Tails above the Rest, Part III

Persistent Disk

Tails goes to great lengths to preserve your anonymity by intentionally not persisting any of your data. That said, if you use Tails routinely, you might find it useful if at least some of your settings stayed around between reboots. In particular, you may want to save account settings in the e-mail or Pidgin clients, or you may want to have your GPG keys persist so you don't have to copy them each session you come across an encrypted e-mail you need to open. Or, you may just have some documents you'd like to work on for more than one session. Whatever the reason, Tails includes a persistent disk option you can use to create an encrypted disk alongside Tails to store this kind of data.

Before you create a persistent volume, there are a few warnings to keep in mind. The first is that Tails goes to great lengths to pick secure programs and to give the programs it installs secure configuration. With persistent volumes, you have the potential to change a configuration or add new browser plugins or packages that may not be as secure or may reveal who you are. When you choose what levels of persistence to enable, it's always best to err on the side of only the features you need. It's also important to note that although the volume is encrypted, no steps are taken to hide that the volume exists. If someone recovers your Tails disk, he or she could see that the persistent volume is there and convince you to reveal your passphrase.

To create a persistent volume, click Applications→Tails→Configure persistent storage to launch the persistent volume wizard. The persistent volume will be created on the same device you are using for Tails, and the wizard will prompt you for the passphrase to use to encrypt the volume. Once the volume is created, you will need to restart Tails to enable the persistent disk.

Once you reboot, the initial login screen will detect that you have a persistent volume and provide a button labeled "Use persistence?" that you can click to use the persistent volume for this session. You then will be prompted for your passphrase. Once you are at your desktop, the persistent volume will show up as a disk under Places→Home Folder labeled Persistent. You then can drag or save any files to the disk that you want to persist across reboots much like any other directory.

The real power of the persistent volume is in Tails' ability to store certain configurations or files to it automatically. Click Application→Tails→Configure persistent storage again, and this time, you will see a number of persistent volume features that you can enable:

  • Personal Data: allows you to save personal files in a folder that appears under the Places menu.

  • GnuPG: persists any GPG keys or settings.

  • SSH Client: all of your SSH keys and configuration files.

  • Pidgin: Pidgin accounts and settings, including OTR encryption keys.

  • Claws Mail: settings for the Claws e-mail program.

  • GNOME Keyring: GNOME's key management software.

  • Network Connections: wireless passphrases and other network settings.

  • APT Packages: any packages you install on the live system can persist across reboots if you click this option.

  • APT Lists: any software repository lists that you download when you perform an apt-get update.

  • Browser Bookmarks: pretty self-explanatory.

  • Printers: printer configuration settings.

Select any of these options that you think you need, but keep in mind that it's best to enable only features you will use. You always can go back and re-enable any of these features later if you find you need them. Note that whenever you change a setting for the persistent disk, you will need to reboot for it to take effect.

______________________

Kyle Rankin is a director of engineering operations in the San Francisco Bay Area, the author of a number of books including DevOps Troubleshooting and The Official Ubuntu Server Book, and is a columnist for Linux Journal.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix