local observer. If this is important for you, read our documentation about bridge mode.

  • A Tails system is almost exclusively generating Tor activity on the network. Usually users of Tor Browser on other operating systems also have network activity outside of Tor, either from another web browser or other applications. So the proportion of Tor activity could be used to determine whether a user of Tor Browser is using Tails or not. If you are sharing your Internet connection with other users that are not using Tails it is probably harder for your ISP to determine whether a single user is generating only Tor traffic and so maybe using Tails.

  • Tails does not use the entry guards mechanism of Tor. With the entry guard mechanism, a Tor user always uses the same few relays as first hops. As Tails does not store any Tor information between separate working sessions, it does not store the entry guards information either. This behaviour could be used to distinguish Tails users across several working sessions.

  • When starting, Tails synchronizes the system clock to make sure it is accurate. While doing this, if the time is set too much in the past or in the future, Tor is shut down and started again. This behavior could be used to distinguish Tails users, especially since this happens every time Tails starts.