We are especially proud to present you Tails 3.0, the first version of Tails based on Debian 9 (Stretch). It brings a completely new startup and shutdown experience, a lot of polishing to the desktop, security improvements in depth, and major upgrades to a lot of the included software.

Debian 9 (Stretch) will be released on June 17. It is the first time that we are releasing a new version of Tails almost at the same time as the version of Debian it is based upon. This was an important objective for us as it is beneficial to both our users and users of Debian in general and strengthens our relationship with upstream:

  • Our users can benefit from the cool changes in Debian earlier.
  • We can detect and fix issues in the new version of Debian while it is still in development so that our work also benefits Debian earlier.

This release also fixes many security issues and users should upgrade as soon as possible.

Changes

New features

New startup and shutdown experience

  • Tails Greeter, the application to configure Tails at startup, has been completely redesigned for ease of use:

    • All options are available from a single window.
    • Language and region settings are displayed first to benefit our international audience.
    • Accessibility features can be enabled from the start.

    This has been a long process, started three years ago with the UX team of NUMA Paris and lead only by volunteers. Join us on tails-ux@boum.org to participate in future designs!

  • The shutdown experience has also been redesigned in order to be:

    • More reliable. It was crashing on various computers with unpredictable results.
    • More discrete. The screen is now totally black to look less suspicious.

    Technically speaking, it is now using the freed memory poisoning feature of the Linux kernel.

Polishing the desktop

  • We switched to the default black theme of GNOME which has a more modern and discrete look:

  • Tails 3.0 benefits from many other small improvements to the GNOME desktop:

    • Files has been redesigned to reduce clutter and make the interface easier to use. Several new features have been added, such as the ability to rename multiple files at the same time and the ability to extract compressed files without needing a separate application.

    • The notification area has been improved to allow easy access to previous notifications. Notification popups have also been repositioned to make them more noticeable.

    • Shortcut windows have been added to help you discover keyboard shortcuts in GNOME applications.

      For example, press Ctrl+F1 in Files to display its shortcut window.

Security improvements in depth

  • Tails 3.0 works on 64-bit computers only and not on 32-bit computers anymore. Dropping hardware support, even for a small portion of our user base, is always a hard decision to make but being 64-bit only has important security and reliability benefits. For example, to protect against some types of security exploits, support for the NX bit is compulsory and most binaries are hardened with PIE which allows ASLR.

    Check if your computer is 64-bit or 32-bit.

  1. Start any Tails version.

  2. To open a terminal choose Applications ▸ Utilities ▸ Terminal.

  3. Execute the following command to display system information:

        uname -m
    
    • If the output is x86_64, your computer is 64-bit and Tails 3.0 should work.

    • If the output is i686, your computer is 32-bit and Tails 3.0 will not work.

  • Update Tor Browser to 7.0.1 (based on Firefox 52 ESR) which is multiprocess and paves the way to content sandboxing. This should make it harder to exploit security vulnerabilities in the browser.

Major upgrades to included software

  • Most included software has been upgraded in Debian 9, for example:
    • KeePassX from 0.4.3 to 2.0.3
      Your password database will be migrated automatically to the new format of KeePassX 2.
    • LibreOffice from 4.3.3 to 5.2.6
    • Inkscape from 0.48.5 to 0.92.1
    • Audacity from 2.0.6 to 2.1.2
    • Enigmail from 1.8.2 to 1.9.6
    • MAT from 0.5.2 to 0.6.1
    • Dasher from 4.11 to 5.0
    • git from 2.1.4 to 2.11.0

Upgrades and changes

  • The Pidgin tray icon was removed from the top navigation bar and replaced by popup notifications.

  • Icedove was renamed as Thunderbird, its original name, inheriting this change from Debian.

  • The search box and the search feature of the address bar of the Unsafe Browser were removed. (#12540)

  • The read-only option of the persistent storage was removed. It was used by very few users, created confusion, and lead to unexpected issues. (#12093)

Fixed problems

  • The new X.Org display server in Tails 3.0 should work on more newer graphical hardware.

  • UEFI boot has been fixed on some machines (ThinkPad X220).

  • MAC spoofing has been fixed on some network interfaces (TP-Link WN725N). (#12362)

For more details, read our changelog.

Known issues

  • Tails Installer erroneously rejects some USB sticks. When this happens, a message that starts with "Skipping non-removable device" is displayed (#12696). To workaround this problem:

    1. Start the operating system you want to use Tails Installer on.
      If you want to use Tails Installer in Tails 3.0, set up an administration password.

    2. Choose Applications ▸ System Tools ▸ Root Terminal to open a terminal with administration rights.

    3. Execute the following command to fix the bug in Tails Installer:

      perl -pi -E 's,media_removable,removable,' /usr/lib/python2.7/dist-packages/tails_installer/creator.py

    4. Tails Installer should not expose this problem again… until you restart Tails, as these changes will be reverted upon restart.

  • Tails fails to start on some computers with Intel graphical hardware.

  • Some users have reported problems during the migration from Icedove to Thunderbird, in particular that Thunderbird doesn't start.

    If this happens to you, please send us a WhisperBack report without restarting Tails.

See the list of long-standing issues.

Get Tails 3.0

What's coming up?

Tails 3.1 is scheduled for August 8.

Have a look at our roadmap to see where we are heading to.

We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!

Tags:

We decided to close tails-support@boum.org, the public mailing list for user support which was created in 2013 after closing the forum that we had on this website.

The idea behind having a public space for user support was to:

  • Reduce the amount of work for our help desk behind tails-support-private@boum.org (which is encrypted and also receives WhisperBack reports).

    This is not really working as tails-support-private@boum.org still has 12 times more traffic than tails-support@boum.org.

  • Build a community of people doing user support outside of our team.

    This is not really working either as most of the threads are still answered by our help desk or other core contributors.

  • Build a public database to make it easy to consult or reuse previous answers.

    This is not really working either as the archive of the mailing list are hard to search and reuse and it's easier to point people to the documentation, known issues, or FAQ.

Having a public mailing list also makes it:

  • Complicated to make sure that both the list and the sender receive our answers.

  • Sensitive to ask for more technical information about the problem, such as logs, as they are harder for the person reporting the error to share with us and also raises privacy concerns.

  • Duplicate work between tails-support-private@boum.org and tails-support@boum.org as people often write to both.

The major downside of closing tails-support@boum.org is that it was a good place for developers to have some feedback on the recurrent problems faced by users. We want to solve this while working on a request tracker for our help desk.

See you on tails-support-private@boum.org!

Releases

Code

Tails 3.0

We have been focused on the last finishing touches before we deem Tails 3.0 ready for release. Things are looking good so far!

Reproducible builds

Here are some details about our work in April and May on making Tails reproducible. This effort is covered by the Mozilla Open Source Support award (MOSS) that we've received.

Current status

In March we reported that we had finally seen an ISO image build reproducibly on several machines. Since then we kept working on this front.

Our automatic upgrades are now reproducible, however, one remaining issue currently blocks us from claiming that our ISO images are too. We are confident that this issue will be solved within a few weeks.

Reproducible website build

In March we've made great progress to get our website build reproducibly. Later on, we realized that ikiwiki resized some images of our website which sometimes contained timestamped metadata, thus making the ISO image build unreproducibly. We have worked around this on our side (#12566), and will fix the root cause of the problem in ikiwiki upstream (#12625).

The blocker: fontconfig

The cloud which hides the blue skies and the sun in the reproducible builds solar system today, and which is our sole remaining problem to make our ISO image build reproducibly is this: we ship a cache for fonts in Tails. However, this cache is currently not generated in a reproducible manner. In March we tried moving its generation out of the ISO, however, it makes Tails start slower and resulted in too many unreliable test failures. Thus, we decided to move it back into the ISO image and to try and fix the root cause of the problem instead. We filed Debian bug #863427, but we already know that our patch is not yet enough to fix the problem, although it greatly reduces the number of differences from 75 to 5 (#12567); so we'll keep working on it.

ISO image and IUKs

Our automatic upgrades are now reproducible (#12630).

When we generate the ISO image using isohybrid, we pass it an ID. We tried setting this ID to $SOURCE_DATE_EPOCH which resulted in a reproducible, but non-hybrid, ISO. Thus, we decided to pass a fixed ID instead: #12453.

The bright future

Remaining technical issues are tracked on #12608.

We are working on documenting how to modify our release process to ensure the ISO images we publish are reproducible (#12628, #12629).

For those of our users who want to verify their own ISO builds against ours, we'll soon document how to do that (#12630).

Infrastructure

See the Infrastructure section for our work on the infrastructural aspects of this project.

Documentation and website

  • We have published the Tails Social contract.

  • We finished updating all our documentation to Tails 3.0, based on Debian Stretch.

  • We updated our documentation to a new layout of the Universal USB Installer for Windows and scaled its screenshots to fix an issue reported by huertanix.

  • We updated our documentation of the build system, as a result of the work on reproducible builds.

User experience

Infrastructure

  • We upgraded some more of our systems to Debian Stretch.

  • We have continued the efforts to optimize our systems' resources, by playing with different settings of the NUMA balancing (#11179).

  • We have adapted our CI infrastructure to be able to bring back the email notification mechanism for build and test failures, at least for branches which have tickets in a "Ready For QA" state in Redmine (#11355). This will be unleashed in June so that we'll be able to gather statistics about false positives in our CI notifications to developers.

  • Most of our efforts have been focused on upgrading our infrastructure to support reproducible builds, see below.

Reproducible builds

After a long discussion, we decided not to publish any Vagrant basebox at all: the key argument in favour of this major design change was to remove one huge binary blob from the list of trusted inputs needed for building a Tails ISO image. This will substantially increase the value of Tails ISO images building reproducibly. This decision has a few nice side effects, including:

  • the properties of the basebox required to build a given state of our code base are entirely encoded in the corresponding Git commit;
  • changes in the ISO build box definition don't require building and uploading a new basebox.

Then we made enough progress to migrate our Continuous Integration platform to the build system used by developers. This is now running in production, not exactly smoothly yet (as explained below), but well enough to keep supporting our development and quality assurance processes. For details, see #11972, #11979, #11980, #11981, #12017, and #11006.

Then we had to deal with a number of issues that we were not in a position to identify before submitting this brand new system to a real-world workload. Some are fixed already (#12530, #12578, #12565, #12541, #12529, #12575, #12606). Work is still in progress on some other problems: they are our Continuous Integration engineers' top priority, and should be fully resolved in the next couple of months.

Finally, we have set up automated tests for the reproducibility of our ISO image. Obviously, the results of these tests are publicly available.

Funding

Outreach

Past events

  • gagz and geb did a presentation and a workshop of Tails at the CPML yearly meeting.

On-going discussions

Translation

All the website

  • de: 59% (2977) strings translated, 5% strings fuzzy, 52% words translated
  • fa: 43% (2200) strings translated, 9% strings fuzzy, 47% words translated
  • fr: 87% (4357) strings translated, 1% strings fuzzy, 85% words translated
  • it: 31% (1585) strings translated, 4% strings fuzzy, 28% words translated
  • pt: 28% (1443) strings translated, 8% strings fuzzy, 25% words translated

Total original words: 52.798

Core pages of the website

  • de: 82% (1537) strings translated, 10% strings fuzzy, 82% words translated
  • fa: 37% (695) strings translated, 10% strings fuzzy, 39% words translated
  • fr: 98% (1843) strings translated, 1% strings fuzzy, 98% words translated
  • it: 78% (1473) strings translated, 11% strings fuzzy, 78% words translated
  • pt: 48% (910) strings translated, 13% strings fuzzy, 49% words translated

Total original words: 17.079

Metrics

  • Tails has been started more than 694.165 times this month. This makes 22.392 boots a day on average.
  • 13.181 downloads of the OpenPGP signature of Tails ISO from our website.
  • 110 bug reports were received through WhisperBack.

Releases

The following changes were introduced in Tails 2.12:

  • We installed again GNOME Sound Recorder to provide a very simple application for recording sound in addition to the more complex Audacity. Sound clips recorded using GNOME Sound Recorder are saved to the Recordings folder.

  • We removed I2P, an alternative anonymity network, because we unfortunately have failed to find a developer to maintain I2P in Tails. Maintaining software like I2P well-integrated in Tails takes time and effort and our team is too busy with other priorities.

  • Upgrade Linux to 4.9.13. This should improve the support for newer hardware (graphics, Wi-Fi, etc.).

Documentation and website

User experience

  • We collected intercept interviews of users using Tails world-wide to better understand our users, their needs, and what they like or dislike in Tails. We already have seven great story from Western Europe, North America, Latin America, and Africa.

Infrastructure

  • We upgraded some of our systems to Debian 9 (Stretch), in order to help identify remaining issues before it becomes the new Debian stable release.

  • We made good progress towards using our Vagrant build system on our Continuous Integration infrastructure, to make it match what developers use. This is part of our work on Reproducible ISO Builds.

  • We are interviewing a candidate to join our system administration team.

  • The mechanism that we designed for the distribution and activation of the revocation certificate of the Tails signing key is now deployed and 23 people own a share of the revocation certificate. It allows revoking the Tails signing key even if very bad things happens to most of the team while making it hard for isolated and malicious individuals to revoke the signing key when not needed. We still encourage experts to review this mechanism and other projects to adopt similar practices.

Funding

  • We are working towards adding a partners page to our website, and are talking with a couple potential corporate sponsors.

  • We are still in the process of discussing our proposal with OTF, and reworking it accordingly.

  • We were nominated for the MIT Media Lab Disobedience Award.

Translation

All website PO files

  • de: 55% (3182) strings translated, 5% strings fuzzy, 50% words translated
  • fa: 39% (2246) strings translated, 8% strings fuzzy, 43% words translated
  • fr: 82% (4686) strings translated, 1% strings fuzzy, 81% words translated
  • it: 27% (1591) strings translated, 3% strings fuzzy, 25% words translated
  • pt: 26% (1537) strings translated, 8% strings fuzzy, 24% words translated

Total original words: 58888

Core PO files

  • de: 82% (1544) strings translated, 9% strings fuzzy, 83% words translated
  • fa: 37% (701) strings translated, 10% strings fuzzy, 39% words translated
  • fr: 98% (1836) strings translated, 1% strings fuzzy, 98% words translated
  • it: 79% (1479) strings translated, 11% strings fuzzy, 78% words translated
  • pt: 49% (916) strings translated, 13% strings fuzzy, 50% words translated

Total original words: 17063

Metrics

  • Tails has been started more than 672644 times this month. This makes 21698 boots a day on average.
  • 16930 downloads of the OpenPGP signature of Tails ISO from our website.
  • 160 bug reports were received through WhisperBack.

You can help Tails! The first release candidate for the upcoming version 3.0 is out. We are very excited and cannot wait to hear what you think about it :)

What's new in 3.0~rc1?

Tails 3.0 will be the first version of Tails based on Debian 9 (Stretch). As such, it upgrades essentially all included software.

Changes since Tails 3.0~beta4 include:

  • Important security fixes!

  • Upgrade to current Debian 9 (Stretch).

  • Upgrade tor to 0.3.0.7-1.

  • Upgrade Tor Browser to 7.0a4.

  • Migrate from Icedove to Thunderbird (only cosmetic).

Technical details of all the changes are listed in the Changelog.

How to test Tails 3.0~rc1?

We will provide security updates for Tails 3.0~rc1, just like we do for stable versions of Tails.

But keep in mind that this is a test image. We tested that it is not broken in obvious ways, but it might still contain undiscovered issues.

But test wildly!

If you find anything that is not working as it should, please report to us on tails-testers@boum.org.

Bonus points if you first check if it is a known issue of this release or a longstanding known issue.

Get Tails 3.0~rc1

To upgrade, an automatic upgrade is available from 3.0~beta4 to 3.0~rc1.

If you cannot do an automatic upgrade, you can install 3.0~rc1 by following our usual installation instructions, skipping the Download and verify step.

Tails 3.0~rc1 ISO image OpenPGP signature
Tails 3.0~rc1 torrent

Known issues in 3.0~rc1

  • The documentation has only been partially updated so far.

  • The graphical interface fails to start on some Intel graphics adapters. If this happens to you:

    1. Add the xorg-driver=intel option in the boot menu.
    2. If this fixes the problem, report to to tails-testers@boum.org the output of the following commands:

      lspci -v
      lspci -mn
      

      … so we get the identifier of your graphics adapter and can have this fix applied automatically in the next Tails 3.0 pre-release.

    3. If this does not fix the problem, try Troubleshooting Mode and report the problem to tails-testers@boum.org. Include the exact model of your Intel graphics adapter.
  • There is no Read-Only feature for the persistent volume anymore; it is not clear yet whether it will be re-introduced in time for Tails 3.0 final (#12093).

  • The persistent Tor Browser bookmarks feature is broken if you enable it for the first time in Tails 3.0~rc1; any persistent bookmarks from before will still work.

    You can workaround this as follows, after you start Tails the first time with Browser bookmarks persistence enabled:

    1. Start Tor Browser and let it load
    2. Close Tor Browser
    3. Run this in a Terminal:

      cp /home/amnesia/.tor-browser/profile.default/places.sqlite \
         /home/amnesia/.mozilla/firefox/bookmarks/places.sqlite
      rm /home/amnesia/.tor-browser/profile.default/places.sqlite*
      ln -s /home/amnesia/.mozilla/firefox/bookmarks/places.sqlite \
            /home/amnesia/.tor-browser/profile.default/places.sqlite
      
  • Thunderbird email client fails to load for some users. You can fix this by creating a file called .migrated in the folder of your Thunderbird profile. To do so, run this command in a Terminal:

    touch /home/amnesia/.thunderbird/profile.default/.migrated
    
  • Open tickets for Tails 3.0~rc1

  • Open tickets for Tails 3.0

  • Longstanding known issues

What's coming up?

We will likely publish the first release candidate for Tails 3.0 around May 19.

Tails 3.0 is scheduled for June 13.

Have a look at our roadmap to see where we are heading to.

We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!

Tags:

We had written and adopted a Code of Conduct since our first public hackfest in Paris in 2014. This code was and is meant as a guide to make our public spaces welcoming and friendly to every sentient being.

We have since then worked on a Social Contract which we proudly present today!

The Tails Social Contract is a set of commitments that we as contributors to the Tails project stand by. This work is derived from the Debian Social Contract and the Tor Social Contract. If you have any questions or comments, feel free to email: tails-project@boum.org.

This is a promise from our contributors community to the rest of the world, affirming a commitment to our beliefs.

1. By creating Tails we try to provide usable tools for anonymity and privacy

We believe that privacy, the free exchange of ideas, and equal access to information are essential to free and open societies. Through our community standards and the tools we create, we provide means that empower all people to protect and advance these ideals.

2. Tails is and will remain free software

Equal access to information includes the free availability of our code and documentation as well as the transparency of our decision making processes.

All the components of Tails that we create ourselves are, and will be, licensed in a manner consistent with the Debian Free Software Guidelines.

Tails will always be free to use, remix, adapt and distribute. As the only exceptions to this rule, Tails includes:

  • a minor part of non-free firmware in order to work on as much hardware as possible;
  • a few pieces of software whose source code is public but not compatible with the Debian Free Software Guidelines; they are needed to support important use cases.

3. We will give back to the Free Software community

Tails is a privacy-oriented Debian Derivative.

We want usable security and privacy-oriented tools to become a standard for the Free Software community as a whole.

Bug fixes, code improvements, Debian packaging, as well as work on usability issues will be sent upstream whenever possible. This way, our modifications will benefit others and can be improved upon further by a wider audience of people.

4. We encourage participation and transparency

We want to produce Tails in a way that encourages participation, which requires publicly documenting what can be improved. As Tails is created in such a transparent manner, anyone is encouraged to participate, review it and point out problems.

To make our community a welcoming place for everybody we agreed on a Code of Conduct.

5. We will never harm our users intentionally

We will always do our best to create secure and usable tools. We will never willingly include backdoors or malicious software nor will we cooperate with any entity wanting us to harm our users.

Mistakes sometimes happen. We will be honest about them and fix those that affect the safety of Tails users when they are reported to us.

Whenever severe security issues are reported to us in private, we will test them and ensure we promptly fix these issues. We will notify our users whenever such an issue has been reported to us. However, for the security of our users, we might not disclose such a severe issue before releasing a fix.

6. We give users the means to decide how much they can rely on Tails

We encourage users to inform themselves and decide if Tails is suitable for their use case and how much they can trust it. We work diligently to keep our community up-to-date through our various communication channels about the current state of our software and its limitations. We encourage users to read our documentation as well as third-party documentation in order to make an informed decision and engage in a learning process about the tools we ship.

We provide and explain methods of verification so that anyone can ensure that they downloaded a genuine copy of Tails.

Tags:

You can help Tails! The fourth beta for the upcoming version 3.0 is out. We are very excited and cannot wait to hear what you think about it :)

What's new in 3.0~beta4?

Tails 3.0 will be the first version of Tails based on Debian 9 (Stretch). As such, it upgrades essentially all included software.

Other changes since Tails 3.0~beta3 include:

  • Important security fixes!

  • All changes brought by Tails 2.12.

  • Upgrade to current Debian 9 (Stretch).

  • Many bug fixes in Tails Greeter.

  • Fix the ORCA screen reader.

  • Replace Pidgin's "systray" icon with the guifications plugin.

Technical details of all the changes are listed in the Changelog.

How to test Tails 3.0~beta4?

We will provide security updates for Tails 3.0~beta4, just like we do for stable versions of Tails.

But keep in mind that this is a test image. We tested that it is not broken in obvious ways, but it might still contain undiscovered issues.

But test wildly!

If you find anything that is not working as it should, please report to us on tails-testers@boum.org.

Bonus points if you first check if it is a known issue of this release or a longstanding known issue.

Get Tails 3.0~beta4

To upgrade, an automatic upgrade is available from 3.0~beta2 and 3.0~beta3 to 3.0~beta4.

If you cannot do an automatic upgrade, you can install 3.0~beta4 by following our usual installation instructions, skipping the Download and verify step.

Tails 3.0~beta4 ISO image OpenPGP signature

Known issues in 3.0~beta4

  • The documentation has only been partially updated so far.

  • The graphical interface fails to start on some Intel graphics adapters. If this happens to you:

    1. Add the xorg-driver=intel option in the boot menu.
    2. If this fixes the problem, report to to tails-testers@boum.org the output of the following commands:

      lspci -v
      lspci -mn
      

      … so we get the identifier of your graphics adapter and can have this fix applied automatically in the next Tails 3.0 pre-release.

    3. If this does not fix the problem, try Troubleshooting Mode and report the problem to tails-testers@boum.org. Include the exact model of your Intel graphics adapter.
  • There is no Read-Only feature for the persistent volume anymore; it is not clear yet whether it will be re-introduced in time for Tails 3.0 final (#12093).

  • Open tickets for Tails 3.0~rc1

  • Open tickets for Tails 3.0

  • Longstanding known issues

What's coming up?

We will likely publish the first release candidate for Tails 3.0 around May 19.

Tails 3.0 is scheduled for June 13.

Have a look at our roadmap to see where we are heading to.

We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!

Tags:

Diese Version behebt zahlreiche Sicherheitslücken. Alle Benutzerinnen und Benutzer sollten so schnell wie möglich aktualisieren.

Änderungen

Neue Funktionen

  • Wir haben den GNOME Tonaufzeichner wieder installiert, um damit im Vergleich zum komplexeren Audacity eine sehr einfache Anwendung zum Aufnehmen von Ton anzubieten. Mit dem Tonaufzeichner aufgenommene Soundclips werden im Ordner Aufnahmen gespeichert.

Aktualisierungen und Änderungen

  • Wir haben I2P, ein alternatives Anonymitätsnetzwerk entfernt, da wir unglücklicherweise keine Entwicklerin bzw. Entwickler für die Pflege von I2P in Tails gefunden haben. Die Wartung für gut integrierte Software in Tails, beispielsweise I2P, nimmt Zeit und Aufwand in Anspruch. Unser Team ist derzeit mit anderen Prioritäten beschäftigt.

  • Aktualisierung von Linux auf 4.9.13. Dies sollte die Unterstützung für neuere Hardware (Grafik, W-LAN, usw.) verbessern.

Lesen Sie für mehr Details unser Änderungsprotokoll.

Bekannte Probleme

  • The video application Totem may crash Tails. You can work around this problem by installing VLC.

Lesen Sie sich die Liste der längerfristig bekannten Probleme durch.

Holen Sie sich Tails 2.12.

Was kommt als Nächstes?

Tails 3.0 ist für den 13. Juni geplant.

Werfen Sie einen Blick auf die Roadmap, um zu sehen, was wir als Nächstes vorhaben.

Wir brauchen Ihre Hilfe und es gibt viele Wege, Tails zu unterstützen, (Spenden ist nur einer davon). Sprechen Sie uns an!

Tags:

Releases

Tails 2.11 was released on March 7 (minor release).

Tails 2.12 is scheduled for April 18.

The following changes were introduced in Tails 2.11:

  • If running on a 32-bit processor, notify the user that it won't be able to start Tails 3.0 anymore. (#12193)

  • Notify I2P users that I2P will be removed in Tails 2.12. (#12271)

  • Fix CVE-2017-6074 (local root privilege escalation) by disabling the dccp module. (#12280) Also disable kernel modules for some other uncommon network protocols. (Part of #6457)

  • Tor Browser: Don't show offline warning when opening the local documentation of Tails. (#12269)

  • Fix rare issue causing automatic upgrades to not apply properly (#8449 and #11839)

  • Install Linux 4.8.15 to prevent GNOME from freezing with Intel GM965/GL960 Integrated Graphics. (#12217)

Code

I2P to be removed

We are very sad to announce that Tails 2.11 will be the last version to include I2P, an alternative anonymizing network. But we will be happy to reintroduce I2P if we find a volunteer to take care of maintaining it in Tails. If you are a developer and care about I2P in Tails, that person could be you! Come talk to us!

Reproducible builds

We had a very productive 3-days sprint. After many iterations we have finally seen an ISO image build reproducibly on several machines! This implied fixing a number of things, and submitting a number of patches upstream.

The build environment variations we've tested include: build system clock (last month, next month; could not test next year yet), number of CPU cores, CPU brand and model, building in Vagrant or not.

For details, see the full report that was written after the sprint.

Porting Tails to Debian 9 (Stretch)

A bunch of Tails developers and technical writers had a very productive sprint. The remaining work now feels tractable: aside of the documentation update, only a few major regressions and adjustments remain to be dealt with.

So, we are increasingly confident that we can make Tails 3.0 a solid release, published according to schedule on June 13… but possibly a little bit earlier or later, if it allows us to release at the same time as Debian 9 (Stretch).

Two beta releases for Tails 3.0 were published (3.0~beta2 on March 8, 3.0~beta3 on March 19). They introduce the following changes:

  • Upgrade Linux to 4.9.0-2 (version 4.9.13-1).

  • Make it possible to start graphical applications in the Root Terminal.

  • Improve styling of the GNOME Shell window list.

  • Tails Greeter:

    • Make the "Formats" settings in Tails Greeter take effect (it was introduced in Tails 3.0~alpha1 but has been broken since then).
    • Add keyboard shortcuts:
      • Alt key for accelerators in the main window
      • Ctrl+Shift+A for setting an administrator password
      • Ctrl+Shift+M for MAC spoofing settings
      • Ctrl+Shift+N for Tor network settings
  • Remove I2P.

  • Reintroduce the X11 guest utilities for VirtualBox (clipboard sharing and shared folders should work again).

  • Upgrade X.Org server and the modesetting driver in hope it will fix crashes when using some Intel graphics cards.

  • Automate the migration from KeePassX databases generated on Tails 2.x to the format required by KeePassX 2.0.x.

Infrastructure

We upgraded some of our systems to Debian 9 (Stretch), in order to help identify remaining issues before it becomes the new Debian stable release.

All major browsers will now refuse to connect to our website, and to any web service we host in the tails.boum.org namespace, unless HTTPS is used with a valid certificate: they are now on the Google Chrome 57 HSTS preload list, and all other major browsers build their own list from this one.

We started researching our options for upgrading our server hardware.

We made some progress on deploying a web platform for translations and an internal XMPP server.

We started a process to hire a new system administrator.

Funding

We've sent a proposal to OTF, that covers:

  • adding TrueCrypt support in GNOME;
  • adding a graphical interface for the Additional Packages persistent feature;
  • a small fraction of our day-to-day operations budget.

Our budget until the end of March, 2018 was approved by the Tails core contributors.

Outreach

Past events

  • On March 1st, Austin English presented Tails at the Austin (Texas) Linux Meetup.
  • Four of us attended the Tor developers meeting in Amsterdam. It was great! See the first report about it.
  • Two of us gave a training about Tails and digital security at Mediapart. Apparently, everything went fine: attendees where mostly interested and happy with it, and asked a lot of questions, ranging from "How can I manage my passwords" to "How much does it cost to compromise my laptop?".

Upcoming events

  • intrigeri will be giving a keynote at CryptoRave (São Paulo, May 5-6).

On-going discussions

We had a contributors meeting on March 3 (minutes).

Translation

All the website

  • de: 56% (3189) strings translated, 5% strings fuzzy, 50% words translated
  • fa: 40% (2265) strings translated, 8% strings fuzzy, 44% words translated
  • fr: 82% (4670) strings translated, 1% strings fuzzy, 81% words translated
  • it: 28% (1598) strings translated, 3% strings fuzzy, 25% words translated
  • pt: 27% (1549) strings translated, 8% strings fuzzy, 25% words translated

Total original words: 58396

Core pages of the website

  • de: 82% (1538) strings translated, 10% strings fuzzy, 83% words translated
  • fa: 38% (708) strings translated, 10% strings fuzzy, 39% words translated
  • fr: 99% (1845) strings translated, 0% strings fuzzy, 99% words translated
  • it: 79% (1486) strings translated, 10% strings fuzzy, 79% words translated
  • pt: 49% (922) strings translated, 13% strings fuzzy, 50% words translated

Total original words: 17057

You can help Tails! The first release candidate for the upcoming version 2.12 is out. Please test it and report any issue. We are particularly interested in feedback relating to whether Tor's startup works better or worse.

How to test Tails 2.12~rc1?

Keep in mind that this is a test image. We tested that it is not broken in obvious ways, but it might still contain undiscovered issues.

But test wildly!

If you find anything that is not working as it should, please report to us! Bonus points if you first check if it is a known issue of this release or a longstanding known issue.

Download and install

Tails 2.12~rc1 ISO image ?OpenPGP signature

To install 2.12~rc1, follow our usual installation instructions, skipping the Download and verify step.

Upgrade from 2.10 or 2.11

  1. Start Tails 2.10 or 2.11 on a USB stick installed using Tails Installer and set an administration password.

  2. Run this command in a Root Terminal to select the "alpha" upgrade channel and start the upgrade:

    echo TAILS_CHANNEL=\"alpha\" >> /etc/os-release && \
         tails-upgrade-frontend-wrapper
    
  3. After the upgrade is installed, restart Tails and choose Applications ▸ Tails ▸ About Tails to verify that you are running Tails 2.12~rc1.

What's new since 2.11?

Changes since Tails 2.11 are:

  • Major changes

    • Completely remove I2P. :( We have decided to remove I2P (see #11276) due to our failure of finding someone interested in maintaining it in Tails (Closes: #12263).
    • Upgrade the Linux kernel to 4.9.0-0.bpo.2 (Closes: #12122).
  • Security fixes

    • Mount a dedicated filesystem on /var/tmp, to mitigate the hardlinks permissions open by the user-tmp abstraction. See https://labs.riseup.net/code/issues/9949#note-23 for details (Closes: #12125).
    • Protect against CVE-2017-2636 by disabling the n-hdlc kernel module (Closes: #12315).
    • Ensure /etc/resolv.conf is owned by root:root in the SquashFS. lb_chroot_resolv will "cp -a" it from the source tree, so it inherits its ownership from the whoever cloned the Git repository. This has two problems. First, this results in unsafe permissions on this file (e.g. a Vagrant build results in the 'amnesia' user having write access to it).
  • Minor improvements

    • Don't add the live user to the "audio" group. This should not be needed on a modern Linux desktop system anymore (Closes: #12209).
    • Install virtualbox-* 5.1.14-dfsg-3~bpo8+1 from our custom APT repository (Closes: #12307).
    • Install virtualbox-guest-* from sid. The version currently in jessie-backports is not compatible with Linux 4.9, and there's basically no chance that it gets updated (the maintainer asked for them to be removed from jessie-backports) (Closes: #12298).
    • Pull ttdnsd from our custom APT repository. It's gone from the TorProject one. We removed ttdnsd on feature/stretch already, so we'll need to pull it from our custom APT repository only for the next 3 months.
    • Clean up libdvd-pkg build files, again. This cleanup operation was mistakenly removed in commit c4e8744 (Closes: #11273).
    • Install gnome-sound-recorder (Closes #10950). Thanks to Austin English austinenglish@gmail.com for the patch!
    • Stop restarting tor if bootstrapping stalls. It seems tor might have fixed the issues we used (see: #10238, #9516) to experience with the bootstrap process stalling and requiring a restart to kickstart it (Closes: #12411).
    • tor.sh: communicate via the UNIX socket instead of TCP port. This makes the library usable when run inside systemd units that have PrivateNetwork=yes set.
    • Get tor's bootstrap progress via GETINFO instead of log grep:ing.
  • Bugfixes

    • mirror-pool-dispatcher: bump maximum expected mirrors.json size to 32 KiB. This fixes an error where Tails Upgrader would complain with "cannot choose a download server" (Closes: #11735).

For more details, see also our changelog.

Known issues in 2.12~rc1

  • In Tails Greeter, selecting the This computer's Internet connection is censored, filtered, or proxied is broken. Using it will start Tor Launcher but it will fail to connect to tor, so it's unusable, and tor itself will not be able to bootstrap. If you need this option, skip this release candidate; this issue will be fixed in the final 2.12 release.

  • Longstanding known issues

Tags: