Releases

The following changes were introduced in Tails 3.5:

  • Tor redesigned Tor Launcher, the application to configure a Tor bridge or a local proxy.

  • Fix printing to a PDF in Tor Browser. (#13403 and #15024)

  • Fix the opening of the Applications menu when the time synchronization changed the clock in the past. (#14250)

  • Fix the opening of the documentation included in Tails for many non-English languages. (#15160)

  • Fix translations of the time synchronization and "Tor is ready" notifications. (#13437)

  • Remove the code to migrate from Claws Mail that was preventing Thunderbird to start in some cases. (#12734)

User experience

Interviews of Tails users

We published 4 new interviews:

Additional Software

We designed the interactions and interfaces for people to install additional software every time Tails is started.

Like for our work on VeraCrypt in December, we did that through paper prototyping and formative testing with users in Berlin.

Here are the most visible parts of this upcoming feature.

When installing a Debian package:

When starting Tails with some additional packages configured:

Additional Software feature in the persistent storage configuration:

Example list of additional software:

Hot topics on our help desk

  1. Electrum users were very stressed about vulnerability found in Electrum in January. Tails is not affected as our firewall blocks the connections required to exploit this vulnerability. Still, we will update Electrum in Tails 3.6.

  2. Meltdown and Spectre vulnerabilities made our users restless.

  3. Tails Installer breaks in locales other than the default was a hard one, although on the other side we see again that many people use Tails in another language than English.

  4. NVidia Maxwell and Pascal graphic cards are still giving problems in Tails 3.5.

  5. As every time we update the Tails signing key, many users got scared by the gpg messages received during OpenGPG ISO verification, but there are several tickets open about this #14711, #13634, #14977.

Strategic planning

We published notes on strategic planning sessions that we had in August to organize future discussions.

Infrastructure

Funding

  • We closed our donation campaign.

  • We added I2P in our list of partners. Thank you I2P for your generous donation!

Outreach

Past events

Upcoming events

On-going discussions

Translations

All the website

  • de: 52% (2838) strings translated, 7% strings fuzzy, 46% words translated
  • fa: 38% (2074) strings translated, 10% strings fuzzy, 40% words translated
  • fr: 91% (4943) strings translated, 1% strings fuzzy, 89% words translated
  • it: 35% (1914) strings translated, 5% strings fuzzy, 31% words translated
  • pt: 22% (1212) strings translated, 9% strings fuzzy, 19% words translated

Total original words: 57571

Core pages of the website

  • de: 76% (1447) strings translated, 13% strings fuzzy, 76% words translated
  • fa: 33% (638) strings translated, 11% strings fuzzy, 33% words translated
  • fr: 98% (1873) strings translated, 1% strings fuzzy, 99% words translated
  • it: 70% (1336) strings translated, 14% strings fuzzy, 70% words translated
  • pt: 41% (779) strings translated, 15% strings fuzzy, 41% words translated

Total original words: 17290

Metrics

  • Tails has been started more than 671878 times this month. This makes 21673 boots a day on average.
  • 11977 downloads of the OpenPGP signature of Tails ISO from our website.
  • 107 bug reports were received through WhisperBack.

How do we know this?

Posted Thu 08 Feb 2018 08:21:15 AM CET

This release fixes many security issues and users should upgrade as soon as possible.

Changes

New features

  • Tor redesigned Tor Launcher, the application to configure a Tor bridge or a local proxy.

Upgrades and changes

  • Update Tor Browser to 7.5.

  • Update Linux to 4.14.13 and the microcode firmware for AMD to mitigate Spectre.

  • Update Thunderbird to 52.5.

Fixed problems

  • Fix printing to a PDF in Tor Browser. (#13403 and #15024)

  • Fix the opening of the Applications menu when the time synchronization changed the clock in the past. (#14250)

  • Fix the opening of the documentation included in Tails for many non-English languages. (#15160)

  • Fix translations of the time synchronization and "Tor is ready" notifications. (#13437)

  • Remove the code to migrate from Claws Mail that was preventing Thunderbird to start in some cases. (#12734)

For more details, read our changelog.

Known issues

  • Debug and error messages appear when starting Tails, including an alarming message about a kernel BUG.

    These messages do not affect the safety of Tails.

  • In Tails Installer, it is only possible to select an ISO image when choose Use a downloaded Tails ISO image when running Tails in English. For other language, the file chooser button remains inactive:

  • The documentation shipped in Tails doesn't open in Tor Browser anymore. The warning page of the Unsafe Browser also lacks graphical design. (#14962 and Tor #24243)

See the list of long-standing issues.

Get Tails 3.5

What's coming up?

Tails 3.6 is scheduled for March 13.

Have a look at our roadmap to see where we are heading to.

We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!

Posted Mon 22 Jan 2018 01:34:56 PM CET Tags:

Releases

Code

Documentation and website

User experience

New download page

We completely redesigned our download page. This work was triggered by the rewrite of Tails Verification (our browser extension) into Web Extensions but the result improves the overall experience.

Tails Verification is also now available for Chrome.

UX work on VeraCrypt in GNOME

We designed the user experience for our work on the integration of VeraCrypt in GNOME.

  1. We analyzed the results of our online survey.

  2. We did some paper prototypes of the interactions and tested them with users.

Read more about our UX work in our dedicated report.

Hot topics on our help desk

  1. Printing to PDF with Tor Browser does not work anymore

Infrastructure

  • We have converted two sources of email sent by cron with Icinga 2 monitoring checks that are easier to track and fine-tune (#11598, #12455).

  • We have fixed a longstanding bug that made the UX of our CI system confusing when deleting a branch in Git (#15069).

  • We have set up a local email server on every Jenkins node that runs automated ISO tests, as a first step towards making our automatic Thunderbird tests more robust (#12277).

  • We have tuned our servers to get a little bit better performance out of our CI system (#15054).

  • We have extended the blueprint about upgrading the hardware for automated tests.

Outreach

Past events

  • 34c3: A fair number of Tails developers and contributors attended the 34th Chaos Communication Congress (34c3) in Leipzig. During this event, we set up a table to meet with interested parties- users, contributors, or anyone interested. We were able to reach both newcomers and long-time users of Tails, answer questions, help, exchange stickers, give away USB keys and t-shirts in exchange of donations, get feedback or just chat. It was, of course, also a great opportunity to meet people in person, discuss, work, and have fun both within the project and with friend projects.

Upcoming events

Translation

All the website

  • de: 54% (2846) strings translated, 7% strings fuzzy, 48% words translated
  • fa: 39% (2076) strings translated, 10% strings fuzzy, 41% words translated
  • fr: 91% (4786) strings translated, 1% strings fuzzy, 88% words translated
  • it: 36% (1919) strings translated, 5% strings fuzzy, 32% words translated
  • pt: 23% (1216) strings translated, 9% strings fuzzy, 19% words translated

Total original words: 56302

Core pages of the website

  • de: 76% (1454) strings translated, 13% strings fuzzy, 77% words translated
  • fa: 33% (640) strings translated, 11% strings fuzzy, 33% words translated
  • fr: 97% (1848) strings translated, 2% strings fuzzy, 96% words translated
  • it: 71% (1342) strings translated, 13% strings fuzzy, 71% words translated
  • pt: 41% (784) strings translated, 15% strings fuzzy, 41% words translated

Total original words: 17235

Metrics

  • Tails has been started more than 637276 times this month. This makes 20557 boots a day on average.
  • 9215 downloads of the OpenPGP signature of Tails ISO from our website.
  • 66 bug reports were received through WhisperBack.
Posted Tue 16 Jan 2018 07:43:52 PM CET

We are working on making it much easier to permanently install additional software in Tails.

We want to test our design with users to make sure that it is really easy to use.

Don't be shy! It will be a great opportunity to contribute to world-class privacy software like Tails, even if you don't feel really tech-savvy.

The tests will take place in Berlin (Wedding) in January on:

  • Saturday 27
  • Sunday 28
  • Monday 29

Plan to stay with us for 1 hour.

We will give you a Tails T-shirt as a token of our thanks.

Please, take this survey so we can organize our schedule:

https://survey.tails.boum.org/index.php/744729 (We have enough people already!)

And if you can't come, maybe you can share this with 2-3 other people in Berlin?

Posted Wed 10 Jan 2018 01:34:56 PM CET Tags:

This release fixes many security issues and users should upgrade as soon as possible.

In particular, Tails 3.4 fixes the widely reported Meltdown attack, and includes the partial mitigation for Spectre.

Changes

Upgrades and changes

Fixed problems

  • Fix an issue that made Tails start very slowly, in particular on DVD. (#14964)

  • Don't delete downloaded Debian packages after installing them. This is mostly relevant for users of the APT Packages persistence feature. (#10958)

  • Fix an issue that prevented some Debian packages to install properly with the Additional software feature. (#6038)

  • Update uBlock Origin to restore its icon in Tor Browser, and make its settings dashboard work again. (#14993)

For more details, read our changelog.

Known issues

  • The graphical splash screen usually displayed during Tails startup quickly disappears and is replaced by garbled text messages. As long as Tails appears to work fine for you otherwise, please ignore these messages, including the alarming message about a "kernel BUG" (which was reported to Debian): they do not affect the safety of your Tails system.
  • Due to an issue in Tor Browser, the documentation shipped in Tails doesn't open in Tor Browser anymore and lacks our sidebar. The warning page of the Unsafe Browser also lacks graphical design. (#14962)

See the list of long-standing issues.

Get Tails 3.4

What's coming up?

Tails 3.5 is scheduled for January 23.

Have a look at our roadmap to see where we are heading to.

We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!

Posted Tue 09 Jan 2018 01:34:56 PM CET Tags:

Releases

Code

  • We fixed issues regarding reproducible builds (#14924, #14946, #14933) and later realized that one of them fixes did not work in some corner cases… that include the ISO images we build for the Tails official releases. Sadly, due to an internal communication mishap we've announced that Tails 3.3 was reproducible before we had learned about this remaining problem.

  • We uploaded a new version of tails-installer (5.0.2) to Debian and Ubuntu. This version has a simpler interface than previous versions.

Documentation and website

  • We have documented internally how active Tails contributors can be sponsored to attend events on behalf of Tails and are now working towards publishing this documentation so that all contributors are aware of this option (#14727).

User experience

  • We almost finished the work on the new download page and verification extension for Firefox and Chrome. We're stuck blocked by security reviews and improvements on the JavaScript code.

  • Our survey on file storage encryption was answered 1012 times between October 17 and December 1. It was a huge success and we'll now move on to analyzing the results.

Hot topics on our help desk

  1. #14968: Ublock is not working in Tails 3.3

  2. #12328: Tails Firefox Add-on is not working in last Firefox

Infrastructure

Funding

  • We submitted a funding request for the Secure Operating Systems Summit that we are organizing with Qubes OS, Subgraph OS and Whonix.

  • We applied to the "Good of the Internet" call for proposals by RIPE NCC. Our proposal is titled "Interoperability and communication continuity between mobile, laptop and desktop computers, in privacy and security-sensitive environments".

  • We continued to run our donation campaign.

Outreach

Past events

  • Some of us attended the Reproducible Builds World summit in Berlin, Germany (report).

  • intrigeri attended the OTF summit in Valencia, then followed-up with people he has met there.

  • ignifugo gave a talk about Tails at a greek hackerspace.

Upcoming events

On-going discussions

Press and testimonials

Translation

All the website

  • de: 54% (2902) strings translated, 7% strings fuzzy, 47% words translated
  • fa: 39% (2103) strings translated, 9% strings fuzzy, 41% words translated
  • fr: 89% (4742) strings translated, 0% strings fuzzy, 84% words translated
  • it: 38% (2022) strings translated, 5% strings fuzzy, 33% words translated
  • pt: 24% (1292) strings translated, 9% strings fuzzy, 20% words translated

Total original words: 57402

Core pages of the website

  • de: 80% (1506) strings translated, 12% strings fuzzy, 79% words translated
  • fa: 34% (647) strings translated, 11% strings fuzzy, 34% words translated
  • fr: 99% (1864) strings translated, 0% strings fuzzy, 99% words translated
  • it: 76% (1444) strings translated, 13% strings fuzzy, 77% words translated
  • pt: 45% (851) strings translated, 16% strings fuzzy, 46% words translated

Total original words: 17062

Metrics

  • Tails has been started more than 655.776 times this month. This makes 21.859 boots a day on average.
  • 12.371 downloads of the OpenPGP signature of Tails ISO from our website.
  • 99 bug reports were received through WhisperBack.
Posted Thu 14 Dec 2017 11:56:17 AM CET

As part of our current donation campaign, we recently explained why we need donations and what we accomplished this year. Today we are sharing with you some of our plans for the next years:

Applications and features

  • Tails Server: run onion services from Tails (VoIP chat rooms, collaboration tools, web servers, messaging servers, etc.) (#5688, Blueprint). (Planned for early 2018.)
  • VeraCrypt support in GNOME: graphical utilities to mount VeraCrypt volumes (#11684, #6337, Blueprint). (Planned for late 2018.)
  • Graphical interface for the Additional Packages persistent feature: allow users to customize which applications are available in their Tails (#14568, Blueprint). (Planned for late 2018.)

User research and support

  • Power our help desk with a request tracker to know better how to help our user base at large (#9803, Blueprint)
  • Web translation platform We have received a grant from Lush Digital fund to set up a translation platform for our website. This platform shall make it easier for translators to translate our documentation, and to have our website translated into more languages (#10034). (Planned for late 2018.)

Better adoption

  • Rethink the installation and upgrade process in depth and reflect on the future of Tails Installer, the installation on Windows and macOS, and automatic upgrades (#11679)
  • Give some love to our troubleshooting documentation:

Resistance to remote exploitation

  • Persistent Tor state to have persistent entry guards (#5462, Blueprint)
  • Persistent seed for random number generator to have stronger crypto (#7675, Blueprint)
  • Have critical parts of Tails audited (#14508)

These are all items that we find important and want to prioritize. But making them a reality will require lots of work, time, and money; on top of all the day-to-day work that we do to simply keep Tails alive.

If you want us to get there faster, please take one minute to make a donation.

Posted Mon 04 Dec 2017 01:00:00 PM CET Tags:

We are working on making it much easier to use VeraCrypt in Tails.

We want to test our design with users to make sure that it is really easy to use. We are looking for users of either VeraCrypt, Tails, or both.

Don't be shy! It will be a great opportunity to contribute to world-class privacy software like Tails, even if you have little or no knowledge of Tails or VeraCrypt.

The tests will take place in Berlin (Wedding) on Friday 8, Saturday 9, and Sunday 10 of December in the afternoon. Plan to stay with us for 1 hour.

We will give you a Tails T-shirt as a token of our thanks.

Please, take this survey so we can organize our schedule:

https://survey.tails.boum.org/index.php/374714 (We have enough people already!)

And if you can't come, maybe you can forward this to 2-3 other people in Berlin?

Posted Thu 23 Nov 2017 01:34:56 PM CET Tags:

Reproducible Tails builds

We have received the Mozilla Open Source Support award in order to make Tails ISO images build reproducibly. This project was on our roadmap for 2017 and with the release of Tails 3.3 we are proud to present one of the world's first reproducible ISO images of a Linux operating system.

From source code to binary code

When we write software, we do this using programming languages which a human can read and understand. This is called the source code. One can imagine source code much like a very precise recipe. Such a recipe describes an exact procedure: which ingredients and which amount of ingredients do you need? How should they be mixed together at which temperature should they be cooked or baked? The recipe will even describe the expected outcome: how the meal should look and taste like.

When we generate a Tails ISO image, our source code and the Debian packages we include are assembled into a binary ISO image, much like when the ingredients of the recipe are mixed together, one obtains the meal. The amounts and ingredients of this meal cannot be easily reverse engineered. The result of our cooking process is a Tails ISO image which users download and install onto a USB stick.

We, chefs and aides in the kitchen (Tails developers and contributors), provide you, our users, with several means to verify that this ISO image is indeed the one we want you to download, either using our Firefox add-on which does this verification automatically for you or by using our OpenPGP signature. Both of these verification methods simply tell you that the ISO image is the image which we want you to download: That the meal you get is indeed the meal that you've ordered, and not a meal which has been poisoned or exchanged by an evil waiter (such as a download mirror).

However, even with such sophisticated verification methods, it is still impossible to trace back the meal to the recipe: Does the meal contain only the ingredients it is supposed to contain? Or could unauthorized personnel have broken into the kitchen at night, and then poisoned the ingredients and made the oven cook at 50 degrees higher than displayed? In other words, could a malicious entity have compromised our build machines? That's what reproducible builds help verify and protect against.

What's a reproducible build?

Reproducible builds are a set of software development practices that create a verifiable path from human readable source code to the binary code used by computers. (quoted from https://reproducible-builds.org/)

In other words, with reproducible builds, each cooking process of the same recipe is exactly repeatable.

At Tails, we have worked during a year to implement such a set of practices. This makes it now possible to compare ISO images built by multiple parties from the same source code and Debian packages, and to ensure that they all result in exactly the same ISO image.

Or again, using our cooking metaphor: Several of us will cook the meal, compare that we all cooked the same meal and only once we're sure about that, we will deliver it to you.

We all can thus gain confidence that no broken oven has introduced malicious code or failures: or we would notice it before delivering the meal.

What does this mean for you as a user?

This does not change anything in the way you download and install Tails, and you don't have to make additional verifications. It simply helps trust that the Tails ISO image that we distribute is indeed coming from the source code and Debian packages it is meant to be made of. With reproducible Tails, it only takes one knowledgeable person to build Tails and compare with the ISO image the Tails project distributes to uncover some kinds of backdoors.

And by the way, not only our ISO images are now reproducible, but so are our incremental upgrades. And you are benefiting from this improvement without even noticing :)

Thank you

Besides Mozilla's Open Source Support and the Reproducible Builds community that provided critical help where we strongly needed it, we'd also like to thank all members of our community who helped us test this process. You giving us a hand is much appreciated!

Technical implementation

If you are interested in the technical details of our implementation, we invite you to read our report to the Reproducible Builds community about how we did it.

We've also published technical instructions to verify one's own build.

Help us make Tails even better

Tails is a self organized free software project. We depend on partnerships, grants and most importantly on donations by individuals like you.

Care to give us a hand to make Tails bake even better cakes in the future?

Known issues

Any reproducible build process is reproducible… until proven otherwise. In our case last-minute issues were discovered and should be fixed in the next Tails release:

Posted Wed 15 Nov 2017 11:00:00 AM CET Tags:

This release fixes many security issues and users should upgrade as soon as possible.

Changes

Upgrades and changes

  • Update Tor to 0.3.1.8 which saves bandwidth when starting.

  • Update Tor Browser to 7.0.10.

  • Update Thunderbird to 52.4.0.

  • Update Linux to 4.13.0.

Fixed problems

  • Fix UEFI support for USB sticks installed using Universal USB Installer. (#8992)

  • Fix errors on file system creation in Tails Installer when the target USB stick is plugged before starting Tails Installer. (#14755).

  • Fix Tails Installer on Debian sid and recent versions of udisks2. (#14809)

  • Fix the screen reader and screen keyboard in Tor Browser and Thunderbird. (#14752, #9260)

  • Make the configuration of the keyboard layout more robust when starting a session. (#12543)

For more details, read our changelog.

Known issues

  • Due to an issue in Tor Browser, the documentation shipped in Tails doesn't open in Tor Browser anymore and lacks our sidebar. The warning page of the Unsafe Browser also lacks graphical design. (#14962)
  • Starting Tails 3.3 from DVD takes more than twice as long as earlier releases. (#14964)

See the list of long-standing issues.

Get Tails 3.3

What's coming up?

Tails 3.5 is scheduled for January 16.

Have a look at our roadmap to see where we are heading to.

We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!

Posted Tue 14 Nov 2017 01:34:56 PM CET Tags: