You can help Tails! The first release candidate for the upcoming version 0.14 is out. Please test it and see if all works for you.

How to test Tails 0.14~rc1?

  1. Keep in mind that this is a test image. We have made sure that it is not broken in an obvious way, but it might still contain undiscovered issues.

  2. Download the ISO image and its signature:

    Tails 0.14~rc1 ISO image

    Tails 0.14~rc1 signature

  3. Verify the ISO image.

  4. Have a look at the list of known issues of this release and the list of longstanding known issues.

  5. Test wildly!

If you find anything that is not working as it should, please report to us! Bonus points if you check that it is not a known issue of this release or a longstanding known issue.

What's new since 0.13?

  • Major new features
    • gpgApplet can now handle public-key cryptography.
    • Install an additional, PAE-enabled kernel with NX-bit support. This kernel is auto-selected when the hardware supports it and will:
      • provide executable space protection, preventing certain types of buffer overflows from being exploitable.
      • enable more than 4 GiB of system memory.
      • make all processors/cores available, including their power-saving functionality.
    • Add a persistence preset for NetworkManager connections.
    • Enable Tor stream isolation; several new SocksPorts with appropriate Isolate* options have been added for different use cases (i.e. applications). All application's have been reconfigured to use these new SocksPorts, which should increase anonymity by making it more difficulte to correlate traffic from different applications or "online identities".
  • Minor improvements
    • On kexec reboot, make the boot quiet only if debug=wipemem was not enabled.
    • Update torproject.org's APT repo key.
    • Update the embedded Tails signing key.
    • Use symlinks instead of dupliqcating localized searchplugins.
    • Rewrite Tails firewall using ferm. Tails firewall was written in very unsophisticated iptables-save/restore format. As more feature creeped in, it started to be quite unreadable.
    • Optimize VirtualBox modules build at runtime to avoid installing the userspace utils N times.
    • Drop most of Vidalia's configuration. Our custom lines just caused trouble (with multiple SocksPorts) and the default works well.
    • Blacklist PC speaker module. On some computers, having the pcspkr module loaded means loud beeps at bootup, shutdown and when using the console. As it draws useless attention to Tails users, it is better to prevent Linux from loading it by default.
    • Remove all addons from the Unsafe Browser. No addons are essential for the Unsafe Browser's intent. If anything they will modify the network fingerprint compared to a normal Iceweasel install, which is undesirable.
    • Prevent some unwanted packages to be installed at all, rather than uninstalling them later. This should speed up the build a bit.
    • Add a symlink from /etc/live/config to /etc/live/config.d. This makes the system compatible with live-config 3.0.4-1, without breaking backward compatibility with various parts of the system that use the old path.
    • Do not run unecessary scripts during shutdown sequence, to make shutdown faster.
    • Fix Iceweasel's file associations. No more should you be suggested to open a PDF in the GIMP.
    • Make live-persist deal with persistent ~/.gconf subdirs so that any options saved therein actually get persistent.
    • Prevent memlockd unload on shutdown, to make sure that all necessary tools for memory wiping are available when the new kernel has kexec'd.
    • Patch initscripts headers instead of fiddling with update-rc.d. We now let insserv figure out the correct ordering for the services during startup and shutdown, i.e. use dependency-based boot sequencing.
  • Bugfixes
    • Include seq in the ramdisk environment: it is used to wipe more memory. This fixes the long-standing bug about Tails not cleaning all memory on shutdown.
    • Fix Yelp crashing on internal links
    • Allow amnesia user to use Tor's TransPort. This firewall exception is necessary for applications that doesn't have in-built SOCKS support and cannot use torsocks. One such example is Claws Mail, which uses tsocks since torsocks makes it leak the hostname. This exception, together with Tor's automatic .onion mapping makes Claws Mail able to use hidden service mail providers again.
    • Force threads locking support in Python DBus binding. Without this liveusb-creator doesn't work with a PAE-enabled kernel.
    • Fix localized search plugins for 'es' and 'pt'
    • Fix live-boot's readahead, which caused an unnecessary pause during boot.
    • Factorize GCC wanted / available version numbers in VirtualBox modules building hook. This, incidentally, fixes a bug caused by duplication and not updating all instances.
  • Tor
    • Update to version 0.2.3.22-rc-1~~squeeze+1, a new major version. It's not a stable release, but we have been assured by the Tor developers that this is the right move.
    • Stop setting custom value for the Tor LongLivedPorts setting. Gobby's port was upstreamed in Tor 0.2.3.x.
  • htpdate
    • Use curl instead of wget, and add a --proxy option passed through to curl.
    • Remove the --fullrequest option, we don't need it anymore.
    • Remove --dns-timeout option, we don't need it anymore.
    • Change --proxy handling to support Debian Squeeze's curl.
    • Clarify what happens if --proxy is not used.
    • Compute the median of the diffs more correctly.
  • Hardware support
    • Update Linux to 3.2.30-1.
  • Software
    • Update vidalia to 0.2.20-1+tails1.
    • Update bundled WhisperBack package to 1.6.1:
      • Raise the socket library timeout to 120 seconds
      • Use smtplib's timeout parameter
      • Fix error output when calling send a 2nd time
    • Update liveusb-creator to 3.11.6-3.
    • Update i2p to 0.9.2.
    • Update tails-persistence-setup to 0.18-1.
    • Install console-setup and keyboard-configuration from unstable (required by new initramfs-tools).
    • Update tails-greeter to 0.7.3:
      • Import pt_BR translation.
      • Let langpanel usable during option selection stage
      • Print less debugging messages by default (below are changes in tails-greeter 0.7.2:)
      • Use correct test operators.
      • Generate language codes of available locales at package build time.
      • Read list of language codes from where we have saved it at package build time.
      • Drop tails-lang-helper, not used anymore.
      • Do not compile locales at login time anymore. Tails now ships locales-all.
  • Internationalization
    • Fix Tails specific Iceweasel localization for pt-BR
    • Add Japanese input system: scim-anthy.
  • Build system
    • Catch more errors during build time:
      • Ensure that all local hooks start with 'set -e'.
      • Fail hard if adduser fails in local hooks.
      • Fail hard if 'rm' fails in local hooks.
    • vagrant: Ensure we have the set of Perl packages needed by our Ikiwiki
    • vagrant: Configure live-build to ship with ftp.us.debian.org. Using cdn.debian.net leads to bad interactions with Tor.
    • vagrant: Don't use gzip compression when building from a tag, i.e. a release.
    • vagrant: Optionally use bootstrap stage cache for faster builds via the 'cache' build option.
    • vagrant: Make sure release builds are clean, i.e. they don't use any potentially dangerous build options.
    • vagrant: Disable live-build package caching. This build system is meant to use an external caching proxy, so live-build's cache just wastes RAM (for in-memory builds) or disk space.
    • vagrant: use aufs magic instead of copying source into tmpfs. This reduces the amount of RAM required for building Tails in.
    • vagrant: Allow in-memory builds when a VM with enough memory is already started.

Known issues in 0.14~rc1

Stream isolation inconsistency in Claws Mail

Claws Mail isn't using its dedicated Tor SocksPort for Tor hidden service IMAP/POP/SMTP servers (instead Tor's TransPort is used). This is just a deviation from Tails' design and should have no adverse real world consequences.

I2P is broken

I2P doesn't start any local proxies despite connecting to the I2P network just fine. This makes it essentially unusable, e.g. eepSites like http://www.i2p2.i2p cannot be accessed in Iceweasel. The reason for this seems to be a random memory error in the machine building the Tails 0.14~rc1 image.