You can help Tails! The third beta for the upcoming version 3.0 is out. We are very excited and cannot wait to hear what you think about it :)

What's new in 3.0~beta3?

Tails 3.0 will be the first version of Tails based on Debian 9 (Stretch). As such, it upgrades essentially all included software.

Other changes since Tails 3.0~beta2 include:

  • Important security fixes!

  • Upgrade to current Debian 9 (Stretch).

  • Tails Greeter:

    • Make the "Formats" settings in Tails Greeter take effect (it was introduced in Tails 3.0~alpha1 but has been broken since then).
    • Add keyboard shortcuts:
      • Alt key for accelerators in the main window
      • Ctrl+Shift+A for setting an administrator password
      • Ctrl+Shift+M for MAC spoofing settings
      • Ctrl+Shift+N for Tor network settings
  • Remove I2P. (This will happen in Tails 2.12 as well.)

  • Reintroduce the X11 guest utilities for VirtualBox (clipboard sharing and shared folders should work again).

  • Upgrade X.Org server and the modesetting driver in hope it will fix crashes when using some Intel graphics cards.

  • Automate the migration from KeePassX databases generated on Tails 2.x to the format required by KeePassX 2.0.x.

Technical details of all the changes are listed in the Changelog.

How to test Tails 3.0~beta3?

We will provide security updates for Tails 3.0~beta3, just like we do for stable versions of Tails.

But keep in mind that this is a test image. We tested that it is not broken in obvious ways, but it might still contain undiscovered issues.

But test wildly!

If you find anything that is not working as it should, please report to us on tails-testers@boum.org.

Bonus points if you first check if it is a known issue of this release or a longstanding known issue.

Get Tails 3.0~beta3

To upgrade, an automatic upgrade is available from 3.0~beta2 to 3.0~beta3.

If you cannot do an automatic upgrade, you can install 3.0~beta3 by following our usual installation instructions, skipping the Download and verify step.

Tails 3.0~beta3 ISO image OpenPGP signature

Known issues in 3.0~beta3

Tags:

You can help Tails! The second beta for the upcoming version 3.0 is out. We are very excited and cannot wait to hear what you think about it :)

What's new in 3.0~beta2?

Tails 3.0 will be the first version of Tails based on Debian 9 (Stretch). As such, it upgrades essentially all included software.

Other changes since Tails 3.0~beta1 include:

  • All changes brought by Tails 2.11.

  • Upgrade to current Debian 9 (Stretch).

  • Upgrade Linux to 4.9.0-2 (version 4.9.13-1).

  • Make it possible to start graphical applications in the Root Terminal.

  • Improve styling of the GNOME Shell window list.

Technical details of all the changes are listed in the Changelog.

How to test Tails 3.0~beta2?

We will provide security updates for Tails 3.0~beta2, just like we do for stable versions of Tails.

But keep in mind that this is a test image. We tested that it is not broken in obvious ways, but it might still contain undiscovered issues.

But test wildly!

If you find anything that is not working as it should, please report to us on tails-testers@boum.org.

Bonus points if you first check if it is a known issue of this release or a longstanding known issue.

Download and install

Tails 3.0~beta2 ISO image OpenPGP signature

To install 3.0~beta2, follow our usual installation instructions, skipping the Download and verify step.

Known issues in 3.0~beta2

  • The documentation was not adjusted yet.

  • The Formats settings chosen in Tails Greeter have no effect (#12079).

  • There is no Read-Only feature for the persistent volume anymore; it is not clear yet whether it will be re-introduced in time for Tails 3.0 final (#12093).

  • If you use the KeePassX persistence feature, you need to manually import your passwords database (#10956).

  • Some command-line programs (at least Monkeysign, Git, and wget) display confusing error messages in the Terminal, although they work fine: #11736, #12091, #12205.

  • I2P fails to start (#12108). Note that I2P will be removed in Tails 2.12 and 3.0.

  • Open tickets for Tails 3.0

  • Longstanding known issues

Tags:

This release fixes many security issues and users should upgrade as soon as possible.

Changes

We are very sad to announce that Tails 2.11 will be the last version to include I2P, an alternative anonymizing network.

Maintaining software like I2P well-integrated in Tails takes time and effort and our team is too busy with other priorities. Unfortunately, we failed to find a developer outside of our team to maintain I2P in Tails. As a consequence, the last version of I2P being shipped in Tails is 0.9.25, which is nearly one year old now at this moment.

But we will be happy to reintroduce I2P if we find a volunteer to take care of maintaining it in Tails. If you are a developer and care about I2P in Tails, that person could be you! Come talk to us!

New features

  • If running on a 32-bit processor, notify the user that it won't be able to start Tails 3.0 anymore. (#12193)

  • Notify I2P users that I2P will be removed in Tails 2.12. (#12271)

Upgrades and changes

  • Upgrade Tor Browser to 6.5.1.

  • Fix CVE-2017-6074 (local root privilege escalation) by disabling the dccp module. (#12280) Also disable kernel modules for some other uncommon network protocols. (Part of #6457)

Fixed problems

  • Tor Browser: Don't show offline warning when opening the local documentation of Tails. (#12269)

  • Fix rare issue causing automatic upgrades to not apply properly (#8449 and #11839)

  • Install Linux 4.8.15 to prevent GNOME from freezing with Intel GM965/GL960 Integrated Graphics. (#12217)

For more details, read our changelog.

Known issues

None specific to this release.

See the list of long-standing issues.

Get Tails 2.11

What's coming up?

Tails 2.12 is scheduled for April 18th.

Have a look at our roadmap to see where we are heading to.

We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!

Tags:

Releases

The following changes were introduced in Tails 2.10:

  • We installed OnionShare, a tool for anonymous file sharing.

  • We enabled the circuit view in Tor Browser.

  • Replace AdBlock Plus with uBlock Origin.

  • Configure the APT package manage to use Debian's Onion services.

  • Install the AMDGPU display driver. This should improve the support for newer AMD graphics adapters.

  • Renamed the Boot Loader Menu entries from "Live" to "Tails", and replaced the confusing "failsafe" wording with "Troubleshooting Mode".

  • Add support for exFAT.

  • Remove Nyx (previously called arm).

  • Rewrite Tor control port filter entirely. Now Tails can safely support OnionShare, the circuit view of Tor Browser, and similar. This also enabled Whonix to replace their own similar piece of software with this one.

Code

  • We (almost) finished updating the AppArmor policy in Debian Stretch so that it supports merged-/usr systems.
  • We started evaluating USBGuard, and posted suggestions to improve its user experience, that upstream warmly welcomes.

Documentation and website

  • We documented how to use OnionShare, a tool for anonymous file sharing.

  • We documented the circuit view in Tor Browser.

User experience

Infrastructure

  • We started to set up a XMPP server to satisfy the need for private communication tools expressed by one of our teams.
  • We enabled an Onion service for our APT repository (#11556).
  • We improved our systems so that they send less useless email to our system administrators.
  • We started updating our Puppet modules to better support Debian Stretch.

Funding

Outreach

Upcoming events

  • We have a booth at FOSDEM in Brussels.
  • Tails will be presented at a cryptoparty on March 4th 2017 in Rennes, France.
  • We started organizing a Debian event that will take place in Paris on May 13-14. Stay tuned!

On-going discussions

Translation

All the website

  • de: 54% (3050) strings translated, 5% strings fuzzy, 49% words translated
  • fa: 40% (2265) strings translated, 8% strings fuzzy, 45% words translated
  • fr: 81% (4562) strings translated, 1% strings fuzzy, 80% words translated
  • it: 28% (1602) strings translated, 3% strings fuzzy, 26% words translated
  • pt: 27% (1551) strings translated, 8% strings fuzzy, 25% words translated

Total original words: 57564

Core pages of the website

  • de: 82% (1539) strings translated, 10% strings fuzzy, 83% words translated
  • fa: 38% (710) strings translated, 10% strings fuzzy, 40% words translated
  • fr: 98% (1842) strings translated, 1% strings fuzzy, 99% words translated
  • it: 80% (1490) strings translated, 10% strings fuzzy, 79% words translated
  • pt: 49% (924) strings translated, 13% strings fuzzy, 50% words translated

Metrics

  • Tails has been started more than 662 874 times this month. This makes 21 383 boots a day on average.
  • 14 782 downloads of the OpenPGP signature of Tails ISO from our website.
  • 142 bug reports were received through WhisperBack.

Releases

The following changes were introduced in Tails 2.9.1:

  • Switch to DuckDuckGo as the default search engine in Tor Browser. The previous default search engine, Disconnect.me, has already been redirecting to Duck Duck Go for some time.

Code

  • We've had a great sprint about porting Tails to Debian Stretch. Most of our time was spent integrating the new Greeter as well as bug fixing, polishing, and updating the test suite: report from the sprint. Our goal is to publish a first beta version based on Debian Stretch at the end of January.

  • intrigeri made sure that a number of packages we care about are in good shape for Debian Stretch, that will be frozen very soon.

  • We wrote manual tests for the Installation Assistant, so we can spot any problems with it before we release new Tails versions.

Infrastructure

  • 387 ISO images were automatically built and tested by our continuous integration infrastructure.

  • We deployed a clone of our Jenkins setup for building and testing ISO images automatically, and improved the corresponding Puppet code to make it possible. This should make it easier for new system administrators to join us.

Funding

  • We continued our donation campaign which brought us about $100 000 in donations. Thanks for your support!

  • The independent French investigative journal Mediapart has decided to support Tails financially every year. Thank you very much!

  • We submitted a concept note to OTF for 2017-2018.

  • We were contacted by private sponsors interested in donating and being recognized as Tails patrons.

Outreach

Past events

Upcoming events

  • We will have a booth at FOSDEM in Brussels.

On-going discussions

Translation

All the website

  • de: 56% (3083) strings translated, 5% strings fuzzy, 50% words translated
  • fa: 41% (2286) strings translated, 7% strings fuzzy, 46% words translated
  • fr: 81% (4464) strings translated, 2% strings fuzzy, 80% words translated
  • it: 29% (1620) strings translated, 3% strings fuzzy, 26% words translated
  • pt: 28% (1560) strings translated, 7% strings fuzzy, 26% words translated

Total original words: 56525

Core pages of the website

  • de: 83% (1563) strings translated, 9% strings fuzzy, 84% words translated
  • fa: 38% (720) strings translated, 9% strings fuzzy, 40% words translated
  • fr: 96% (1799) strings translated, 3% strings fuzzy, 96% words translated
  • it: 80% (1508) strings translated, 9% strings fuzzy, 79% words translated
  • pt: 50% (933) strings translated, 12% strings fuzzy, 50% words translated

Total original words: 17087

Metrics

  • Tails has been started more than 633 242 times this month. This makes 20 427 boots a day on average.
  • 15 012 downloads of the OpenPGP signature of Tails ISO from our website.
  • 72 bug reports were received through WhisperBack.

You can help Tails! The first beta for the upcoming version 3.0 is out. We are very excited and cannot wait to hear what you think about it :)

What's new in 3.0~beta1?

Tails 3.0 will be the first version of Tails based on Debian 9 (Stretch). As such, it upgrades essentially all included software.

Other changes include:

  • A 64-bit processor is now required.

  • We redesigned Tails Greeter entirely.

    Redesigned Tails Greeter alpha screenshot

  • GNOME Shell is now configured to use its default black theme.

  • We fixed a lot of problems since Tails 3.0~alpha1.

Technical details of all the changes are listed in the Changelog.

How to test Tails 3.0~beta1?

We will provide security updates for Tails 3.0~beta1, just like we do for stable versions of Tails.

But keep in mind that this is a test image. We tested that it is not broken in obvious ways, but it might still contain undiscovered issues.

But test wildly!

If you find anything that is not working as it should, please report to us on tails-testers@boum.org.

Bonus points if you first check if it is a known issue of this release or a longstanding known issue.

Download and install

Tails 3.0~beta1 ISO image OpenPGP signature

To install 3.0~beta1, follow our usual installation instructions, skipping the Download and verify step.

Known issues in 3.0~beta1

  • The documentation was not adjusted yet.

  • The Formats settings chosen in Tails Greeter have no effect (#12079).

  • There is no Read-Only feature for the persistent volume anymore; it is not clear yet whether it will be re-introduced in time for Tails 3.0 final (#12093).

  • Some commonly used ways to start graphical applications as the root user are not supported anymore. Some workarounds are documented on #12000.

  • If you use the KeePassX persistence feature, you need to manually import your passwords database (#10956).

  • Some command-line programs (at least Monkeysign, Git, and wget) display confusing error messages in the Terminal, although they work fine: #11736, #12091, #12205.

  • I2P fails to start (#12108). Note that the I2P feature has not been maintained in Tails since more than a year, so I2P may be removed in Tails 2.12 if this problem is not solved soon.

  • Open tickets for Tails 3.0

  • Longstanding known issues

Tags:

Tails 3.0 will require a 64-bit x86-64 compatible processor. As opposed to older versions of Tails, it will not work on 32-bit processors.

We have waited for years until we felt it was the right time to do this switch. Still, this was a hard decision for us to make. Today, we want to explain why we eventually made this decision, how it will affect users, and when.

When will this transition happen?

Our current goal is to release Tails 3.0, and stop supporting computers with a 32-bit processor, on June 13, 2017.

Will Tails still work on this computer?

Here is the quickest way to find out:

  1. Start Tails.
  2. Choose Applications ▸ Utilities ▸ Terminal to open a terminal.
  3. Execute the following command to display system information:

        uname -m
    
  4. Then, there are two possible cases:

    • If you see x86_64, then you're good: Tails 3.0 should work fine on this computer. But the best way to be 100% sure is to try one of the test versions of Tails 3.0. One was released last November, and a new one should be published later this week, so: stay tuned!

    • Else, if you see i686, then we have bad news: Tails 3.0 will not work on this computer. You now have four and a half months to find a computer with a 64-bit processor. Sorry, and good luck with that!

Why this change?

It's no surprise that over the last years, the number of people who use Tails on a 32-bit computer has dropped: most 32-bit computers are at least ten years old, and one after the other their hardware stops working. As a result, in the beginning of 2016, only 4% of Tails users were still using a 32-bit computer.

These statistics are gathered from bug reports we have received from WhisperBack.

Of course, some of these computers will keep working for a while. But once the number had fallen this low, the benefits of switching Tails to 64-bit outweighed the reasons we had to keep supporting 32-bit computers.

We had two main reasons to switch Tails to 64-bit:

  • We want Tails users to be safer: software built for 64-bit processors can benefit from several improvements that make it harder for attackers to exploit security vulnerabilities (improved Address space layout randomization, compulsory support for the NX bit).

  • We want to our project to be (more) sustainable: Tails has been using a 64-bit Linux kernel for a while on machines that support it. But all other programs included in Tails so far were built for 32-bit processors, and compatibility issues kept arising. In the last few years, the developers who maintain Tails have spent lots of time addressing such issues. We would rather see them spend their time in ways that benefit our users on the long term, and not on problems that will vanish when Tails switches to 64-bit eventually.

Thanks for your attention, and sorry for the inconvenience it may cause to you.

Tags:

This release fixes many security issues and users should upgrade as soon as possible.

Changes

New features

Upgrades and changes

  • Upgrade Tor to 0.2.9.9.

  • Upgrade Tor Browser to 6.5.

  • Upgrade Linux to 4.8. This should improve the support for newer hardware (graphics, Wi-Fi, etc.)

  • Upgrade Icedove to 45.6.0.

  • Replace AdBlock Plus with uBlock Origin.

  • Configure the APT package manage to use Debian's Onion services.

  • Install the AMDGPU display driver. This should improve the support for newer AMD graphics adapters.

  • Renamed the Boot Loader Menu entries from "Live" to "Tails", and replaced the confusing "failsafe" wording with "Troubleshooting Mode".

  • Add support for exFAT.

  • Remove Nyx (previously called arm).

  • Rewrite Tor control port filter entirely. Now Tails can safely support OnionShare, the circuit view of Tor Browser, and similar. This also enabled Whonix to replace their own similar piece of software with this one.

Fixed problems

  • Made OnionCircuits compatible with the Orca screen reader.

For more details, read our changelog.

Known issues

None specific to this release.

See the list of long-standing issues.

Get Tails 2.10

What's coming up?

Tails 2.11 is scheduled for March 3rd.

Have a look at our roadmap to see where we are heading to.

We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!

Tags:

You can help Tails! The first release candidate for the upcoming version 2.10 is out. Please test it and report any issue. We are particularly interested in feedback and problems relating to:

  • OnionShare
  • Tor Browser's per-tab circuit view
  • Problems with OnionCircuits
  • Problems with Tor Launcher (when configuring Tor bridges, proxy etc.)

How to test Tails 2.10~rc1?

Keep in mind that this is a test image. We tested that it is not broken in obvious ways, but it might still contain undiscovered issues.

But test wildly!

If you find anything that is not working as it should, please report to us! Bonus points if you first check if it is a known issue of this release or a longstanding known issue.

Download and install

Tails 2.10~rc1 torrent

Tails 2.10~rc1 ISO image ?OpenPGP signature

To install 2.10~rc1, follow our usual installation instructions, skipping the Download and verify step.

Upgrade from 2.9.1

  1. Start Tails 2.9.1 on a USB stick installed using Tails Installer and set an administration password.

  2. Run this command in a Root Terminal to select the "alpha" upgrade channel and start the upgrade:

    echo TAILS_CHANNEL=\"alpha\" >> /etc/os-release && \
         tails-upgrade-frontend-wrapper
    
  3. After the upgrade is installed, restart Tails and choose Applications ▸ Tails ▸ About Tails to verify that you are running Tails 2.10~rc1.

What's new since 2.9.1?

Changes since Tails 2.9.1 are:

  • Major new features and changes

    • Upgrade the Linux kernel to 4.8.0-0.bpo.2 (Closes: #11886).
    • Install OnionShare from jessie-backports. Also install python3-stem from jessie-backports to allow the use of ephemeral onion services (Closes: #7870).
    • Completely rewrite tor-controlport-filter. Now we can safely support OnionShare, Tor Browser's per-tab circuit view and similar.
      • Port to python3.
      • Handle multiple sessions simultaneously.
      • Separate data (filters) from code.
      • Use python3-stem to allow our filter to be a lot more oblivious of the control language (Closes: #6788).
      • Allow restricting STREAM events to only those generated by the subscribed client application.
      • Allow rewriting commands and responses arbitrarily.
      • Make tor-controlport-filter reusable for others by e.g. making it possible to pass the listen port, and Tor control cookie/socket paths as arguments (Closes: #6742). We hear Whonix plan to use it! :)
    • Upgrade Tor to 0.2.9.8-2~d80.jessie+1, the new stable series (Closes: #12012).
  • Security fixes

    • Upgrade Icedove to 1:45.6.0-1~deb8u1+tail1s.
  • Minor improvements

    • Enable and use the Debian Jessie proposed-updates APT repository, anticipating on the Jessie 8.7 point-release (Closes: #12124).
    • Enable the per-tab circuit view in Tor Browser (Closes: #9365).
    • Change syslinux menu entries from "Live" to "Tails" (Closes: #11975). Also replace the confusing "failsafe" wording with "Troubleshooting Mode" (Closes: #11365).
    • Make OnionCircuits use the filtered control port (Closes: #9001).
    • Make tor-launcher use the filtered control port.
    • Run OnionCircuits directly as the Live user, instead of a separate user. This will make it compatible with the Orca screen reader (Closes: #11197).
    • Run tor-controlport-filter on port 9051, and the unfiltered one on 9052. This simplifies client configurations and assumptions made in many applications that use Tor's ControlPort. It's the exception that we connect to the unfiltered version, so this seems like the more sane approach.
    • Remove tor-arm (Nyx) (Closes: #9811).
    • Remove AddTrust_External_Root.pem from our website CA bundle. We now only use Let's Encrypt (Closes: #11811).
    • Configure APT to use Debian's Onion services instead of the clearnet ones (Closes: #11556).
    • Replaced AdBlock Plus with uBlock Origin (Closes: #9833). This incidentally also makes our filter lists lighter by de-duplicating common patterns among the EasyList filters (Closes: #6908). Thanks to spriver for this first major code contribution!
    • Install OpenPGP Applet 1.0 (and libgtk3-simplelist-perl) from Jessie backports (Closes: #11899).
    • Add support for exFAT (Closes: #9659).
    • Disable unprivileged BPF. Since upgrading to kernel 4.6, unprivileged users can use the bpf() syscall, which is a security concern, even with JIT disabled. So we disable that. This feature wasn't available before Linux 4.6, so disabling it should not cause any regressions (Closes: #11827).
    • Add and enable AppArmor profiles for OnionCircuits and OnionShare.
    • Raise the maximum number of loop devices to 32 (Closes: #12065).
    • Drop kernel.dmesg_restrict customization: it's enabled by default since 4.8.4-1~exp1 (Closes: #11886).
    • Upgrade Electrum to 2.7.9-1.
  • Bugfixes

    • Tails Greeter:
      • use gdm-password instead of gdm-autologin, to fix switching to the VT where the desktop session lives on Stretch (Closes: #11694)
      • Fix more options scrolledwindow size in Stretch (Closes: #11919)
    • Tails Installer: remove unused code warning about missing extlinux in Tails Installer (Closes: #11196).
    • Update APT pinning to cover all binary packages built from src:mesa so we ensure installing mesa from jessie-backports (Closes: #11853).
    • Install xserver-xorg-video-amdgpu. This should help supporting newer AMD graphics adapters. (Closes #11850)
    • Fix firewall startup during early boot, by referring to the "amnesia" user via its UID (Closes: #7018).
    • Include all amd64-microcodes.

For more details, see also our changelog.

Known issues in 2.10~rc1

  • There are no VirtualBox guest modules (#12139).

  • Electrum won't automatically connect since it lacks proxy configuration (#12140). Simply selecting the SOCKS5 proxy in the Network options is enough to get it working again.

  • Longstanding known issues

Tags:

As part of our donation campaign we already explained you why we need donations, what we do with your money, and that Mediapart is the first news organization to commit to support Tails every year.

But today we are just writing to give you all a big thank you!

Since October 13, we have received $98 579 in donations.

This is our first donation campaign and we are completely blown away by the results! It feels really good to see that our community of users understands the real value of Tails and why it is important for them to help us back and keep the project alive and independent.

Starting from today we will be present at the 33rd Chaos Communication Congress in Hamburg. You are encouraged to pass by and meet us at the Secure Desktops assembly.

We accept donations in cash and people donating more than 50€ in Hamburg will get a Tails t-shirt!

Tags: