Tails above the Rest, Part III

Persistent Disk

Tails goes to great lengths to preserve your anonymity by intentionally not persisting any of your data. That said, if you use Tails routinely, you might find it useful if at least some of your settings stayed around between reboots. In particular, you may want to save account settings in the e-mail or Pidgin clients, or you may want to have your GPG keys persist so you don't have to copy them each session you come across an encrypted e-mail you need to open. Or, you may just have some documents you'd like to work on for more than one session. Whatever the reason, Tails includes a persistent disk option you can use to create an encrypted disk alongside Tails to store this kind of data.

Before you create a persistent volume, there are a few warnings to keep in mind. The first is that Tails goes to great lengths to pick secure programs and to give the programs it installs secure configuration. With persistent volumes, you have the potential to change a configuration or add new browser plugins or packages that may not be as secure or may reveal who you are. When you choose what levels of persistence to enable, it's always best to err on the side of only the features you need. It's also important to note that although the volume is encrypted, no steps are taken to hide that the volume exists. If someone recovers your Tails disk, he or she could see that the persistent volume is there and convince you to reveal your passphrase.

To create a persistent volume, click Applications→Tails→Configure persistent storage to launch the persistent volume wizard. The persistent volume will be created on the same device you are using for Tails, and the wizard will prompt you for the passphrase to use to encrypt the volume. Once the volume is created, you will need to restart Tails to enable the persistent disk.

Once you reboot, the initial login screen will detect that you have a persistent volume and provide a button labeled "Use persistence?" that you can click to use the persistent volume for this session. You then will be prompted for your passphrase. Once you are at your desktop, the persistent volume will show up as a disk under Places→Home Folder labeled Persistent. You then can drag or save any files to the disk that you want to persist across reboots much like any other directory.

The real power of the persistent volume is in Tails' ability to store certain configurations or files to it automatically. Click Application→Tails→Configure persistent storage again, and this time, you will see a number of persistent volume features that you can enable:

  • Personal Data: allows you to save personal files in a folder that appears under the Places menu.

  • GnuPG: persists any GPG keys or settings.

  • SSH Client: all of your SSH keys and configuration files.

  • Pidgin: Pidgin accounts and settings, including OTR encryption keys.

  • Claws Mail: settings for the Claws e-mail program.

  • GNOME Keyring: GNOME's key management software.

  • Network Connections: wireless passphrases and other network settings.

  • APT Packages: any packages you install on the live system can persist across reboots if you click this option.

  • APT Lists: any software repository lists that you download when you perform an apt-get update.

  • Browser Bookmarks: pretty self-explanatory.

  • Printers: printer configuration settings.

Select any of these options that you think you need, but keep in mind that it's best to enable only features you will use. You always can go back and re-enable any of these features later if you find you need them. Note that whenever you change a setting for the persistent disk, you will need to reboot for it to take effect.


Kyle Rankin is Chief Security Officer at Purism, a company focused on computers that respect your privacy, security, and freedom. He is the author of many books including Linux Hardening in Hostile Networks, DevOps Troubleshooting and The Official Ubuntu