Tails, The Amnesic Incognito Live System, version 1.3.1, is out.

This is an emergency release, triggered by an unscheduled Firefox release meant to fix critical security issues.

It fixes numerous security issues and all users must upgrade as soon as possible.

Changes

Upgrades and changes

There are numerous other changes that may not be apparent in the daily operation of a typical user. Technical details of all the changes are listed in the Changelog.

Known issues

See the current list of known issues.

Download or upgrade

Go to the download page.

What's coming up?

The next Tails release is scheduled for March 31.

Have a look to our roadmap to see where we are heading to.

Do you want to help? There are many ways you can contribute to Tails. If you want to help, come talk to us!

Posted Mon 23 Mar 2015 12:34:56 PM CET Tags:

Tails is transitioning to a new OpenPGP signing key.

The signing key is the key that we use to:

  • Sign our official ISO images.
  • Certify the other OpenPGP keys used by the project.

The previous signing key is safe and, to the best of our knowledge, it has not been compromised.

We are doing this change to improve our security practices when manipulating such a critical piece of data.

  • The old key can still be used to verify Tails 1.3 ISO images.
  • The new key will be used to sign ISO images starting from Tails 1.3.1.

Import and verify the new signing key

Click on the following button to download and import the new signing key:

new Tails signing key

The new signing key is itself signed by the old signing key. So you can transitively trust this new key if you had trusted the old signing key.

To verify that the new key is correctly signed by the old key, you can execute the following command:

gpg --check-sigs A490D0F4D311A4153E2BB7CADBB802B258ACD84F

The output should include a signature of the new key by the old key such as:

sig!         0x1202821CBE2CD9C1 2015-01-19  Tails developers (signing key) <tails@boum.org>

In this output, the status of the verification is indicated by a flag directly following the "sig" tag. A "!" indicates that the signature has been successfully verified.

Security policy for the new signing key

Here is the full description of the new signing key:

    pub   4096R/0xDBB802B258ACD84F 2015-01-18 [expires: 2016-01-11]
          Key fingerprint = A490 D0F4 D311 A415 3E2B  B7CA DBB8 02B2 58AC D84F
    uid                 [ unknown] Tails developers (offline long-term identity key) 
    sub   4096R/0x98FEC6BC752A3DB6 2015-01-18 [expires: 2016-01-11]
    sub   4096R/0x3C83DCB52F699C56 2015-01-18 [expires: 2016-01-11]

You can see that it has:

  • A primary key (marked as pub) with ID 0xDBB802B258ACD84F. This primary key:

    • Is not owned in a usable format by any single individual. It is split cryptographically using gfshare.
    • Is only used offline, in an air-gapped Tails.
    • Expires in less than one year. We will extend its validity as many times as we find reasonable.
  • Two subkeys (marked as sub) with IDs 0x98FEC6BC752A3DB6 and 0x3C83DCB52F699C56 which are stored on OpenPGP smartcards and owned by our release managers. Smartcards ensure that the cryptographic operations are done on the smartcard itself and that the secret cryptographic material is not directly available to the operating system using it.

Web-of-Trust with the Debian keyring

This new signing key has already been signed by various Debian developers, namely:

So you can use the technique described in our documentation to further verify the Tails signing key against the Debian keyring using any of those three keys.

Posted Mon 16 Mar 2015 12:34:56 PM CET Tags:

Welcome to the new Tails report! This edition is more complete than last time. We have some good news to share and you can also see that we did some good work. If you have suggestions about what to include next time, please write to tails-project@boum.org about it :)

Releases

Code

The complete list of improvements is in the release announcements. Some major points are:

  • Distribute a hybrid ISO image again: no need for anyone to manually run isohybrid anymore!
  • Tails now ships the Electrum Bitcoin client.
  • Support obfs4 Tor bridges.

Documentation and website

User experience

Infrastructure

  • Our test suite covers 172 scenarios, 85 (!) more than in July 2014. That's a huge improvement because each release can be automatically tested to avoid regressions instead of having to manually perform the same tests each time. There is still some way to go, but someday releasing will be fast, safe, and easy :)

  • Tails ships a new certificate in 1.2.3, and a new signing key in 1.3.

  • We rewrote the history of our main Git repository to make it four times smaller. This should make the new contributors' experience much nicer.

  • We upgraded the hardware of our main server so that it can handle the short and mid-term plans we have for it: automatically building ISO images from all active branches, and then running our automated test suite on these ISO images.

Funding

Outreach

On-going discussions

Press & Testimonials

  • Four major French-speaking medias (Le Monde, La Libre Belgique, Le Soir de Bruxelles and RTBF - radio-télévision belge) have launched Source Sûre, a whistleblowing platform, in French, that uses Tails.

  • Many people seemed excited to hear about the Bitcoin wallet in Tails and wrote about it. Welcome, Bitcoin community :)

Translation and internationalization

  • Some new translators joined the German translation team within the last months. It's now the biggest translation team and they're seriously working to have all the core pages of the website translated. Nearly halfway there, keep up :)

  • The French translation team manages to keep the core pages up-to-date, but the rest of the web site could use more attention.

  • The Portuguese translation team has not been very active lately, so the Portuguese translations slowly becomes obsolete.

  • The Spanish and Italian translation teams are still at the organizing stages so their translations have not started yet.

  • For all those languages (and other ones!), new translators are really welcome!

All website PO files

  • de: 16% (979) strings translated, 0% strings fuzzy
  • fr: 50% (3,004) strings translated, 1% strings fuzzy
  • pt: 32% (1,947) strings translated, 2% strings fuzzy

Core PO files

  • de: 44% (571) strings translated, 0% strings fuzzy
  • fr: 96% (1,223) strings translated, 1% strings fuzzy
  • pt: 92% (1,173) strings translated, 4% strings fuzzy

Metrics

In January:

  • Tails has been started more than 356,292 times in January. This makes 11,493 boots a day on average.
  • 27,617 downloads of the OpenPGP signature of Tails ISO from our website.
  • 108 bug reports were received through WhisperBack.

In February:

  • Tails has been started more than 344,664 times in February. This makes 12,309 boots a day on average.
  • 25,530 downloads of the OpenPGP signature of Tails ISO from our website.
  • 89 bug reports were received through WhisperBack.
Posted Mon 09 Mar 2015 01:25:05 AM CET

As you might have noticed, the last monthly report was a long time ago, because the people who were doing them had really no time left. Somebody new finally takes over, let's hope it lasts :)

So, here is a minimal report for the second half of 2014, the next ones will be more complete.

Releases

Code

For details, see each release announcement. Notable changes include:

  • 1.1.1: I2P now needs to be enabled with a boot option. We made this choice after a security hole affected I2P ; this problem is now fixed, but if any other is discovered in the future, it won't affect Tails users who don't use I2P.

  • 1.2: Tor Browser replaces the previous Firefox + Torbutton setup. This allows us to work more closely with Tor people and provide a more unified experience to the user.

  • Several major applications are confined with AppArmor. This improves the overall security provided by Tails, and AppArmor work is going on to confine more applications :)

  • 1.2.1: finally remove TrueCrypt. It was abandonned upstream since a long time, and it's safer to use maintained, reviewed encryption methods, like LUKS (that's what the persistence uses). You can still open your TrueCrypt volumes, but we recommand you switch to LUKS volumes as soon as possible.

Funding

  • We passed a call for donations on our website which was quite successful. Donations are still welcome though :)

  • The grant proposal that we submitted to the Digital Defenders was approved. It will fund part of our activity over 2015:

    • Build our capacity to provide same-day security updates:
      • Increase the test coverage of our automated test suite to cover most of our remaining manual tests.
      • Write automated tests for the new features to be developed during
        1. .
      • Buy dedicated hardware to allow core developers to be able to run the test suite locally.
    • Streamline the installation process for less tech-savvy people:
      • Have Tails Installer available in Debian, Ubuntu, and derivatives.
      • Write a Firefox extension to automate the ISO verification at download time.
      • Rework our download and installation instructions as a web assistant to guide new users step-by-step through the process.
    • Provide one year of help desk.
  • We submitted a full proposal to the Open Technology Fund. It passed a first round of review and is now waiting for the approval of their final committee.

Outreach

  • Several Tails contributors attended the 31C3 in Hamburg. We held a Tails table where many people came to ask questions, get Tails installed, start to contribute or just say thank you. We even had some origami folding moments :)

  • We passed a call for help on porting Windows camouflage to GNOME 3.14.

Press & Testimonials

For more information concerning the second half of 2014, see our press page.

  • 2014-12-29: In Reconstructive narratives at the 31th Chaos Communication Congress, Jacob Appelbaum and Laura Poitras explained that properly implemented encryption technologies such as Tor, Tails, GnuPG, OTR, and RedPhone are some of the only ones that can blind the pervasive surveillance of the NSA. They are rated as "catastrophic" by the NSA itself.

  • Tails is being used in the film Citizenfour by Laura Poitras and appears in the credits.

Documentation

Metrics

In August 2014:

  • Tails has been started more than 287,156 times in August. This makes 9,263 boots a day on average.
  • 19,910 downloads of the OpenPGP signature of Tails ISO from our website.
  • 110 bug reports were received through WhisperBack.

In September 2014:

  • Tails has been started more than 344,639 times in September. This makes 11,488 boots a day on average.
  • 26,311 downloads of the OpenPGP signature of Tails ISO from our website.
  • 102 bug reports were received through WhisperBack.

In October 2014:

  • Tails has been started more than 364,727 times in October. This makes 11,765 boots a day on average.
  • 27,342 downloads of the OpenPGP signature of Tails ISO from our website.
  • 160 bug reports were received through WhisperBack.

In November 2014:

  • Tails has been started more than 337,962 times in November. This makes 11,265 boots a day on average.
  • 21,301 downloads of the OpenPGP signature of Tails ISO from our website.
  • 74 bug reports were received through WhisperBack.

In December 2014:

  • Tails has been started more than 347,669 times in December. This makes 11,215 boots a day on average.
  • 26,549 downloads of the OpenPGP signature of Tails ISO from our website.
  • 91 bug reports were received through WhisperBack.
Posted Wed 04 Mar 2015 03:17:39 PM CET

Tails, The Amnesic Incognito Live System, version 1.3, is out.

This release fixes numerous security issues and all users must upgrade as soon as possible.

Changes

New features

  • Electrum is an easy to use bitcoin wallet. You can use the Bitcoin Client persistence feature to store your Electrum configuration and wallet.

  • The Tor Browser has additional operating system and data security. This security restricts reads and writes to a limited number of folders. Learn how to manipulate files with the new Tor Browser.

  • The obfs4 pluggable transport is now available to connect to Tor bridges. Pluggable transports transform the Tor traffic between the client and the bridge to help disguise Tor traffic from censors.

  • Keyringer lets you manage and share secrets using OpenPGP and Git from the command line.

Upgrades and changes

  • The Mac and Linux manual installation processes no longer require the isohybrid command. Removing the isohybrid command simplifies the installation.
  • The tap-to-click and two-finger scrolling trackpad settings are now enabled by default. This should be more intuitive for Mac users.
  • The Ibus Vietnamese input method is now supported.
  • Improved support for OpenPGP smartcards through the installation of GnuPG 2.

There are numerous other changes that may not be apparent in the daily operation of a typical user. Technical details of all the changes are listed in the Changelog.

Known issues

  • The Tor Browser shipped in Tails 1.3 has NoScript version 2.6.9.14 instead of version 2.6.9.15, which is the version used in The Tor Project's own Tor Browser 4.0.4 release.

  • See the current list of known issues.

Download or upgrade

Go to the download page.

What's coming up?

The next Tails release is scheduled for April 7.

Have a look to our roadmap to see where we are heading to.

Do you want to help? There are many ways you can contribute to Tails. If you want to help, come talk to us!

Posted Tue 24 Feb 2015 12:34:56 PM CET Tags:

You can help Tails! The first release candidate for the upcoming version 1.3 is out. Please test it and see if it works for you.

How to test Tails 1.3~rc1?

  1. Keep in mind that this is a test image. We have made sure that it is not broken in an obvious way, but it might still contain undiscovered issues.

  2. Either try the automatic upgrade, or download the ISO image and its signature:

    Tails 1.3~rc1 ISO image

    Tails 1.3~rc1 signature

  3. Verify the ISO image.

  4. Have a look at the list of known issues of this release and the list of longstanding known issues.

  5. Test wildly!

If you find anything that is not working as it should, please report to us! Bonus points if you first check if it is a known issue of this release or a longstanding known issue.

How to automatically upgrade from 1.2.3?

These steps allow you to automatically upgrade a device installed with Tails Installer from Tails 1.2.3 to Tails 1.3~rc1.

  1. Start Tails 1.2.3 from a USB stick or SD card (installed by the Tails Installer), and set an administration password.

  2. Run this command in a Root Terminal to select the "alpha" upgrade channel and start the upgrade:

    echo TAILS_CHANNEL=\"alpha\" >> /etc/os-release && \
         tails-upgrade-frontend-wrapper
    
  3. Once the upgrade has been installed, restart Tails and look at Applications ▸ Tails ▸ About Tails to confirm that the running system is Tails 1.3~rc1.

What's new since 1.2.3?

Notable changes since Tails 1.2.3 include:

  • Major new features

    • Distribute a hybrid ISO image again: no need for anyone to manually run isohybrid anymore! (ticket #8510)
    • Confine the Tor Browser using AppArmor to protect against some types of attack. Learn more about how this will affect your usage of Tails. (ticket #5525)
    • Install the Electrum bitcoin client, and allow users to persist their wallet. (ticket #6739)
  • Minor improvements

See the online Changelog for technical details.

Known issues in 1.3~rc1

Required persistent configuration updates

If you have the Pidgin persistence preset enabled, then you perform the following manual steps to make it open links in the Tor Browser:

  • Start Tails
  • Enable persistence without the read-only option
  • Start Pidgin
  • Choose Tools ▸ Preferences
  • Click the Browser tab
  • Type /usr/local/bin/tor-browser %s in the Manual field
  • Click the Close button
Posted Thu 12 Feb 2015 12:00:00 PM CET

Tails, The Amnesic Incognito Live System, version 1.2.3, is out.

This release fixes numerous security issues and all users must upgrade as soon as possible.

On January 3rd, the SSL certificate of our website hosting provider, boum.org, expired. This means that if you still are running Tails 1.2.1 or older, you will not get any update notification. Please help spreading the word!

Changes

  • Security fixes

    • Upgrade to Linux 3.16.7-ckt2-1.
    • Upgrade to Tor Browser 4.0.3 (based on Firefox 31.4.0esr) (ticket #8700).
    • Improve MAC spoofing fail-safe mechanisms, which includes preventing one more way the MAC address could be leaked. (ticket #8571).
    • Disable upgrade checking in the Unsafe Browser. Until now the Unsafe Browser has checked for upgrades of the Tor Browser in the clear (ticket #8694).
  • Bugfixes

    • Fix startup of the Unsafe Browser in some locales (ticket #8693).
    • Repair the desktop screenshot feature (ticket #8087).
    • Do not suspend to RAM when closing the lid on battery power (ticket #8071).
    • Properly update the Tails Installer's status when plugging in a USB drive after it has started (ticket #8353).

See the online Changelog for technical details.

Known issues

I want to try it or to upgrade!

Go to the download page.

As no software is ever perfect, we maintain a list of problems that affects the last release of Tails.

What's coming up?

The next Tails release is scheduled for February 24.

Have a look at our roadmap to see where we are heading to.

Do you want to help? There are many ways you can contribute to Tails. If you want to help, come talk to us!

Posted Wed 14 Jan 2015 12:34:56 PM CET Tags:

Call for participation!

Are you into GNOME development and want to participate to Tails? Do you want to improve your GTK or GNOME Shell theming skills while supporting users needing privacy and stealth? Consider porting the "Windows camouflage" of Tails to GNOME 3.14.

What is the Windows camouflage?

Tails documentation reads "if you are using a computer in public you may want to avoid attracting unwanted attention by changing the way Tails looks into something that resembles Microsoft Windows 8." This is what we call the "Windows camouflage".

Why is it useful?

We got reports that users have been arrested while using a privacy-enhancing distribution because their screen looked very different from others, which raised suspicion. It's why a Windows camouflage has been added to Tails.

What should be done?

Current Tails is based on GNOME 3.8 in "Fallback" mode. We are currently upgrading Tails on top of the upcoming version on Debian ("Jessie") which is based on GNOME 3.14. The Windows camouflage should be upgraded to the last version of GTK and ported from GNOME Panel to GNOME shell. That includes GTK and GNOME Shell theming through CSS as well as writing a custom GNOME Shell extension.

Why do we need you?

The team currently working on Tails is very busy and decided to focus on the core or the upgrade rather than on the Windows camouflage. We currently plan to go ahead with the initial Tails Jessie release even if the Windows camouflage is missing. However, we would love to ship a proper Windows camouflage and think it's a good occasion for you to give a hand. We'll provide support to anybody volunteering and work together on integrating the new theme to upcoming Tails Jessie snapshots.

Where should you start?

Please read https://tails.boum.org/blueprint/update_camouflage_for_jessie/, then write to tails-dev@boum.org. This is a public mailing list: https://mailman.boum.org/listinfo/tails-dev/. Please subscribe!

Posted Mon 05 Jan 2015 12:00:00 PM CET Tags:

Tails is being distributed free of charge because we strongly believe that free software is more secure by design. But also because we think that nobody should have to pay to be safe while using computers. Unfortunately, Tails cannot stay alive without money as developing Tails and maintaining our infrastructure has a cost.

We rely solely on donations from individuals and supporting organizations to keep Tails updated and getting always better. That's why we need your help!

If you find Tails useful, please consider donating money or contributing some of your time and skills to the project. Donations to Tails are tax-deducible both in the US and in Europe.

In October 2014, Tails was being used by more than 11 500 people daily. The profile of Tor and Tails users is very diverse. This diversity increases the anonymity provided by those tools for everyone by making it harder to target and to identify a specific type of user. From the various contacts that we have with organizations working on the ground, we know that Tails has been used by:

  • Journalists wanting to protect themselves or their sources.

    • Reporters Without Borders is an organization that promotes and defends freedom of information, freedom of the press, and has consultant status at the United Nations. RWB advertises the use of Tails for journalists to fight censorship and protect their sources. RWB uses Tails in their training sessions world-wide.

    • According to Laura Poitras, Glen Greenwald, and Barton Gellman, Tails has been an essential tool to work on the Snowden documents and report on the NSA spying. In a recent article for The Intercept, Micah Lee gives many details on how Tails helped them starting to work together.

    • Fahad Desmukh, a freelance journalist based in Pakistan who is also working for Bytes for All always has a Tails USB handy: "I can use it whenever I may need to and I especially make sure to keep it with me when travelling. Pakistan really isn't the safest place for journalists so thanks to the Tails team for an amazing tool."

    • Jean-Marc Manach, a journalist based in France and specialized in online privacy said that "war reporters have to buy helmets, bullet-proof vests and rent armored cars; journalists using the Internet for their investigations are much luckier: to be as secured as war reporters, they only have to download Tails, burn it on a CD, install it on a SD card, and learn the basics of information and communication security, and it's free!"

  • Human-right defenders organizing in repressive contexts.

    • Tails has been used in combination with Martus, an information system used to report on human rights abuses, to allow Tibetan communities in exile to protect themselves from targeted malware attacks.
  • Democracy defenders facing dictatorships.

  • Citizens facing national emergencies.

    During the last years, we noticed that the use of Tor and Tails systematically peaks when countries face national emergencies. Even if Tails represents a small amount of the global Tor usage, it is advertised by the Tor Project as the safest platform to protect from strong adversaries.

    • In Starting a revolution with technology, Slim Amamou, Tunisian blogger and former Secretary of State for Sport and Youth, explains that Tor "was vital to get information and share it" during the Tunisian revolution of 2011, because social media pages sharing information about the protests were "systematically censored so you could not access them without censorship circumvention tools".

    • Between January 25, the day the Egyptian Revolution of 2011 began, and January 27 2011, the number of Tor users in Egypt was multiplied at least by 4. On January 27, the Egyptian goverment decided to halt Internet access accross the country.

    • Between March 19 and March 31, the number of Tor users in Turkey was multiplied by 3 as a direct response to the growing Internet censorship in the country: on 20 March 2014, access to Twitter was blocked in Turkey, and on 27 March 2014 access to YouTube was blocked.

  • Domestic violence survivors escaping from their abusers.

    • The Tor Project has been working with organizations fighting against domestic violence such as NNEDV, Transition House, and Emerge to help survivors escape digital surveillance from their abuser and report on their situation. As domestic abuse goes digital, circumvention tools like Tor and Tails end up as one of the only options.

If you know of other great stories of Tails users, please share them with us!

Posted Wed 24 Dec 2014 12:34:56 PM CET Tags:

Tails, The Amnesic Incognito Live System, version 1.2.2, is out.

This release is an emergency release that changes the root certificate which is used to verify automatic upgrades.

On January 3rd, the SSL certificate of our website hosting provider, boum.org, will expire. The new certificate will be issued by a different certificate authority. This certificate authority is verified by the automatic upgrade mechanism of Tails.

As a consequence, versions previous to 1.2.2 won't be able to do the next automatic upgrade to version 1.2.3 and will receive an error message from Tails Upgrader when starting Tails after January 3rd.

On top of that, a bug in Tails Upgrader prevents us from providing an automatic upgrade from version 1.2.1 to 1.2.2.

So all users should either:

  • Do a manual upgrade to version 1.2.2 before January 3rd. (recommended)
  • Remember to do a manual upgrade to version 1.2.3 on January 14th.

Changes

  • Minor improvements

    • Change the SSL certificate authority expected by Tails Upgrader when checking for new Tails versions on https://tails.boum.org/.

See the online Changelog for technical details.

Known issues

The same issues as in 1.2.1 apply to this release:

For users of persistent GnuPG keyrings and configuration

If you have enabled the GnuPG keyrings and configuration persistence feature and have upgraded a Tails USB stick or SD card installation to Tails 1.2.1 or 1.2.2, then please follow these steps to benefit from the updated GnuPG configuration:

  1. Boot Tails with an administration password set.

  2. Run this command in a Root Terminal:

    cp /etc/skel/.gnupg/gpg.conf /home/amnesia/.gnupg/gpg.conf

I want to try it or to upgrade!

Go to the download page.

As no software is ever perfect, we maintain a list of problems that affects the last release of Tails.

What's coming up?

The next Tails release is scheduled for January 14.

Have a look at our roadmap to see where we are heading to.

Do you want to help? There are many ways you can contribute to Tails. If you want to help, come talk to us!

Posted Tue 16 Dec 2014 12:34:56 PM CET Tags: