Releases

The following changes were introduced in Tails 2.9.1:

  • Switch to DuckDuckGo as the default search engine in Tor Browser. The previous default search engine, Disconnect.me, has already been redirecting to Duck Duck Go for some time.

Code

  • We've had a great sprint about porting Tails to Debian Stretch. Most of our time was spent integrating the new Greeter as well as bug fixing, polishing, and updating the test suite: report from the sprint. Our goal is to publish a first beta version based on Debian Stretch at the end of January.

  • intrigeri made sure that a number of packages we care about are in good shape for Debian Stretch, that will be frozen very soon.

  • We wrote manual tests for the Installation Assistant, so we can spot any problems with it before we release new Tails versions.

Infrastructure

  • 387 ISO images were automatically built and tested by our continuous integration infrastructure.

  • We deployed a clone of our Jenkins setup for building and testing ISO images automatically, and improved the corresponding Puppet code to make it possible. This should make it easier for new system administrators to join us.

Funding

  • We continued our donation campaign which brought us about $100 000 in donations. Thanks for your support!

  • The independent French investigative journal Mediapart has decided to support Tails financially every year. Thank you very much!

  • We submitted a concept note to OTF for 2017-2018.

  • We were contacted by private sponsors interested in donating and being recognized as Tails patrons.

Outreach

Past events

Upcoming events

  • We will have a booth at FOSDEM in Brussels.

On-going discussions

Translation

All the website

  • de: 56% (3083) strings translated, 5% strings fuzzy, 50% words translated
  • fa: 41% (2286) strings translated, 7% strings fuzzy, 46% words translated
  • fr: 81% (4464) strings translated, 2% strings fuzzy, 80% words translated
  • it: 29% (1620) strings translated, 3% strings fuzzy, 26% words translated
  • pt: 28% (1560) strings translated, 7% strings fuzzy, 26% words translated

Total original words: 56525

Core pages of the website

  • de: 83% (1563) strings translated, 9% strings fuzzy, 84% words translated
  • fa: 38% (720) strings translated, 9% strings fuzzy, 40% words translated
  • fr: 96% (1799) strings translated, 3% strings fuzzy, 96% words translated
  • it: 80% (1508) strings translated, 9% strings fuzzy, 79% words translated
  • pt: 50% (933) strings translated, 12% strings fuzzy, 50% words translated

Total original words: 17087

Metrics

  • Tails has been started more than 633 242 times this month. This makes 20 427 boots a day on average.
  • 15 012 downloads of the OpenPGP signature of Tails ISO from our website.
  • 72 bug reports were received through WhisperBack.
Posted Tue 07 Feb 2017 11:35:00 AM CET

You can help Tails! The first beta for the upcoming version 3.0 is out. We are very excited and cannot wait to hear what you think about it :)

What's new in 3.0~beta1?

Tails 3.0 will be the first version of Tails based on Debian 9 (Stretch). As such, it upgrades essentially all included software.

Other changes include:

  • A 64-bit processor is now required.

  • We redesigned Tails Greeter entirely.

    Redesigned Tails Greeter alpha screenshot

  • GNOME Shell is now configured to use its default black theme.

  • We fixed a lot of problems since Tails 3.0~alpha1.

Technical details of all the changes are listed in the Changelog.

How to test Tails 3.0~beta1?

We will provide security updates for Tails 3.0~beta1, just like we do for stable versions of Tails.

But keep in mind that this is a test image. We tested that it is not broken in obvious ways, but it might still contain undiscovered issues.

But test wildly!

If you find anything that is not working as it should, please report to us on tails-testers@boum.org.

Bonus points if you first check if it is a known issue of this release or a longstanding known issue.

Download and install

Tails 3.0~beta1 ISO image OpenPGP signature

To install 3.0~beta1, follow our usual installation instructions, skipping the Download and verify step.

Known issues in 3.0~beta1

  • The documentation was not adjusted yet.

  • The Formats settings chosen in Tails Greeter have no effect (#12079).

  • There is no Read-Only feature for the persistent volume anymore; it is not clear yet whether it will be re-introduced in time for Tails 3.0 final (#12093).

  • Some commonly used ways to start graphical applications as the root user are not supported anymore. Some workarounds are documented on #12000.

  • If you use the KeePassX persistence feature, you need to manually import your passwords database (#10956).

  • Some command-line programs (at least Monkeysign, Git, and wget) display confusing error messages in the Terminal, although they work fine: #11736, #12091, #12205.

  • I2P fails to start (#12108). Note that the I2P feature has not been maintained in Tails since more than a year, so I2P may be removed in Tails 2.12 if this problem is not solved soon.

  • Open tickets for Tails 3.0

  • Longstanding known issues

Posted Thu 02 Feb 2017 11:00:00 AM CET Tags:

Tails 3.0 will require a 64-bit x86-64 compatible processor. As opposed to older versions of Tails, it will not work on 32-bit processors.

We have waited for years until we felt it was the right time to do this switch. Still, this was a hard decision for us to make. Today, we want to explain why we eventually made this decision, how it will affect users, and when.

When will this transition happen?

Our current goal is to release Tails 3.0, and stop supporting computers with a 32-bit processor, on June 13, 2017.

Will Tails still work on this computer?

Here is the quickest way to find out:

  1. Start Tails.
  2. Choose Applications ▸ Utilities ▸ Terminal to open a terminal.
  3. Execute the following command to display system information:

        uname -m
    
  4. Then, there are two possible cases:

    • If you see x86_64, then you're good: Tails 3.0 should work fine on this computer. But the best way to be 100% sure is to try one of the test versions of Tails 3.0. One was released last November, and a new one should be published later this week, so: stay tuned!

    • Else, if you see i686, then we have bad news: Tails 3.0 will not work on this computer. You now have four and a half months to find a computer with a 64-bit processor. Sorry, and good luck with that!

Why this change?

It's no surprise that over the last years, the number of people who use Tails on a 32-bit computer has dropped: most 32-bit computers are at least ten years old, and one after the other their hardware stops working. As a result, in the beginning of 2016, only 4% of Tails users were still using a 32-bit computer.

These statistics are gathered from bug reports we have received from WhisperBack.

Of course, some of these computers will keep working for a while. But once the number had fallen this low, the benefits of switching Tails to 64-bit outweighed the reasons we had to keep supporting 32-bit computers.

We had two main reasons to switch Tails to 64-bit:

  • We want Tails users to be safer: software built for 64-bit processors can benefit from several improvements that make it harder for attackers to exploit security vulnerabilities (improved Address space layout randomization, compulsory support for the NX bit).

  • We want to our project to be (more) sustainable: Tails has been using a 64-bit Linux kernel for a while on machines that support it. But all other programs included in Tails so far were built for 32-bit processors, and compatibility issues kept arising. In the last few years, the developers who maintain Tails have spent lots of time addressing such issues. We would rather see them spend their time in ways that benefit our users on the long term, and not on problems that will vanish when Tails switches to 64-bit eventually.

Thanks for your attention, and sorry for the inconvenience it may cause to you.

Posted Wed 01 Feb 2017 10:23:56 AM CET Tags:

This release fixes many security issues and users should upgrade as soon as possible.

Changes

New features

Upgrades and changes

  • Upgrade Tor to 0.2.9.9.

  • Upgrade Tor Browser to 6.5.

  • Upgrade Linux to 4.8. This should improve the support for newer hardware (graphics, Wi-Fi, etc.)

  • Upgrade Icedove to 45.6.0.

  • Replace AdBlock Plus with uBlock Origin.

  • Configure the APT package manage to use Debian's Onion services.

  • Install the AMDGPU display driver. This should improve the support for newer AMD graphics adapters.

  • Renamed the Boot Loader Menu entries from "Live" to "Tails", and replaced the confusing "failsafe" wording with "Troubleshooting Mode".

  • Add support for exFAT.

  • Remove Nyx (previously called arm).

  • Rewrite Tor control port filter entirely. Now Tails can safely support OnionShare, the circuit view of Tor Browser, and similar. This also enabled Whonix to replace their own similar piece of software with this one.

Fixed problems

  • Made OnionCircuits compatible with the Orca screen reader.

For more details, read our changelog.

Known issues

None specific to this release.

See the list of long-standing issues.

Get Tails 2.10

What's coming up?

Tails 2.11 is scheduled for March 3rd.

Have a look at our roadmap to see where we are heading to.

We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!

Posted Tue 24 Jan 2017 12:34:56 PM CET Tags:

You can help Tails! The first release candidate for the upcoming version 2.10 is out. Please test it and report any issue. We are particularly interested in feedback and problems relating to:

  • OnionShare
  • Tor Browser's per-tab circuit view
  • Problems with OnionCircuits
  • Problems with Tor Launcher (when configuring Tor bridges, proxy etc.)

How to test Tails 2.10~rc1?

Keep in mind that this is a test image. We tested that it is not broken in obvious ways, but it might still contain undiscovered issues.

But test wildly!

If you find anything that is not working as it should, please report to us! Bonus points if you first check if it is a known issue of this release or a longstanding known issue.

Download and install

Tails 2.10~rc1 torrent

Tails 2.10~rc1 ISO image ?OpenPGP signature

To install 2.10~rc1, follow our usual installation instructions, skipping the Download and verify step.

Upgrade from 2.9.1

  1. Start Tails 2.9.1 on a USB stick installed using Tails Installer and set an administration password.

  2. Run this command in a Root Terminal to select the "alpha" upgrade channel and start the upgrade:

    echo TAILS_CHANNEL=\"alpha\" >> /etc/os-release && \
         tails-upgrade-frontend-wrapper
    
  3. After the upgrade is installed, restart Tails and choose Applications ▸ Tails ▸ About Tails to verify that you are running Tails 2.10~rc1.

What's new since 2.9.1?

Changes since Tails 2.9.1 are:

  • Major new features and changes

    • Upgrade the Linux kernel to 4.8.0-0.bpo.2 (Closes: #11886).
    • Install OnionShare from jessie-backports. Also install python3-stem from jessie-backports to allow the use of ephemeral onion services (Closes: #7870).
    • Completely rewrite tor-controlport-filter. Now we can safely support OnionShare, Tor Browser's per-tab circuit view and similar.
      • Port to python3.
      • Handle multiple sessions simultaneously.
      • Separate data (filters) from code.
      • Use python3-stem to allow our filter to be a lot more oblivious of the control language (Closes: #6788).
      • Allow restricting STREAM events to only those generated by the subscribed client application.
      • Allow rewriting commands and responses arbitrarily.
      • Make tor-controlport-filter reusable for others by e.g. making it possible to pass the listen port, and Tor control cookie/socket paths as arguments (Closes: #6742). We hear Whonix plan to use it! :)
    • Upgrade Tor to 0.2.9.8-2~d80.jessie+1, the new stable series (Closes: #12012).
  • Security fixes

    • Upgrade Icedove to 1:45.6.0-1~deb8u1+tail1s.
  • Minor improvements

    • Enable and use the Debian Jessie proposed-updates APT repository, anticipating on the Jessie 8.7 point-release (Closes: #12124).
    • Enable the per-tab circuit view in Tor Browser (Closes: #9365).
    • Change syslinux menu entries from "Live" to "Tails" (Closes: #11975). Also replace the confusing "failsafe" wording with "Troubleshooting Mode" (Closes: #11365).
    • Make OnionCircuits use the filtered control port (Closes: #9001).
    • Make tor-launcher use the filtered control port.
    • Run OnionCircuits directly as the Live user, instead of a separate user. This will make it compatible with the Orca screen reader (Closes: #11197).
    • Run tor-controlport-filter on port 9051, and the unfiltered one on 9052. This simplifies client configurations and assumptions made in many applications that use Tor's ControlPort. It's the exception that we connect to the unfiltered version, so this seems like the more sane approach.
    • Remove tor-arm (Nyx) (Closes: #9811).
    • Remove AddTrust_External_Root.pem from our website CA bundle. We now only use Let's Encrypt (Closes: #11811).
    • Configure APT to use Debian's Onion services instead of the clearnet ones (Closes: #11556).
    • Replaced AdBlock Plus with uBlock Origin (Closes: #9833). This incidentally also makes our filter lists lighter by de-duplicating common patterns among the EasyList filters (Closes: #6908). Thanks to spriver for this first major code contribution!
    • Install OpenPGP Applet 1.0 (and libgtk3-simplelist-perl) from Jessie backports (Closes: #11899).
    • Add support for exFAT (Closes: #9659).
    • Disable unprivileged BPF. Since upgrading to kernel 4.6, unprivileged users can use the bpf() syscall, which is a security concern, even with JIT disabled. So we disable that. This feature wasn't available before Linux 4.6, so disabling it should not cause any regressions (Closes: #11827).
    • Add and enable AppArmor profiles for OnionCircuits and OnionShare.
    • Raise the maximum number of loop devices to 32 (Closes: #12065).
    • Drop kernel.dmesg_restrict customization: it's enabled by default since 4.8.4-1~exp1 (Closes: #11886).
    • Upgrade Electrum to 2.7.9-1.
  • Bugfixes

    • Tails Greeter:
      • use gdm-password instead of gdm-autologin, to fix switching to the VT where the desktop session lives on Stretch (Closes: #11694)
      • Fix more options scrolledwindow size in Stretch (Closes: #11919)
    • Tails Installer: remove unused code warning about missing extlinux in Tails Installer (Closes: #11196).
    • Update APT pinning to cover all binary packages built from src:mesa so we ensure installing mesa from jessie-backports (Closes: #11853).
    • Install xserver-xorg-video-amdgpu. This should help supporting newer AMD graphics adapters. (Closes #11850)
    • Fix firewall startup during early boot, by referring to the "amnesia" user via its UID (Closes: #7018).
    • Include all amd64-microcodes.

For more details, see also our changelog.

Known issues in 2.10~rc1

  • There are no VirtualBox guest modules (#12139).

  • Electrum won't automatically connect since it lacks proxy configuration (#12140). Simply selecting the SOCKS5 proxy in the Network options is enough to get it working again.

  • Longstanding known issues

Posted Fri 13 Jan 2017 01:02:03 AM CET Tags:

As part of our donation campaign we already explained you why we need donations, what we do with your money, and that Mediapart is the first news organization to commit to support Tails every year.

But today we are just writing to give you all a big thank you!

Since October 13, we have received $98 579 in donations.

This is our first donation campaign and we are completely blown away by the results! It feels really good to see that our community of users understands the real value of Tails and why it is important for them to help us back and keep the project alive and independent.

Starting from today we will be present at the 33rd Chaos Communication Congress in Hamburg. You are encouraged to pass by and meet us at the Secure Desktops assembly.

We accept donations in cash and people donating more than 50€ in Hamburg will get a Tails t-shirt!

Posted Mon 26 Dec 2016 12:34:56 PM CET Tags:

We are very excited to announce that Mediapart, an independent French investigative journal, has decided to support Tails financially every year.

In the past years, Mediapart has played a central role in the revelation and investigation of several major French political scandals. As such they are well aware of the digital threats faced by their sources, their journalists, and their readers.

Tails has gained recognition by being used by Edward Snowden and the journalists reporting on his NSA leaks in 2014. According to Barton Gellman:

« Privacy and encryption work, but it's too easy to make a mistake that exposes you. Tails puts the essential tools in one place, with a design that makes it hard to screw them up. I could not have talked to Edward Snowden without this kind of protection. I wish I'd had it years ago. »

Since then many journalists around the world understood this approach and adopted Tails to make it easier to stay safe. As Jean-Marc Manach puts it:

« War reporters have to buy helmets, bullet-proof vests and rent armored cars; journalists using the Internet for their investigations are much luckier: to be as secured as war reporters, they only have to download Tails, burn it on a CD, install it on a SD card, and learn the basics of information and communication security, and it's free! »

In the same way that news organizations invest in physical security or proprietary software tools to do their work, news organizations should also invest in free software tools that, as security experts like Bruce Schneier have repeatedly stated, are going to be safe:

« I think most of the public domain privacy tools are going to be safe, yes. [...] I think that Tails is going to be safe. [...] You know, the NSA has a big lever when a tool is written closed-source by a for-profit corporation. There are levers they have that they don't have in the open source international, altruistic community. And these are generally written by crypto-paranoids, they're pretty well designed. »

As such, Tails has been the recommended secure platform for use with the SecureDrop and GlobaLeaks whistle-blowing platforms.

Talking about the challenges of the adoption of encryption by journalists, the Internet freedom expert Christopher Soghoian said at #EncryptNews, a conference on digital security and journalism:

« News organizations need to also contribute to this community pool of tools. We need to have [reporters] contributing patches to PGP, OTR, and Tails. These organizations need to be funding $5.000 or $10.000 improvements to make these tools better. Because everyone is relying on these tools and none of the major organizations that are actually benefiting them are actually contributing to their development. »

Mediapart is the first news organization to officially endorse Tails and answer our call for donations. We hope they are not going to be the last.

If your organization is also interested in becoming a regular donor, please contact us at tails-accounting@boum.org (OpenPGP key).

Posted Thu 15 Dec 2016 12:34:56 PM CET Tags:

This release fixes many security issues and users should upgrade as soon as possible.

Changes

Upgrades and changes

  • Upgrade Tor to 0.2.8.10.

  • Upgrade Tor Browser to 6.0.8.

  • Upgrade Icedove to 45.5.1.

  • Upgrade obfs4proxy to 0.0.7.

  • Switch to DuckDuckGo as the default search engine in Tor Browser. The previous default search engine, Disconnect.me, has already been redirecting to Duck Duck Go for some time.

Fixed problems

For more details, read our changelog.

Known issues

None specific to this release.

See the list of long-standing issues.

Get Tails 2.9.1

What's coming up?

Tails 2.10 is scheduled for January 24.

Have a look at our roadmap to see where we are heading to.

We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!

Posted Wed 14 Dec 2016 12:34:56 PM CET Tags:

Releases

The following changes were introduced in Tails 2.7:

  • Fix multi-architecture support in Synaptic. This should fix broken installations of additional packages from Synaptic. (#11820)

  • Set default spell checking language of Icedove to English instead of French. (#11037)

Code

New Tails Greeter

After many months of development, the redesigned version of Tails Greeter is ready to be tested.

Tails based on Debian 9 (Stretch)

We made lots of progress on porting Tails to Debian 9 (Stretch). This work culminated with the release of Tails 3.0~alpha1.

Reproducible ISO build

We had an initial sprint about reproducible builds. We are very happy with the progress we've made: the tree that becomes filesystem.squashfs is now almost fully reproducible; so is also the tree that is the basis for automatic upgrades. Along the way, we've contributed a number of patches to Debian and upstream projects.

  • Make our PO files update reproducibly, by not updating them unless something other than POT-Creation-Date has changed.
  • live-build:
    • Use xorriso, that honors the SOURCE_DATE_EPOCH variable, to build the ISO filesystem reproducibly.
    • Expose the SOURCE_DATE_EPOCH variable when running scripts inside the chroot.
    • Clamp mtimes to SOURCE_DATE_EPOCH in the chroot and binary filesystems.
    • Use SOURCE_DATE_EPOCH to populate /.disk/info timestamp.
    • Use SOURCE_DATE_EPOCH when templating syslinux templates.
  • Made mksquashfs honor SOURCE_DATE_EPOCH for the filesystem creation date, and had it clamp mtimes to SOURCE_DATE_EPOCH.
  • Incremental upgrade kits:
    • Made aufs white-outs reproducible.
    • Made aufs pseudo-links permanent, so that they are reproducible.
    • Passed --sort=name --clamp-mtime --mtime=@$SOURCE_DATE_EPOCH to tar.
  • Made our web site build reproducibly… and then discovered more bits that are not generated in a deterministic way, which lead us to discover that our cleanall build option did not clean as well as it should (fix).
  • Eliminated various causes for non-determinism, such as caches and other generated files.
  • On the infrastructure side of things:
    • Vagrant boxes management: we came up with a new design that will be reflected on the blueprint shortly.
    • Experimented with using our Vagrant + libvirt build system on one of our Jenkins ISO builders, and started work towards migrating them all.

Documentation and website

User experience

Infrastructure

Funding

  • We continued our donation campaign and wrote about what we do with our money and our plans for the coming years.

  • Our grant proposal for NLnet on porting Tails to Debian Stretch was rejected.

  • Our grant proposal for ISC Project on a translation platform for our website was rejected.

Outreach

Translation

  • All the website:

    • de: 57% (2880) strings translated, 4% strings fuzzy, 51% words translated
    • fa: 46% (2344) strings translated, 7% strings fuzzy, 52% words translated
    • fr: 79% (3979) strings translated, 4% strings fuzzy, 78% words translated
    • it: 17% (885) strings translated, 2% strings fuzzy, 18% words translated
    • pt: 31% (1593) strings translated, 8% strings fuzzy, 29% words translated

    Total original words: 50832

  • Core pages of the website:

    • de: 85% (1569) strings translated, 8% strings fuzzy, 85% words translated
    • fa: 39% (724) strings translated, 9% strings fuzzy, 40% words translated
    • fr: 90% (1657) strings translated, 7% strings fuzzy, 91% words translated
    • it: 47% (871) strings translated, 6% strings fuzzy, 53% words translated
    • pt: 51% (947) strings translated, 12% strings fuzzy, 52% words translated

    Total original words: 16995

Metrics

  • Tails has been started more than 613099 times this month. This makes 20437 boots a day on average. It's the first time we're over 20000 boots a day!
  • 14634 downloads of the OpenPGP signature of Tails ISO from our website.
  • 110 bug reports were received through WhisperBack.
Posted Fri 09 Dec 2016 12:34:56 PM CET

You can help Tails! The first alpha for the redesigned Tails Greeter is out. We are very excited and cannot wait to hear what you think about it :)

What is Tails Greeter?

Tails Greeter is the set of dialogs that appear after the boot menu, but before the GNOME Desktop appears.

It lets you choose your language, enable your persistent volume, and set a number of other options.

Why a new Tails Greeter?

We had two main reasons to redesign Tails Greeter:

  • Usability testing has demonstrated that it is not as easy to use as we would like, especially for people trying Tails for the first time.
  • We have pushed the old interface to its limits; it cannot accommodate the options we would like to add to it.

What is new in the redesigned Tails Greeter?

Nearly everything you can see has changed! We have been working for more than two years with designers to make Tails Greeter easier to use:

Redesigned Tails Greeter
alpha screenshot

How to test the redesigned Tails Greeter?

Keep in mind that this is a test image. We did not carefully test it so it is not guaranteed to provide any security or anonymity.

But test wildly!

Download and install

experimental Tails ISO image including the redesigned Tails Greeter

The line corresponding to the ISO image is the one whose size is 1G.

You cannot install this ISO image from Tails 2.x. It is impossible as well to upgrade to this ISO image from Tails 2.x. So, either install or upgrade from a non-Tails system, or start this ISO image from DVD and then clone it to a USB stick.

To install this ISO image, follow our usual installation instructions, skipping the Download and verify step.

What to test

Don't hesitate to test all kinds of options, and ensure they are taken into account in the Tails session.

If you find anything that is not working as it should, please report to us on tails-testers@boum.org, including the exact filename of the ISO image you have tested.

Known issues in the redesigned Tails Greeter

Like it?

We have a donation campaign going on: we explained you why we needed donations, how we use these donations, and we shared with you our plans for the next years.

So if you want Tails to remain independent, if you want to enable the Tails team to work on projects we think are important, such as redesigning Tails Greeter, please take one minute to make a donation.

Posted Tue 06 Dec 2016 07:00:00 PM CET Tags: