Releases

The following changes were introduced in Tails 2.7:

  • Fix multi-architecture support in Synaptic. This should fix broken installations of additional packages from Synaptic. (#11820)

  • Set default spell checking language of Icedove to English instead of French. (#11037)

Code

Tails based on Debian 9 (Stretch)

We made lots of progress on porting Tails to Debian 9 (Stretch). This work culminated with the release of Tails 3.0~alpha1.

Reproducible ISO build

We had an initial sprint about reproducible builds. We are very happy with the progress we've made: the tree that becomes filesystem.squashfs is now almost fully reproducible; so is also the tree that is the basis for automatic upgrades. Along the way, we've contributed a number of patches to Debian and upstream projects.

  • Make our PO files update reproducibly, by not updating them unless something other than POT-Creation-Date has changed.
  • live-build:
    • Use xorriso, that honors the SOURCE_DATE_EPOCH variable, to build the ISO filesystem reproducibly.
    • Expose the SOURCE_DATE_EPOCH variable when running scripts inside the chroot.
    • Clamp mtimes to SOURCE_DATE_EPOCH in the chroot and binary filesystems.
    • Use SOURCE_DATE_EPOCH to populate /.disk/info timestamp.
    • Use SOURCE_DATE_EPOCH when templating syslinux templates.
  • Made mksquashfs honor SOURCE_DATE_EPOCH for the filesystem creation date, and had it clamp mtimes to SOURCE_DATE_EPOCH.
  • Incremental upgrade kits:
    • Made aufs white-outs reproducible.
    • Made aufs pseudo-links permanent, so that they are reproducible.
    • Passed --sort=name --clamp-mtime --mtime=@$SOURCE_DATE_EPOCH to tar.
  • Made our web site build reproducibly… and then discovered more bits that are not generated in a deterministic way, which lead us to discover that our cleanall build option did not clean as well as it should (fix).
  • Eliminated various causes for non-determinism, such as caches and other generated files.
  • On the infrastructure side of things:
    • Vagrant boxes management: we came up with a new design that will be reflected on the blueprint shortly.
    • Experimented with using our Vagrant + libvirt build system on one of our Jenkins ISO builders, and started work towards migrating them all.

Documentation and website

User experience

Infrastructure

Funding

  • We continued our donation campaign and wrote about what we do with our money and our plans for the coming years.

  • Our grant proposal for NLnet on porting Tails to Debian Stretch was rejected.

  • Our grant proposal for ISC Project on a translation platform for our website was rejected.

Outreach

Translation

  • All the website:

    • de: 57% (2880) strings translated, 4% strings fuzzy, 51% words translated
    • fa: 46% (2344) strings translated, 7% strings fuzzy, 52% words translated
    • fr: 79% (3979) strings translated, 4% strings fuzzy, 78% words translated
    • it: 17% (885) strings translated, 2% strings fuzzy, 18% words translated
    • pt: 31% (1593) strings translated, 8% strings fuzzy, 29% words translated

    Total original words: 50832

  • Core pages of the website:

    • de: 85% (1569) strings translated, 8% strings fuzzy, 85% words translated
    • fa: 39% (724) strings translated, 9% strings fuzzy, 40% words translated
    • fr: 90% (1657) strings translated, 7% strings fuzzy, 91% words translated
    • it: 47% (871) strings translated, 6% strings fuzzy, 53% words translated
    • pt: 51% (947) strings translated, 12% strings fuzzy, 52% words translated

    Total original words: 16995

Metrics

  • Tails has been started more than 613099 times this month. This makes 20437 boots a day on average. It's the first time we're over 20000 boots a day!
  • 14634 downloads of the OpenPGP signature of Tails ISO from our website.
  • 110 bug reports were received through WhisperBack.
Posted Fri 09 Dec 2016 08:27:13 PM CET

You can help Tails! The first alpha for the redesigned Tails Greeter is out. We are very excited and cannot wait to hear what you think about it :)

What is Tails Greeter?

Tails Greeter is the set of dialogs that appear after the boot menu, but before the GNOME Desktop appears.

It lets you choose your language, enable your persistent volume, and set a number of other options.

Why a new Tails Greeter?

We had two main reasons to redesign Tails Greeter:

  • Usability testing has demonstrated that it is not as easy to use as we would like, especially for people trying Tails for the first time.
  • We have pushed the old interface to its limits; it cannot accommodate the options we would like to add to it.

What is new in the redesigned Tails Greeter?

Nearly everything you can see has changed! We have been working for more than two years with designers to make Tails Greeter easier to use:

Redesigned Tails Greeter
alpha screenshot

How to test the redesigned Tails Greeter?

Keep in mind that this is a test image. We did not carefully test it so it is not guaranteed to provide any security or anonymity.

But test wildly!

Download and install

experimental Tails ISO image including the redesigned Tails Greeter

The line corresponding to the ISO image is the one whose size is 1G.

You cannot install this ISO image from Tails 2.x. It is impossible as well to upgrade to this ISO image from Tails 2.x. So, either install or upgrade from a non-Tails system, or start this ISO image from DVD and then clone it to a USB stick.

To install this ISO image, follow our usual installation instructions, skipping the Download and verify step.

What to test

Don't hesitate to test all kinds of options, and ensure they are taken into account in the Tails session.

If you find anything that is not working as it should, please report to us on tails-testers@boum.org, including the exact filename of the ISO image you have tested.

Known issues in the redesigned Tails Greeter

Like it?

We have a donation campaign going on: we explained you why we needed donations, how we use these donations, and we shared with you our plans for the next years.

So if you want Tails to remain independent, if you want to enable the Tails team to work on projects we think are important, such as redesigning Tails Greeter, please take one minute to make a donation.

Posted Tue 06 Dec 2016 07:00:00 PM CET Tags:

This release fixes many security issues and users should upgrade as soon as possible.

Changes

Upgrades and changes

  • Upgrade Tor Browser to 6.0.7.

For more details, read our changelog.

Known issues

See the list of long-standing issues.

Get Tails 2.7.1

What's coming up?

Tails 2.9 is scheduled for December 13.

Have a look at our roadmap to see where we are heading to.

We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!

Posted Wed 30 Nov 2016 01:34:56 PM CET Tags:

As part of our ongoing donation campaign, we already explained you why we needed donations and how we use these donations. Today we are sharing with you our plans for the next years:

  • Easier adoption

    • Revamp Tails Greeter: make it easier to configure Tails when starting (#5464)
    • Rethink the installation and upgrade process: take a step back and reflect on the future of Tails Installer, the installation on Windows and Mac, and automatic upgrades (#11679)
    • Graphical installation method for Mac OS: what would it take to document tools other than Tails Installer to do a graphical installation from Mac OS? (#11682)
    • Explain better what Tails is and what makes it so awesome (#9814)
  • Security hardening

    • Reproducible build of the ISO image: protect users and developers from a malicious build of our ISO image (#5630)
    • Persistent Tor state: have persistent entry guards (#5462)
    • HTTPS mirrors: serve our downloads over HTTPS only (#9796)
    • Persistent seed for random number generator: have better entropy and stronger crypto (#7675)
    • Browser fingerprint: compare and reevaluate the web fingerprint of Tor Browser inside and outside Tails (#5362)
  • Community

    • Web platform for translators: make it easier to translate our website (#10034)
    • Social contract: guiding principles that reflects the commitment to our ideals (#11669)
    • Personas: study and describe our user base to take better design decisions (#11162)
    • Improvements to WhisperBack: make it easier and faster to answer support requests (#9799, #9800)
  • Sustainability

    • Tails based on Debian Stretch (Tails 3.0)
    • Better server infrastructure: to handle our growing needs on continuous integration and have a backup server (#11680, #6185)
    • Test Tails on ARM: starting with a few Chromebooks supported by Debian (#11677)
    • Tails on tablets: specify what upstream projects (GNOME, Debian, etc.) should work on to help porting Tails to tablets and smartphones (#10039)
  • Fundraising

    • Have more reliable and steady sources of income
    • Depend less on grants from governments
  • New applications and features

    • Graphical interface for the Additional Packages persistent feature: allow users to customize which applications are available in their Tails (#5996 #9059)
    • Backups: provide a graphical tool to backup the persistent volume (#5301)
    • Screen locker: allow users to lock their session with a password (#5684)
    • Tails Server: run onion services from Tails (VoIP chat rooms, collaboration tools, web servers, messaging servers, etc.) (#5688)
    • Tails Verifier: allow verifying whether a Tails installation has been corrupted (#7496)
    • TrueCrypt support in GNOME: graphical utilities to mount TrueCrypt volumes (#11684, #6337)

These are all items that we find important and want to prioritize. But making them a reality will require lots of work, time, and money; on top of all the day-to-day work that we do to simply keep Tails alive.

If you want us to get there faster, please take one minute to make a donation.

If your organization is interested in funding one of these tasks in particular, please contact us at tails-accounting@boum.org (OpenPGP key).

Posted Sat 26 Nov 2016 12:34:56 PM CET Tags:

You can help Tails! The first alpha for the upcoming version 3.0 is out. We are very excited and cannot wait to hear what you think about it :)

What's new in 3.0?

Tails 3.0 will be the first version of Tails based on Debian 9 (Stretch). As such, it upgrades essentially all included software.

It also requires a 64-bit computer, and GNOME Shell is now configured to use its default black theme.

Technical details of all the changes are listed in the Changelog.

How to test Tails 3.0~alpha1?

Keep in mind that this is a test image. We tested that it is not broken in obvious ways, but it might still contain undiscovered issues.

But test wildly!

If you find anything that is not working as it should, please report to us tails-testers@boum.org.

Bonus points if you first check if it is a known issue of this release or a longstanding known issue.

Download and install

Tails 3.0~alpha1 ISO image OpenPGP signature

You cannot install Tails 3.0~alpha1 from Tails 2.x. It is impossible as well to upgrade to Tails 3.0~alpha1 from Tails 2.x. So, either install or upgrade from a non-Tails system, or start Tails 3.0~alpha1 from DVD and then clone it to a USB stick.

To install 3.0~alpha1, follow our usual installation instructions, skipping the Download and verify step.

If you find anything that is not working as it should, please report to us on tails-testers@boum.org.

Bonus points if you first check if it is a known issue of this release or a longstanding known issue.

Known issues in 3.0~alpha1

  • The documentation was not adjusted yet.

  • Open tickets for Tails 3.0

  • If you have the GnuPG persistence feature enabled, update files in /home/amnesia/.gnupg/:

    1. Set up an administration password and log in.
    2. Import dirmngr.conf from /lib/live/mount/rootfs/filesystem.squashfs/etc/skel/.gnupg/dirmngr.conf.
    3. Backup the /home/amnesia/.gnupg/gpg.conf file, replace it with /lib/live/mount/rootfs/filesystem.squashfs/etc/skel/.gnupg/gpg.conf, and re-apply your custom settings on top of the new file.
  • Longstanding known issues

Posted Fri 18 Nov 2016 11:00:00 AM CET Tags:

This release fixes many security issues and users should upgrade as soon as possible.

Changes

Upgrades and changes

Fixed problems

  • Fix multi-architecture support in Synaptic. This should fix broken installations of additional packages from Synaptic. (#11820)

  • Set default spell checking language of Icedove to English instead of French. (#11037)

For more details, read our changelog.

Known issues

  • Users setting their Tor Browser security slider to High will have to click on a link to see the result of the search they done with the search box.

See the list of long-standing issues.

Get Tails 2.7

What's coming up?

Tails 2.8 is scheduled for December 13.

Have a look at our roadmap to see where we are heading to.

We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!

Posted Tue 15 Nov 2016 12:34:56 PM CET Tags:

Releases

Code

  • The branch for OnionShare support was much improved and is now ready for review (#7870). This required a complete rewrite of our Tor control port filter to make it a lot more powerful… and in passing, flexible enough for Whonix to adopt it.

Infrastructure

  • Our test suite covers 213 scenarios, 4 more that at the end of September.

  • 575 ISO images were automatically built and tested by our continuous integration infrastructure.

  • We published a mechanism for the distribution and activation of the revocation certificate of the Tails signing key. It allows revoking the Tails signing key even if very bad things happens to most of the team while making it hard for isolated and malicious individuals to revoke the signing key when not needed. We encourage experts to review this mechanism and other projects to adopt similar practices.

Funding

  • We launched a donation campaign to run until the end of 2016. We already raised 56 bitcoins!

  • We published our financial report for 2015.

  • Our proposal for NLnet on porting Tails to Debian Stretch made it to the second round.

Outreach

  • DrWhax, intrigeri, and sajolida attended the OTF summit. It was a wonderful opportunity to strengthen our relationships with the Internet freedom community at large: other operating systems, usability experts, translators, technical writers, funders, trainers, and Tails enthusiasts in general, etc.

On-going discussions

Translation

All the website

  • de: 55% (2875) strings translated, 4% strings fuzzy, 49% words translated
  • fa: 45% (2339) strings translated, 7% strings fuzzy, 50% words translated
  • fr: 78% (4071) strings translated, 3% strings fuzzy, 76% words translated
  • it: 30% (1590) strings translated, 3% strings fuzzy, 27% words translated
  • pt: 30% (1586) strings translated, 8% strings fuzzy, 28% words translated

Total original words: 52401

Core pages of the website

  • de: 84% (1572) strings translated, 8% strings fuzzy, 84% words translated
  • fa: 39% (727) strings translated, 9% strings fuzzy, 40% words translated
  • fr: 91% (1699) strings translated, 6% strings fuzzy, 91% words translated
  • it: 81% (1523) strings translated, 8% strings fuzzy, 81% words translated
  • pt: 50% (942) strings translated, 12% strings fuzzy, 51% words translated

Total original words: 16935

Metrics

  • Tails has been started more than 593446 times this month. This makes 19782 boots a day on average.
  • 12205 downloads of the OpenPGP signature of Tails ISO from our website.
  • 99 bug reports were received through WhisperBack.
Posted Mon 14 Nov 2016 09:44:31 AM CET

In our last post we explained why we need donations. Today we're telling you more about how we use these donations.

In 2015, we spent around 184 000€, distributed as follows:

Releases &
foundations: 25%, New features: 23%, Help desk: 16%, Infrastructure: 13%,
Administration: 12%, Meetings: 10%

  • Even without building anything new in Tails, publishing our releases every 6 weeks is a lot of work as it also implies fixing the problems found in previous versions, documenting the changes, migrating to newer versions of Debian, GNOME, and Tor Browser, and making sure that the foundations of Tails stay relevant. As the schedule of emergency releases is unpredictable, they are hard to fund through grants and we instead usually rely on donations.

  • Developing new features is not the biggest share of our budget. They are almost exclusively covered by grants or developed by volunteers. Since 2015, new features that were not funded by grants included:

    • Integrating the Electrum Bitcoin client.
    • Replacing Vidalia with Onion Circuits.
    • Continue working on a new version of Tails Greeter.
    • Mentoring a Google Summer of Code on Tails Server to allow running onion services from Tails (websites, collaboration tools, etc.).
    • Adding an offline mode that disables all networking.
    • Adding support for obfs4 Tor bridges.
    • Writing numerous additions to our website and documentation.
  • Our help desk is helping hundreds of Tails users each month. Each user request costs us 6€ on average to proceed. In 2016 our help desk was paid entirely out of donations.

  • Organizing our own meetings and attending conferences in our field is critical to keep our community alive and relevant. But this is usually hard to get funded by grants, so donations help us a lot here. Since 2015, we attended more than 15 international conferences on free software (DebConf), Internet freedom (IFF), hacking (32C3), human rights (RightsCon), and journalism (Logan CIJ). And organized more than 10 internal in-person meetings and development sprints.

  • In 2015, we worked a lot on infrastructure, for example to write an automated test suite to verify continuously the well-functioning of our ISO images, to automate the build of development ISO images for testing, etc. This work is invisible to the user but, for example, makes it much faster to publish emergency releases when we discover serious bugs.

  • Keeping Tails successful also implies quite a bit of administration to raise funds, do accounting, organize work, write reports, etc.

  • Since 2015, we added Farsi and Italian translations to our website and worked on the prototype of a web translation platform to allow more translators to contribute and more diverse people to use Tails.

If you like our work, please take one minute to keep Tails alive.

Posted Wed 02 Nov 2016 12:34:56 PM CET Tags:

Today we are starting a donation campaign to fund our work in 2017.

Unlike most other tools on the Internet, Tails comes for free as in freedom. We are not selling your data, sending you targeted advertising, nor will ever sell our project to a big company. We give out Tails for free simply because everybody deserves to be protected from surveillance and censorship. But also because being free software is a necessary requirement for our tools to be safe, and protect you as intended. If our source code was closed, there would be no way of actually verifying that our software is trustworthy.

Since 2014, we raised 210'000€ on average each year, coming from:

  • People like you
  • Private companies like Mozilla or DuckDuckGo
  • Foundations and NGOs like Hivos and Access Now
  • Entities related to the US government like the Open Technology Fund (OTF) or the National Democratic Institute (NDI)

Related to US
government: 34%, Foundations & NGOs: 34%, Individuals: 17%, Companies:
15%

We often hear complaints about the fact that many software projects that are meant to fight surveillance, like Tor and Tails, get a lot of funding from the US government whose own surveillance projects are severely criticized. We completely share this concern and we will worry about our accountability and sustainability as long as the survival of our project depends on a few small grants, some of them coming from organizations linked to governments.

Now, we would like you to think about it: where should our funding come from?

The answer is clear to us: the survival of Tails should be guaranteed by our users themselves, so that in return, we can continue to use our money in their best interest, with complete independence.

From anonymized statistics on our website we know that Tails is used by around 18 000 people every day. If each of them gave 12€, the price of a USB stick, our budget for the whole year would be raised within one day. As you can see, funding Tails through donations is a realistic and our budget ridiculously small compared to the multibillionaire companies and agencies running the surveillance business.

But many of our users could actually get in trouble if they donated to an anti-surveillance tool like Tails. So when donating to Tails you are also helping all of these people by keeping Tails alive. Please consider setting up a yearly or monthly donation.

If you want Tails to remain independent, please take one minute to make a donation.

Posted Thu 13 Oct 2016 05:00:00 PM CEST Tags:

Releases

The following changes were introduced in Tails 2.6:

  • We enabled address space layout randomization in the Linux kernel (kASLR) to improve protection from buffer overflow attacks.

  • We installed rngd to improve the entropy of the random numbers generated on computers that have a hardware random number generator.

  • Install firmware for Intel SST sound cards (firmware-intel-sound), and Texas Instruments Wi-Fi interfaces (firmware-ti-connectivity).

  • Remove non-free APT repositories. We documented how to configure additional APT repositories using the persistent volume.

  • Use a dedicated page as the homepage of Tor Browser so we can customize it for our users (Although the content of the website is still the same!)

  • Set up the trigger for RAM erasure on shutdown earlier in the boot process. This should speed up shutdown and make RAM erasure more robust.

  • Disable the automatic configuration of Icedove when using OAuth. This should fix the automatic configuration for GMail accounts. (#11536)

  • Make the Disable all networking and Tor bridge mode options of Tails Greeter more robust. (#11593)

Code

Tor ControlPort filter improvements and OnionShare integration

These two things might seem unrelated but are mentioned together because the work on the latter required the former.

Summary: users can expect OnionShare, a tool to share files from Tails over an onion service, in Tails 2.8 and perhaps the per-tab circuit view of Tor Browser will be enabled as well.

Background: the ControlPort of Tor has a rather large attack surface in case of a compromise as it exposes sensitive information and allows reconfiguring Tor and possibly deanonymize you. However some applications require some access to the ControlPort to improve user experience, like showing which circuits are used for a tab in Tor Browser or for OnionShare to tell Tor to start the hidden service used to share files. In Tails we've been giving most users access to a filtered version of the Tor ControlPort, which only expose "safe" commands.

This filter has been very simplistic until now, as it essentially only exposed the SIGNAL NEWNYM command, to make Tor use new circuits. Because of the complexity to support events (asynchronisity) and potential security concerns of exposing Tor's stream/circuit state we for instance disabled the per-tab circuit view in Tor Browser, and were forced to run Onion Circuits as a separate user (than the normal amnesia user) with full access to the Tor ControlPort. Notably, it could not support OnionShare, and in fact had architectural-level limitations, for example not being able to handle multiple sessions at the same time.

Now the filter solves all these problems, and more. Depending on the PID of the client (for example OnionShare) it will pick a filter defined (by us) specifically for that application. For instance, we can say that "this $user (e.g. amnesia) when running this $application (e.g. /usr/bin/onionshare) can only run these commands (ADD_ONION etc.) and listen to these events (e.g. HS_DESC, which is expected after a successful use of ADD_ONION)". This makes user-separation (which has UX issues, like loss of accessibility support, and adds to code complexity) an obsolete security measure, and to benefit from it clients have to do nothing.

Note that there is at least one other project that already has implemented this functionality, Subgraph with its roflcoptor, which we probably should have put our efforts at instead, but let's say that it is our long-term goal on this front. At least our users will be able to enjoy these features in Tails much sooner, which is great in itself.

Documentation and website

  • We published our roadmap for 2016-2017.

  • We designed a new donation page which proposes tax-deducible donations in both euros, through Zwiebelfreunde and dollars, through RiseupLabs.

  • We documented how we use the different fields of our bugtracker. This took a while, but led to several nice discussions on the mailing list meanwhile and helped to make the process more clear.

  • We worked with Monkeysign on documenting it for Tails and for the new documentation website of Monkeysign itself.

  • We made the overview pages of the installation assistant more compact.

Infrastructure

  • 404 ISO images were automatically built and tested by our continuous integration infrastructure.

Funding

  • We prepared a donation campaign that we will roll out in early October.

  • We submitted a proposal for NLnet to fund coding sprint on porting Tails to Debian Stretch.

  • We added a footer on the answers of our help desk to encourage the people that we are helping to contribute to its cost.

On-going discussions

See the September 2016 online meeting minutes.

Translation

All the website

  • de: 55% (2874) strings translated, 5% strings fuzzy, 49% words translated
  • fa: 45% (2338) strings translated, 7% strings fuzzy, 50% words translated
  • fr: 78% (4070) strings translated, 3% strings fuzzy, 76% words translated
  • it: 30% (1589) strings translated, 3% strings fuzzy, 27% words translated
  • pt: 30% (1586) strings translated, 8% strings fuzzy, 28% words translated

Total original words: 52401

Core pages of the website

  • de: 84% (1571) strings translated, 8% strings fuzzy, 84% words translated
  • fa: 39% (726) strings translated, 9% strings fuzzy, 40% words translated
  • fr: 91% (1698) strings translated, 6% strings fuzzy, 91% words translated
  • it: 81% (1522) strings translated, 9% strings fuzzy, 81% words translated
  • pt: 50% (942) strings translated, 12% strings fuzzy, 51% words translated

Total original words: 16935

Metrics

  • Tails has been started more than 580651 times this month. This makes 19355 boots a day on average.
  • 12451 downloads of the OpenPGP signature of Tails ISO from our website.
  • 119 bug reports were received through WhisperBack.
Posted Mon 10 Oct 2016 04:25:45 PM CEST