Tails above the Rest, Part II

Now that you have Tails installed, let's start using it.

I'm halfway through what will likely be a three-part series on the Tails live disk. In the first column, I introduced Tails as a special distribution of Linux, based on Debian, that puts all sorts of privacy- and security-enhancing tools in a live disk you can boot anywhere. Then I talked about how to download and install the distribution securely on a CD or USB disk. In this article, I'm going to follow up with a general overview of the Tails desktop and highlight some of the software you are most likely to use within it. In my next column, I'll cover some of the more advanced features of Tails, including the persistent disk and encryption.

Tails Limitations

Before I talk too much about the security features of Tails, I think it's important to highlight the limitations that Tails has. Although Tails is incredibly useful and makes it much easier to use the Internet securely, it still isn't a magical solution that will solve all of your privacy problems. Before you use Tails, it's important to know where its limitations are and beyond that, mistakes that you might make that could remove some of the protections Tails does have.

Tails uses Tor to anonymize your Internet use, but that within itself has limitations. First, Tails doesn't attempt to hide the fact that you are using Tor or Tails, so if others can sniff the traffic leaving your network, while they may not be able to tell what Web sites you are browsing, they still can tell you are using Tor itself. So, if you are in a situation where you may get into trouble for using Tor, Tails out of the box won't protect you. Second, although traffic between you and Tor and between Tor nodes is encrypted, traffic that leaves Tor is not necessarily encrypted. Tails, like the Tor browser bundle, adds extensions to its Web browser to attempt to use HTTPS-encrypted sites whenever possible, but if you send an unencrypted e-mail or browse to an unencrypted Web site, the traffic leaving Tor still would be unencrypted. Along the same lines, you also still may be vulnerable to man-in-the-middle attacks launched from a malicious Tor exit node itself or from an attacker between the Tor exit node and the site you want to visit, so you still need to pay attention to any certificate warnings you see in your browser.

Generally speaking, Tails doesn't scrub your Internet traffic or any documents you create for any identifying metadata. If you decide to log in to a social-networking site from inside Tails and then browse to other sites that integrate with that login, even though those sites will see that the traffic came from a Tor exit node and not from your personal computer, cookies and other identifying metadata from the social-networking site will out you. Generally speaking, you don't want to do anything within a single browsing session in Tails that may link on-line identities (like an e-mail account, social-networking login and the like) that you don't want linked. Likewise, if you write a document or edit a photo within Tails, it won't automatically remove any metadata that contains identifying information.


Kyle Rankin is a director of engineering operations in the San Francisco Bay Area, the author of a number of books including DevOps Troubleshooting and The Official Ubuntu Server Book, and is a columnist for Linux Journal.

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState