About Tails

Tails

Tails is a "live" Linux distribution designed around privacy and security. Instead of permanently installing it on a machine, you run it by booting a USB stick, It will run on almost any 64-bit Intel computer - I've run it on everything from an old "netbook" to a 27" iMac.

When Tails starts up, it connects to Tor, and then forces all network traffic to use Tor. This way, anything network traffic you generate within Tails (viewing web pages, reading email, sending messages, etc.) will appear to "come from" a random Tor exit node, somewhere around the world. In fact, different network connections will take different paths through the Tor network, and will appear to be in different parts of the world (so an email server might see you "from" Germany, a chat server might see you "from" Australia, and different web pages might see you "from" different countries as well.)

Persistent Storage

Tails runs from a USB stick, and does not get "installed" on the computer. It might have access to whatever hard disks happen to be in the computer, but you can run Tails on a machine which has no hard disks at all. (I know a few people who do this.)

Because some people may need to store files on a permanent basis, Tails offers a way to set up a "Persistent Storage" partition on the USB stick. Tails itself uses about 8 GB, if the USB stick is larger than this you can use the remainder of the USB stick as Persistent Storage.

Persistent Storage is stored in an encrypted partition on the USB stick. The encryption uses LUKS and DMCrypt, which are the standard system for Linux disk encryption.

When Tails first boots, the greeter (the first screen you see, where it asks about your language and keyboard formats) will check the USB stick to see if a Persistent Storage partition exists. If so, it will show an input field where you can enter its passphrase. If you enter the correct passphrase, it will unlock the partition and when you start Tails, the persistent files will "exist" where they were before.

Requirements

To run Tails, you will need a USB stick, 16 GB or larger. Tails itself will use part of this, and you can set the rest of it up as an encrypted "Persistent Storage" partition. This gives you a secure place to store files that you don't want to lose, such as the PGP secret key files you'll be storing on YubiKeys.

ℹ️ You can install Tails on an 8 GB stick, but Tails itself takes up almost all of that, and there won't be enough room to set up a Persistent Storage partition. For the purposes of this book, the USB sticks need to be 16 GB or larger.

Most of my Tails sticks are 64 GB or larger. I have one 8 GB stick, which I normally use as a dedicated "Tails Installer" stick (although once in a while I use it for web browsing when I don't need Persistent Storage).

For this "book", we will be using a Tails stick with the Persistent Storage feature. The idea is, this will be the only place (other than the YubiKeys) where your secret key files will exist. Once you install the secret keys on the YubiKeys, you can lock this USB stick up in a vault in case you ever need it.

Notes

  • You should probably have more than one USB stick, so you can store secure backups in other locations. These backups will also have Tails on them, with their own encrypted Persistent Storage.

  • Make sure the USB sticks are made by a reputable manufacturer, such as Sandisk, PNY, or Kingston. There are a lot of "cheap" USB sticks out there from vendors with obviously made-up names (like "PomRee" or "BlimFang") that I wouldn't trust to copy files from one computer to another in the same room.

    There are also "fake" drives out there, which may claim to hold 512 GB but really only hold 32 GB, and there's no way to tell until you try to store more than 32 GB and it starts throwing I/O errors.

    Trust me, you do NOT want to lose your PGP secret key files because a cheap (or fake) USB stick failed when you needed it.

  • Make sure the USB sticks are "USB 3.0" or faster. You can run Tails from a USB-2 stick, but it will boot and run really slowly.

    If the machine where you plan to run Tails has USB-3 (or faster) ports, it is totally worth it to spend a few extra dollars and get USB sticks which can do USB-3. I'm looking at Amazon (on 2023-05-21) and the difference between USB-2 and USB-3 drives is only a dollar or two at the most - and some of the name-brand USB-3 sticks are less expensive than USB-2 sticks.

  • Be sure to plug the USB-3 stick into a USB-3 port. Otherwise it'll run at USB-2 speed, and you'll want to bang your head on the desk.

    I have a little Dell Inspiron 11-3162 "netbook" with both USB-2 and USB-3 ports, and I made this mistake exactly once. It took this little machine almost four minutes just to get to the initial Tails "Greeter" screen. After I moved the USB stick to a USB-3 port it booted up in about 45 seconds. Let's just say, now I know that the USB port on the left is USB-3 and the one on the right is USB-2.

    I don't understand why Dell chose to mix USB-3 and USB-2 ports on the same machine. Maybe they figured most people would plug a mouse into the right side and not need a high-speed port there, and wanted to save a few pennies on the cost of a USB controller chip?