Tails é um Software Livre, e por isso você pode baixá-lo, usá-lo e compartilhá-lo sem restrições.

Primeira vez com o Tails?

  • Se você não sabe o que são metadados ou o que é um ataque man-in-the-middle.
  • Se você acha que ninguém pode grampear suas comunicações porque você usa Tor.
  • If you have no notion of how Tails works.

Então, primeiro leia as páginas sobre e de advertência para ter certeza de que Tails é a ferramenta que você precisa e para entender bem suas limitações.

Baixe a imagem ISO

You will download Tails in the form of an ISO image: a single file that you will later burn on a DVD or install onto a USB stick or SD card.

Download direto

Última versão

Tails 0.23 - imagem ISO

Assinatura digital

Tails 0.23 signature

Se você não sabe ao certo o que é uma assinatura criptográfica, por favor leia verificando a imagem ISO.

Configure um espelho web

Se você possui um servidor, você é mais que bem-vindo/a a ajudar a difundir o Tails montando um espelho web.

Baixar via BitTorrent

Última versão

Tails 0.23 - torrent

Assinatura digital

A assinatura criptográfica da imagem ISO também está contida no Torrent.

Adicionalmente, você pode verificar a assinatura do arquivo Torrent antes de baixar seu conteúdo.

Semeie em retribuição!

Seeding back the image once you have downloaded it is also a nice and easy way of helping spread Tails.

List of current known issues in Tails.

Verifique a imagem ISO

É importante revisar a integridade da imagem ISO uma vez que ela tenha sido baixada para certificar-se de que foi baixada sem erros.

Estas técnicas são baseadas no HTTPS padrão e em autoridades certificadoras para fazer com que você confie no conteúdo deste sítio web. Mas, como explicado na nossa página de advertência, você ainda pode ser vítima de um ataque man-in-the-middle mesmo enquanto estiver usando HTTPS. Isto pode ocorrer nesse sítio tanto quanto em qualquer outro da Internet.

As a consequence, they don't provide you with a strong way of checking the ISO image authenticity and making sure you downloaded a genuine Tails. In a dedicated section, we will propose you some more advanced techniques to check the authenticity of the ISO image.

Todas as imagens ISO do Tails são assinadas criptograficamente pela nossa chave OpenPGP. OpenPGP é um padrão de criptografia de dados que provê privacidade criptográfica e autenticação através do uso de chaves possuídas pelos seus usuários/as. Verificar essas assinaturas é a forma recomendada para checar a integridade da imagem ISO.

Se você já sabe como usar uma chave OpenPGP você pode baixá-la agora mesmo:

Tails signing key

Caso contrário, leia as instruções sobre como verificar a integridade da imagem ISO:

Usando Gnome no Linux: Ubuntu, Debian, Tails, Fedora, etc.

You need to have the seahorse-plugins package installed. It is already the case under Tails. Under Debian or Ubuntu, if you're not sure or want to install it, you can issue the following commands:

sudo apt-get update
sudo apt-get install seahorse-plugins

The development of seahorse-plugins has stopped. It hasn't been ported to Gnome 3. It is no more available on Debian starting from Wheezy and Ubuntu starting from version 11.10, Oneiric Ocelot. If you can't install it please try verifying the ISO using the command line.

If you are using Tails, you already have the signing key. Otherwise, first download Tails signing key:

Tails signing key

Your browser should propose you to open it with "Import Key". Choose this action. It will add Tails signing key to your keyring, the collection of OpenPGP keys you already imported:

What should Iceweasel do with this file? Open
with: Import Key (default)

You will get notified will the following message:

Key Imported. Imported a key for Tails
developers (signing key) <tails@boum.org>

Now, download the cryptographic signature corresponding to the ISO image you want to verify:

Tails 0.23 signature

Your browser should propose you to open it with "Verify Signature". Choose this action to start the cryptographic verification:

What should Iceweasel do with this file?
Open with: Verify Signature (default)

Browse your files to select the Tails ISO image you want to verify. Then, the verification will start. It can take several minutes:

Verifying

If the ISO image is correct you will get a notification telling you that the signature is good:

Goog Signature

If the ISO image is not correct you will get a notification telling you that the signature is bad:

Bad Signature: Bad or forged signature.

Usando Linux via linha de comando

You need to have GnuPG installed. GnuPG is the common OpenPGP implementation for Linux: it is installed by default under Debian, Ubuntu, Tails and many other distributions.

First, download Tails signing key:

Tails signing key

Open a terminal and import Tails signing key with the following commands:

cd [the directory in which you downloaded the key]
cat tails-signing.key | gpg --keyid-format long --import

The output should tell you that the key was imported:

gpg: key 1202821CBE2CD9C1: public key "Tails developers (signing key) <tails@boum.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

If you had already imported Tails signing key in the past, the output should tell you that the key was not changed:

gpg: key 1202821CBE2CD9C1: "Tails developers (signing key) <tails@boum.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

If you are shown the following message at the end of the output:

gpg: no ultimately trusted keys found

Analyse the other messages as usual: this extra message doesn't relate to the Tails signing key that you downloaded and usually means that you didn't create an OpenPGP key for yourself yet, which of no importance to verify the ISO image.

Now, download the cryptographic signature corresponding to the ISO image you want to verify and save it in the same folder as the ISO image:

Tails 0.23 signature

Then, start the cryptographic verification, it can take several minutes:

cd [the ISO image directory]
gpg --keyid-format long --verify tails-i386-0.23.iso.sig tails-i386-0.23.iso

If the ISO image is correct the output will tell you that the signature is good:

gpg: Signature made Sat 30 Apr 2011 10:53:23 AM CEST
gpg:                using RSA key 1202821CBE2CD9C1
gpg: Good signature from "Tails developers (signing key) <tails@boum.org>"

If you see the following warning:

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 0D24 B36A A9A2 A651 7878  7645 1202 821C BE2C D9C1

Then the ISO image is still correct, and valid according to the Tails signing key that you downloaded. This warning is related to the trust that you put in the Tails signing key. See, Trusting Tails signing key. To remove this warning you would have to personally sign the Tails signing key with your own key.

If the ISO image is not correct the output will tell you that the signature is bad:

gpg: Signature made Sat 30 Apr 2011 10:53:23 AM CEST
gpg:                using RSA key 1202821CBE2CD9C1
gpg: BAD signature from "Tails developers (signing key) <tails@boum.org>"

Usando outros sistemas operacionais

Using Firefox

Instead of a cryptographic signature, this technique uses a cryptographic hash. We propose it because it's especially easy for Windows users.

  1. Install the MD5 Reborned Hasher extension for Firefox.

  2. Restart Firefox.

  3. Open the Downloads window from the menu Tools ▸ Downloads. MD5 Reborned Hasher only operates from the files that are appearing in the Downloads window of Firefox.

  4. If you are using Firefox 20 to 25, MD5 Reborned Hasher is incompatible with the new Downloads window. To go back to a compatible layout of the Downloads window, do the following:

    1. Open a new tab in Firefox.
    2. Type about:config in the URL bar, then press Enter.
    3. Paste the following preference name into the search field: browser.download.useToolkitUI.
    4. Change the value of this preference to true, by doing right-click on the preference and choosing Toggle.
    5. Restart Firefox.

    If you are using Firefox 26 or later, this method is not working anymore. It is currently impossible to use Firefox 26 or later to verify an ISO image.

  5. If the ISO image does not appear in the list of recent downloads:

    • Choose the menu File ▸ Open File….
    • Select the ISO image that you want to check. Choose to save it with the same name. Answer Yes if Firefox asks you whether you want to replace it.
    • This starts a local copy of the ISO image and adds it to the Downloads window.
  6. Click on the Check Digest… link on the line of the Downloads window corresponding to the ISO image. If no Check Digest… link appear, then MD5 Reborned Hasher is not installed correctly.

  7. In the Check File window, choose a SHA256 hash type.

  8. Click on Generate Digest.

  9. Copy and paste the following hash for version 0.23 in the Enter checksum text box.

    359d104737f1a448375d2030f938dea3d529468b8218485998ab893c1f7509eb
  10. When the hash is done generating, a result appears at the bottom of the window saying:

    • Okay, if the ISO image is correct,
    • Match failed!, if the ISO image is not correct.

Using the cryptographic signature

GnuPG, a common free software implementation of OpenPGP has versions and graphical frontends for both Windows and Mac OS X. This also make it possible to check the cryptographic signature with those operating systems:

You will find on either of those websites detailed documentation on how to install and use them.

For Windows using Gpg4win

After installing Gpg4win, download Tails signing key:

Tails signing key

Consult the Gpg4win documentation to import it

Then, download the cryptographic signature corresponding to the ISO image you want to verify:

Tails 0.23 signature

Consult the Gpg4win documentation to check the signature

If you see the following warning:

Not enough information to check the signature validity.
Signed on ... by tails@boum.org (Key ID: 0xBE2CD9C1
The validity of the signature cannot be verified.

Then the ISO image is still correct, and valid according to the Tails signing key that you downloaded. This warning is related to the trust that you put in the Tails signing key. See, Trusting Tails signing key. To remove this warning you would have to personally sign the Tails signing key with your own key.

For Mac OS X using GPGTools

After installing GPGTools, you should be able to follow the instruction for Linux with the command line. To open the command line, navigate to your Applications folder, open Utilities, and double click on Terminal.

So how can I better check the ISO image authenticity?

The Tails signing key that you downloaded from this website could be a fake one if you were victim of a man-in-the-middle attack.

Encontrar uma melhor forma de confiar na chave do Tails pode ajudar você a verificar melhor a imagem ISO baixada. A seguinte página lhe dará dicas sobre como você pode aumentar o nível de confiança que você pode colocar na chave de assinatura do Tails que você baixou.

Fique ligado/a

É muito importante que você mantenha sua versão do Tails atualizada, pois de outro modo seu sistema ficará vulnerável a múltiplas brechas de segurança. A equipe de desenvolvimento faz o melhor para lançar novas versões que corrijam falhas de segurança conhecidas numa frequência regular.

New versions are announced on our news mailing-list. Drop your email address into this box, then hit the button to subscribe:

to the news mailing-list.

There also are RSS and Atom feeds that announce new available BitTorrent files.

Vide nossa fonte de anúncios de segurança para informações mais detalhadas sobre as brechas de segurança que afetam o Tails. Você também será automaticamente notificado/a sobre brechas de segurança que afetam a versão que você estiver usando durante o início de uma nova sessão do Tails.