You can help Tails! The first release candidate for the upcoming version 2.10 is out. Please test it and report any issue. We are particularly interested in feedback and problems relating to:

  • OnionShare
  • Tor Browser's per-tab circuit view
  • Problems with OnionCircuits
  • Problems with Tor Launcher (when configuring Tor bridges, proxy etc.)

How to test Tails 2.10~rc1?

Keep in mind that this is a test image. We tested that it is not broken in obvious ways, but it might still contain undiscovered issues.

But test wildly!

If you find anything that is not working as it should, please report to us! Bonus points if you first check if it is a known issue of this release or a longstanding known issue.

Download and install

Tails 2.10~rc1 torrent

Tails 2.10~rc1 ISO image OpenPGP signature

To install 2.10~rc1, follow our usual installation instructions, skipping the Download and verify step.

Upgrade from 2.9.1

  1. Start Tails 2.9.1 on a USB stick installed using Tails Installer and set an administration password.

  2. Run this command in a Root Terminal to select the "alpha" upgrade channel and start the upgrade:

    echo TAILS_CHANNEL=\"alpha\" >> /etc/os-release && \
         tails-upgrade-frontend-wrapper
    
  3. After the upgrade is installed, restart Tails and choose Applications ▸ Tails ▸ About Tails to verify that you are running Tails 2.10~rc1.

What's new since 2.9.1?

Changes since Tails 2.9.1 are:

  • Major new features and changes

    • Upgrade the Linux kernel to 4.8.0-0.bpo.2 (Closes: #11886).
    • Install OnionShare from jessie-backports. Also install python3-stem from jessie-backports to allow the use of ephemeral onion services (Closes: #7870).
    • Completely rewrite tor-controlport-filter. Now we can safely support OnionShare, Tor Browser's per-tab circuit view and similar.
      • Port to python3.
      • Handle multiple sessions simultaneously.
      • Separate data (filters) from code.
      • Use python3-stem to allow our filter to be a lot more oblivious of the control language (Closes: #6788).
      • Allow restricting STREAM events to only those generated by the subscribed client application.
      • Allow rewriting commands and responses arbitrarily.
      • Make tor-controlport-filter reusable for others by e.g. making it possible to pass the listen port, and Tor control cookie/socket paths as arguments (Closes: #6742). We hear Whonix plan to use it! :)
    • Upgrade Tor to 0.2.9.8-2~d80.jessie+1, the new stable series (Closes: #12012).
  • Security fixes

    • Upgrade Icedove to 1:45.6.0-1~deb8u1+tail1s.
  • Minor improvements

    • Enable and use the Debian Jessie proposed-updates APT repository, anticipating on the Jessie 8.7 point-release (Closes: #12124).
    • Enable the per-tab circuit view in Tor Browser (Closes: #9365).
    • Change syslinux menu entries from "Live" to "Tails" (Closes: #11975). Also replace the confusing "failsafe" wording with "Troubleshooting Mode" (Closes: #11365).
    • Make OnionCircuits use the filtered control port (Closes: #9001).
    • Make tor-launcher use the filtered control port.
    • Run OnionCircuits directly as the Live user, instead of a separate user. This will make it compatible with the Orca screen reader (Closes: #11197).
    • Run tor-controlport-filter on port 9051, and the unfiltered one on 9052. This simplifies client configurations and assumptions made in many applications that use Tor's ControlPort. It's the exception that we connect to the unfiltered version, so this seems like the more sane approach.
    • Remove tor-arm (Nyx) (Closes: #9811).
    • Remove AddTrust_External_Root.pem from our website CA bundle. We now only use Let's Encrypt (Closes: #11811).
    • Configure APT to use Debian's Onion services instead of the clearnet ones (Closes: #11556).
    • Replaced AdBlock Plus with uBlock Origin (Closes: #9833). This incidentally also makes our filter lists lighter by de-duplicating common patterns among the EasyList filters (Closes: #6908). Thanks to spriver for this first major code contribution!
    • Install OpenPGP Applet 1.0 (and libgtk3-simplelist-perl) from Jessie backports (Closes: #11899).
    • Add support for exFAT (Closes: #9659).
    • Disable unprivileged BPF. Since upgrading to kernel 4.6, unprivileged users can use the bpf() syscall, which is a security concern, even with JIT disabled. So we disable that. This feature wasn't available before Linux 4.6, so disabling it should not cause any regressions (Closes: #11827).
    • Add and enable AppArmor profiles for OnionCircuits and OnionShare.
    • Raise the maximum number of loop devices to 32 (Closes: #12065).
    • Drop kernel.dmesg_restrict customization: it's enabled by default since 4.8.4-1~exp1 (Closes: #11886).
    • Upgrade Electrum to 2.7.9-1.
  • Bugfixes

    • Tails Greeter:
      • use gdm-password instead of gdm-autologin, to fix switching to the VT where the desktop session lives on Stretch (Closes: #11694)
      • Fix more options scrolledwindow size in Stretch (Closes: #11919)
    • Tails Installer: remove unused code warning about missing extlinux in Tails Installer (Closes: #11196).
    • Update APT pinning to cover all binary packages built from src:mesa so we ensure installing mesa from jessie-backports (Closes: #11853).
    • Install xserver-xorg-video-amdgpu. This should help supporting newer AMD graphics adapters. (Closes #11850)
    • Fix firewall startup during early boot, by referring to the "amnesia" user via its UID (Closes: #7018).
    • Include all amd64-microcodes.

For more details, see also our changelog.

Known issues in 2.10~rc1

  • There are no VirtualBox guest modules (#12139).

  • Electrum won't automatically connect since it lacks proxy configuration (#12140). Simply selecting the SOCKS5 proxy in the Network options is enough to get it working again.

  • Longstanding known issues

Posted Fri 13 Jan 2017 01:02:03 AM CET Tags:

As part of our donation campaign we already explained you why we need donations, what we do with your money, and that Mediapart is the first news organization to commit to support Tails every year.

But today we are just writing to give you all a big thank you!

Since October 13, we have received $98 579 in donations.

This is our first donation campaign and we are completely blown away by the results! It feels really good to see that our community of users understands the real value of Tails and why it is important for them to help us back and keep the project alive and independent.

Starting from today we will be present at the 33rd Chaos Communication Congress in Hamburg. You are encouraged to pass by and meet us at the Secure Desktops assembly.

We accept donations in cash and people donating more than 50€ in Hamburg will get a Tails t-shirt!

Posted Mon 26 Dec 2016 12:34:56 PM CET Tags:

We are very excited to announce that Mediapart, an independent French investigative journal, has decided to support Tails financially every year.

In the past years, Mediapart has played a central role in the revelation and investigation of several major French political scandals. As such they are well aware of the digital threats faced by their sources, their journalists, and their readers.

Tails has gained recognition by being used by Edward Snowden and the journalists reporting on his NSA leaks in 2014. According to Barton Gellman:

« Privacy and encryption work, but it's too easy to make a mistake that exposes you. Tails puts the essential tools in one place, with a design that makes it hard to screw them up. I could not have talked to Edward Snowden without this kind of protection. I wish I'd had it years ago. »

Since then many journalists around the world understood this approach and adopted Tails to make it easier to stay safe. As Jean-Marc Manach puts it:

« War reporters have to buy helmets, bullet-proof vests and rent armored cars; journalists using the Internet for their investigations are much luckier: to be as secured as war reporters, they only have to download Tails, burn it on a CD, install it on a SD card, and learn the basics of information and communication security, and it's free! »

In the same way that news organizations invest in physical security or proprietary software tools to do their work, news organizations should also invest in free software tools that, as security experts like Bruce Schneier have repeatedly stated, are going to be safe:

« I think most of the public domain privacy tools are going to be safe, yes. [...] I think that Tails is going to be safe. [...] You know, the NSA has a big lever when a tool is written closed-source by a for-profit corporation. There are levers they have that they don't have in the open source international, altruistic community. And these are generally written by crypto-paranoids, they're pretty well designed. »

As such, Tails has been the recommended secure platform for use with the SecureDrop and GlobaLeaks whistle-blowing platforms.

Talking about the challenges of the adoption of encryption by journalists, the Internet freedom expert Christopher Soghoian said at #EncryptNews, a conference on digital security and journalism:

« News organizations need to also contribute to this community pool of tools. We need to have [reporters] contributing patches to PGP, OTR, and Tails. These organizations need to be funding $5.000 or $10.000 improvements to make these tools better. Because everyone is relying on these tools and none of the major organizations that are actually benefiting them are actually contributing to their development. »

Mediapart is the first news organization to officially endorse Tails and answer our call for donations. We hope they are not going to be the last.

If your organization is also interested in becoming a regular donor, please contact us at tails-accounting@boum.org (OpenPGP key).

Posted Thu 15 Dec 2016 12:34:56 PM CET Tags:

This release fixes many security issues and users should upgrade as soon as possible.

Changes

Upgrades and changes

  • Upgrade Tor to 0.2.8.10.

  • Upgrade Tor Browser to 6.0.8.

  • Upgrade Icedove to 45.5.1.

  • Upgrade obfs4proxy to 0.0.7.

  • Switch to DuckDuckGo as the default search engine in Tor Browser. The previous default search engine, Disconnect.me, has already been redirecting to Duck Duck Go for some time.

Fixed problems

For more details, read our changelog.

Known issues

None specific to this release.

See the list of long-standing issues.

Get Tails 2.9.1

What's coming up?

Tails 2.10 is scheduled for January 24.

Have a look at our roadmap to see where we are heading to.

We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!

Posted Wed 14 Dec 2016 12:34:56 PM CET Tags:

Releases

The following changes were introduced in Tails 2.7:

  • Fix multi-architecture support in Synaptic. This should fix broken installations of additional packages from Synaptic. (#11820)

  • Set default spell checking language of Icedove to English instead of French. (#11037)

Code

New Tails Greeter

After many months of development, the redesigned version of Tails Greeter is ready to be tested.

Tails based on Debian 9 (Stretch)

We made lots of progress on porting Tails to Debian 9 (Stretch). This work culminated with the release of Tails 3.0~alpha1.

Reproducible ISO build

We had an initial sprint about reproducible builds. We are very happy with the progress we've made: the tree that becomes filesystem.squashfs is now almost fully reproducible; so is also the tree that is the basis for automatic upgrades. Along the way, we've contributed a number of patches to Debian and upstream projects.

  • Make our PO files update reproducibly, by not updating them unless something other than POT-Creation-Date has changed.
  • live-build:
    • Use xorriso, that honors the SOURCE_DATE_EPOCH variable, to build the ISO filesystem reproducibly.
    • Expose the SOURCE_DATE_EPOCH variable when running scripts inside the chroot.
    • Clamp mtimes to SOURCE_DATE_EPOCH in the chroot and binary filesystems.
    • Use SOURCE_DATE_EPOCH to populate /.disk/info timestamp.
    • Use SOURCE_DATE_EPOCH when templating syslinux templates.
  • Made mksquashfs honor SOURCE_DATE_EPOCH for the filesystem creation date, and had it clamp mtimes to SOURCE_DATE_EPOCH.
  • Incremental upgrade kits:
    • Made aufs white-outs reproducible.
    • Made aufs pseudo-links permanent, so that they are reproducible.
    • Passed --sort=name --clamp-mtime --mtime=@$SOURCE_DATE_EPOCH to tar.
  • Made our web site build reproducibly… and then discovered more bits that are not generated in a deterministic way, which lead us to discover that our cleanall build option did not clean as well as it should (fix).
  • Eliminated various causes for non-determinism, such as caches and other generated files.
  • On the infrastructure side of things:
    • Vagrant boxes management: we came up with a new design that will be reflected on the blueprint shortly.
    • Experimented with using our Vagrant + libvirt build system on one of our Jenkins ISO builders, and started work towards migrating them all.

Documentation and website

User experience

Infrastructure

Funding

  • We continued our donation campaign and wrote about what we do with our money and our plans for the coming years.

  • Our grant proposal for NLnet on porting Tails to Debian Stretch was rejected.

  • Our grant proposal for ISC Project on a translation platform for our website was rejected.

Outreach

Translation

  • All the website:

    • de: 57% (2880) strings translated, 4% strings fuzzy, 51% words translated
    • fa: 46% (2344) strings translated, 7% strings fuzzy, 52% words translated
    • fr: 79% (3979) strings translated, 4% strings fuzzy, 78% words translated
    • it: 17% (885) strings translated, 2% strings fuzzy, 18% words translated
    • pt: 31% (1593) strings translated, 8% strings fuzzy, 29% words translated

    Total original words: 50832

  • Core pages of the website:

    • de: 85% (1569) strings translated, 8% strings fuzzy, 85% words translated
    • fa: 39% (724) strings translated, 9% strings fuzzy, 40% words translated
    • fr: 90% (1657) strings translated, 7% strings fuzzy, 91% words translated
    • it: 47% (871) strings translated, 6% strings fuzzy, 53% words translated
    • pt: 51% (947) strings translated, 12% strings fuzzy, 52% words translated

    Total original words: 16995

Metrics

  • Tails has been started more than 613099 times this month. This makes 20437 boots a day on average. It's the first time we're over 20000 boots a day!
  • 14634 downloads of the OpenPGP signature of Tails ISO from our website.
  • 110 bug reports were received through WhisperBack.
Posted Fri 09 Dec 2016 08:27:13 PM CET

You can help Tails! The first alpha for the redesigned Tails Greeter is out. We are very excited and cannot wait to hear what you think about it :)

What is Tails Greeter?

Tails Greeter is the set of dialogs that appear after the boot menu, but before the GNOME Desktop appears.

It lets you choose your language, enable your persistent volume, and set a number of other options.

Why a new Tails Greeter?

We had two main reasons to redesign Tails Greeter:

  • Usability testing has demonstrated that it is not as easy to use as we would like, especially for people trying Tails for the first time.
  • We have pushed the old interface to its limits; it cannot accommodate the options we would like to add to it.

What is new in the redesigned Tails Greeter?

Nearly everything you can see has changed! We have been working for more than two years with designers to make Tails Greeter easier to use:

Redesigned Tails Greeter
alpha screenshot

How to test the redesigned Tails Greeter?

Keep in mind that this is a test image. We did not carefully test it so it is not guaranteed to provide any security or anonymity.

But test wildly!

Download and install

experimental Tails ISO image including the redesigned Tails Greeter

The line corresponding to the ISO image is the one whose size is 1G.

You cannot install this ISO image from Tails 2.x. It is impossible as well to upgrade to this ISO image from Tails 2.x. So, either install or upgrade from a non-Tails system, or start this ISO image from DVD and then clone it to a USB stick.

To install this ISO image, follow our usual installation instructions, skipping the Download and verify step.

What to test

Don't hesitate to test all kinds of options, and ensure they are taken into account in the Tails session.

If you find anything that is not working as it should, please report to us on tails-testers@boum.org, including the exact filename of the ISO image you have tested.

Known issues in the redesigned Tails Greeter

Like it?

We have a donation campaign going on: we explained you why we needed donations, how we use these donations, and we shared with you our plans for the next years.

So if you want Tails to remain independent, if you want to enable the Tails team to work on projects we think are important, such as redesigning Tails Greeter, please take one minute to make a donation.

Posted Tue 06 Dec 2016 07:00:00 PM CET Tags:

This release fixes many security issues and users should upgrade as soon as possible.

Changes

Upgrades and changes

  • Upgrade Tor Browser to 6.0.7.

For more details, read our changelog.

Known issues

See the list of long-standing issues.

Get Tails 2.7.1

What's coming up?

Tails 2.9 is scheduled for December 13.

Have a look at our roadmap to see where we are heading to.

We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!

Posted Wed 30 Nov 2016 01:34:56 PM CET Tags:

As part of our ongoing donation campaign, we already explained you why we needed donations and how we use these donations. Today we are sharing with you our plans for the next years:

  • Easier adoption

    • Revamp Tails Greeter: make it easier to configure Tails when starting (#5464)
    • Rethink the installation and upgrade process: take a step back and reflect on the future of Tails Installer, the installation on Windows and Mac, and automatic upgrades (#11679)
    • Graphical installation method for Mac OS: what would it take to document tools other than Tails Installer to do a graphical installation from Mac OS? (#11682)
    • Explain better what Tails is and what makes it so awesome (#9814)
  • Security hardening

    • Reproducible build of the ISO image: protect users and developers from a malicious build of our ISO image (#5630)
    • Persistent Tor state: have persistent entry guards (#5462)
    • HTTPS mirrors: serve our downloads over HTTPS only (#9796)
    • Persistent seed for random number generator: have better entropy and stronger crypto (#7675)
    • Browser fingerprint: compare and reevaluate the web fingerprint of Tor Browser inside and outside Tails (#5362)
  • Community

    • Web platform for translators: make it easier to translate our website (#10034)
    • Social contract: guiding principles that reflects the commitment to our ideals (#11669)
    • Personas: study and describe our user base to take better design decisions (#11162)
    • Improvements to WhisperBack: make it easier and faster to answer support requests (#9799, #9800)
  • Sustainability

    • Tails based on Debian Stretch (Tails 3.0)
    • Better server infrastructure: to handle our growing needs on continuous integration and have a backup server (#11680, #6185)
    • Test Tails on ARM: starting with a few Chromebooks supported by Debian (#11677)
    • Tails on tablets: specify what upstream projects (GNOME, Debian, etc.) should work on to help porting Tails to tablets and smartphones (#10039)
  • Fundraising

    • Have more reliable and steady sources of income
    • Depend less on grants from governments
  • New applications and features

    • Graphical interface for the Additional Packages persistent feature: allow users to customize which applications are available in their Tails (#5996 #9059)
    • Backups: provide a graphical tool to backup the persistent volume (#5301)
    • Screen locker: allow users to lock their session with a password (#5684)
    • Tails Server: run onion services from Tails (VoIP chat rooms, collaboration tools, web servers, messaging servers, etc.) (#5688)
    • Tails Verifier: allow verifying whether a Tails installation has been corrupted (#7496)
    • TrueCrypt support in GNOME: graphical utilities to mount TrueCrypt volumes (#11684, #6337)

These are all items that we find important and want to prioritize. But making them a reality will require lots of work, time, and money; on top of all the day-to-day work that we do to simply keep Tails alive.

If you want us to get there faster, please take one minute to make a donation.

If your organization is interested in funding one of these tasks in particular, please contact us at tails-accounting@boum.org (OpenPGP key).

Posted Sat 26 Nov 2016 12:34:56 PM CET Tags:

You can help Tails! The first alpha for the upcoming version 3.0 is out. We are very excited and cannot wait to hear what you think about it :)

What's new in 3.0?

Tails 3.0 will be the first version of Tails based on Debian 9 (Stretch). As such, it upgrades essentially all included software.

It also requires a 64-bit computer, and GNOME Shell is now configured to use its default black theme.

Technical details of all the changes are listed in the Changelog.

How to test Tails 3.0~alpha1?

Keep in mind that this is a test image. We tested that it is not broken in obvious ways, but it might still contain undiscovered issues.

But test wildly!

If you find anything that is not working as it should, please report to us tails-testers@boum.org.

Bonus points if you first check if it is a known issue of this release or a longstanding known issue.

Download and install

Tails 3.0~alpha1 ISO image OpenPGP signature

You cannot install Tails 3.0~alpha1 from Tails 2.x. It is impossible as well to upgrade to Tails 3.0~alpha1 from Tails 2.x. So, either install or upgrade from a non-Tails system, or start Tails 3.0~alpha1 from DVD and then clone it to a USB stick.

To install 3.0~alpha1, follow our usual installation instructions, skipping the Download and verify step.

If you find anything that is not working as it should, please report to us on tails-testers@boum.org.

Bonus points if you first check if it is a known issue of this release or a longstanding known issue.

Known issues in 3.0~alpha1

  • The documentation was not adjusted yet.

  • Open tickets for Tails 3.0

  • If you have the GnuPG persistence feature enabled, update files in /home/amnesia/.gnupg/:

    1. Set up an administration password and log in.
    2. Import dirmngr.conf from /lib/live/mount/rootfs/filesystem.squashfs/etc/skel/.gnupg/dirmngr.conf.
    3. Backup the /home/amnesia/.gnupg/gpg.conf file, replace it with /lib/live/mount/rootfs/filesystem.squashfs/etc/skel/.gnupg/gpg.conf, and re-apply your custom settings on top of the new file.
  • Longstanding known issues

Posted Fri 18 Nov 2016 11:00:00 AM CET Tags:

This release fixes many security issues and users should upgrade as soon as possible.

Changes

Upgrades and changes

Fixed problems

  • Fix multi-architecture support in Synaptic. This should fix broken installations of additional packages from Synaptic. (#11820)

  • Set default spell checking language of Icedove to English instead of French. (#11037)

For more details, read our changelog.

Known issues

  • Users setting their Tor Browser security slider to High will have to click on a link to see the result of the search they done with the search box.

See the list of long-standing issues.

Get Tails 2.7

What's coming up?

Tails 2.8 is scheduled for December 13.

Have a look at our roadmap to see where we are heading to.

We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!

Posted Tue 15 Nov 2016 12:34:56 PM CET Tags: