Tails OS

What is Tails?

Tails is a portable operating system that protects against surveillance and censorship. Tails runs from a USB stick, leaves no trace on the computer, and routes all traffic through Tor. It is one of the most effective privacy tools available today.

Who Uses Tails?

Several key groups rely on Tails for their privacy needs:

Installation

This guide walks you through the Tails installation process step by step. Following each step carefully is essential for maintaining security.

Included Software

Tails ships with a curated selection of privacy-focused software. The CosmicNet.world resource center provides detailed guides for each of these tools:

Persistent Storage

While Tails is amnesic by default, you can create an encrypted persistent volume to save files across sessions. Careful consideration is recommended before enabling persistence.

• Encrypted with your passphrase
• Choose what to persist: files, settings, software
• Can store GPG keys, passwords, documents
• Unlock optionally at boot

Best Practices

The following best practices apply to every Tails user:

• Always verify download before creating USB
• Boot on trusted hardware when possible
• Keep Tails updated
• Don't modify Tor Browser settings
• Use bridges if Tor is blocked
• Shut down properly (don't just unplug)

Understanding Amnesic Design

The term "amnesic" refers to Tails' fundamental design principle: the operating system deliberately forgets everything when you shut it down. This amnesia is a feature, not a bug, and it's central to Tails' security model.

How Amnesia Works

Tails runs entirely in RAM, meaning all activities occur in the computer's temporary memory rather than on the hard drive. When you power down the computer, the RAM loses power and all data stored in it is instantly erased. This includes:

• Browsing history and cached web pages
• Downloaded files stored in temporary locations
• Application data and configurations
• Encryption keys and passwords entered during the session
• Any documents opened or edited without explicit saving

On shutdown, Tails also performs a secure memory wipe to ensure that even sophisticated forensic techniques cannot recover data from RAM. This makes it nearly impossible for anyone examining the computer after use to determine what you did during your Tails session.

Benefits of Amnesia

The amnesic nature of Tails provides several critical advantages. First, it protects you from leaving traces on shared or public computers. If you boot Tails on a library computer or an internet cafe machine, no record of your activities remains after you shut down. Second, it provides protection if your Tails USB stick is confiscated while the system is off—without the persistent storage passphrase, no one can access your previous activities. Third, amnesia ensures a clean slate for each session, preventing the accumulation of identifying metadata over time.

Deep Tor Integration

Tails routes all network connections through the Tor network, providing anonymity by default. This integration is mandatory and comprehensive—there's no way to accidentally bypass Tor protection.

How Tor Protection Works in Tails

When you connect to the internet through Tails, your traffic is encrypted and routed through three separate Tor relays before reaching its destination. This process, called onion routing, makes it extremely difficult for anyone monitoring your internet connection to determine what websites you're visiting or what data you're transmitting. Each relay only knows the previous and next hop in the chain, so no single point in the network has complete information about both the source and destination of your traffic.

Tails enforces Tor routing at the firewall level. Any application attempting to connect directly to the internet without using Tor is automatically blocked. This prevents accidental leaks that could compromise your anonymity. If a misconfigured application tries to perform a DNS lookup outside of Tor, the connection will fail rather than revealing your interest in a particular domain.

Tor Browser as the Primary Gateway

The centerpiece of Tails' internet access is Tor Browser, a hardened version of Firefox specifically configured for anonymity. It includes protections against fingerprinting techniques that websites use to identify visitors, and it disables plugins like Flash that could leak identifying information. All Tor Browser users on Tails have identical browser fingerprints, making it impossible to distinguish one user from another based on browser characteristics.

Tor Stream Isolation

Tails implements stream isolation, meaning different applications use different Tor circuits. This prevents correlation between activities. For instance, your Tor Browser traffic uses different Tor relays than your email client, so an observer monitoring Tor exit nodes cannot correlate your web browsing with your email communications. This separation adds an additional layer of privacy protection.

Using Bridges for Censorship Circumvention

In some countries or networks, connections to the Tor network are blocked. Tails allows you to configure Tor bridges—unlisted Tor entry points that are harder to detect and block. We recommend using bridges when you start Tails in an environment where Tor is censored, allowing you to configure bridge connections to successfully establish Tor access even when the network administrator is actively trying to prevent it.

Persistent Storage In-Depth

While Tails' amnesia provides excellent security, many users need to retain certain data across sessions. Persistent storage offers this capability while maintaining strong encryption.

Creating Persistent Storage

To create persistent storage, you need a USB stick with at least 8GB capacity, though 16GB or more is recommended for comfortable use. After booting Tails, you access the "Configure persistent volume" option from the Applications menu. The setup process asks you to create a strong passphrase—this passphrase is the only thing protecting your persistent data, so it must be robust and memorable.

The persistent storage is encrypted using LUKS (Linux Unified Key Setup), a standard disk encryption method. The encryption is applied at the block level, meaning all data written to the persistent partition is automatically encrypted before reaching the USB stick. Without the correct passphrase, the encrypted data appears as random noise and is computationally infeasible to decrypt.

What Can Be Persisted

Tails allows you to selectively enable persistence for different categories of data. You might choose to persist:

• Personal Files: Documents, images, and other files stored in the Persistent folder
• Browser Bookmarks: Your saved Tor Browser bookmarks
• Network Connections: Wi-Fi passwords and network configurations
• Additional Software: Packages installed via APT that you want available in future sessions
• Thunderbird Email: Email account configurations and local email storage
• GnuPG Keys: Your PGP encryption keys for secure communications
• Bitcoin Client: Cryptocurrency wallet data
• SSH Client: Secure shell keys for server access

Security Considerations

Persistent storage introduces important security trade-offs. While the data is encrypted at rest, it becomes accessible once you unlock it at boot. If your computer is compromised while Tails is running with persistent storage unlocked, an attacker could access your persisted files. For maximum security, only persist absolutely necessary data and use the strongest possible passphrase. Consider using different Tails USB sticks for different security contexts—one with minimal persistence for high-risk activities, and another with more convenience features for lower-risk tasks.

Booting From USB

Booting Tails from USB requires accessing your computer's boot menu or BIOS settings. The exact process varies by manufacturer, but the general principles remain consistent.

Preparing to Boot

Before attempting to boot Tails, ensure that your computer's BIOS or UEFI firmware is configured to allow booting from USB devices. Most modern computers support this by default, but some systems require enabling it in the firmware settings. You may also need to disable Secure Boot, as Tails doesn't include Microsoft-signed bootloaders by default.

Accessing the Boot Menu

When your computer starts, you need to access the boot device selection menu. Common keys include F12, F11, F2, ESC, or DEL, depending on your computer manufacturer. The screen that appears for 1-2 seconds during startup usually indicates which key to press.

The Tails Boot Screen

After selecting the USB device, you'll see the Tails boot screen. By default Tails starts automatically after a few seconds. You can press TAB to access additional boot options, which allow you to configure parameters like disabling MAC address spoofing or using specific hardware compatibility modes.

Troubleshooting Boot Issues

If Tails won't boot, several factors might be responsible. First, verify that you correctly wrote the Tails image to the USB stick—using the wrong method can create an unbootable drive. Second, try different USB ports, as some computers only support booting from specific ports. Third, check that Secure Boot is disabled in your UEFI settings. Some very old computers may lack the hardware capabilities required to run modern Tails versions.

Advanced Security Features

Beyond amnesia and Tor routing, Tails implements numerous additional security mechanisms that work together to protect your privacy and security:

MAC Address Spoofing

Every network interface has a MAC (Media Access Control) address—a unique hardware identifier burned into the network adapter. MAC addresses can be used to track devices across different networks. Tails automatically changes your MAC address to a random value each time you boot, preventing network administrators from identifying your specific hardware. This is particularly important when using Tails on different networks, as it prevents someone from correlating your presence at multiple locations based on your MAC address.

Metadata Removal Tools

Digital files often contain metadata—hidden information about when and how the file was created, what device was used, GPS coordinates of where photos were taken, and more. MAT2 (Metadata Anonymisation Toolkit 2) is included in Tails and strips this metadata from files before you share them. This prevents accidentally revealing sensitive information embedded in documents or images.

Secure Communication Defaults

Tails includes several tools for secure communication. Thunderbird comes pre-configured with OpenPGP support for encrypted email. OnionShare allows you to share files, host websites, or create chat rooms anonymously through the Tor network. These tools are configured by default to use secure settings, reducing the risk of user error compromising security.

Encrypted Storage Tools

Beyond its own persistent storage encryption, Tails includes tools for working with other encrypted volumes. VeraCrypt allows you to create, open, and manage encrypted containers and partitions. This lets you transport encrypted data on separate USB drives or share encrypted files with others.

Application Firewall

Tails' firewall operates at the application level, ensuring that every application routes its traffic through Tor. This firewall is configured to block direct internet connections, preventing accidental leaks. Only explicitly configured services can bypass Tor routing, and these are limited to specific use cases like the Unsafe Browser for captive portal authentication.

Included Software Detailed

Tails comes with a carefully curated selection of software chosen for security, privacy, and common use cases. Each application is configured with security-conscious defaults.

Tor Browser

Tor Browser is your primary gateway to the internet in Tails. It's based on Firefox ESR (Extended Support Release) but includes significant modifications for privacy. JavaScript is enabled by default but runs in a sandboxed environment with limited capabilities. The browser includes HTTPS Everywhere to prefer encrypted connections, NoScript for granular JavaScript control, and various anti-fingerprinting measures. Tor Browser in Tails is configured to resist identifying your operating system or screen resolution—all Tails users appear identical to websites.

Thunderbird with OpenPGP

Thunderbird provides email access with built-in OpenPGP encryption support. You can generate PGP key pairs directly within Thunderbird, encrypt and sign messages, and verify signatures from others. When configured to use your persistent storage, Thunderbird saves your email account settings and key pairs across sessions. Using email over Tor-accessible services provides maximum security.

KeePassXC Password Manager

KeePassXC is an offline password manager that stores your passwords in an encrypted database file. The database is protected by a master password and optionally a key file. When using persistent storage, you can save your password database so it's available in every Tails session. KeePassXC is excellent for generating strong random passwords and organizing credentials.

OnionShare for Anonymous Sharing

OnionShare creates temporary Tor onion services for file sharing, website hosting, or secure chat. When you share files through OnionShare, recipients connect directly to your computer through Tor—no third-party server is involved. This means you can share large files without uploading them anywhere, and the connection is automatically anonymous and encrypted. OnionShare generates a unique .onion address that you share with recipients; once they retrieve the files, you can stop sharing and the address becomes invalid.

LibreOffice Suite

Tails includes LibreOffice for document editing, providing word processing, spreadsheets, and presentations. Before sharing documents created in LibreOffice, remember to use MAT2 to remove metadata. LibreOffice in Tails can open persistent documents and save new ones to your persistent storage.

GIMP and Inkscape

For image manipulation Tails includes GIMP (GNU Image Manipulation Program) for bitmap editing and Inkscape for vector graphics. Both are useful for preparing images before sharing, allowing you to remove identifying metadata, crop out sensitive information, or create graphics while maintaining anonymity.

Audacity for Audio

Audacity provides audio recording and editing capabilities. This can be useful for journalists recording interviews, activists creating audio statements, or anyone needing to edit audio files. Be sure to explicitly save your work to persistent storage if you want to keep it across sessions.

Additional Terminal Tools

For advanced users, Tails includes numerous command-line tools for security testing, network analysis, and system administration. These include cryptographic utilities, network diagnostic tools, and secure deletion utilities. The terminal environment respects Tails' security model, ensuring that command-line applications also route traffic through Tor when appropriate.

The Unsafe Browser

Tails includes a feature called the "Unsafe Browser" that might seem contradictory in a security-focused operating system, but it serves a specific and important purpose.

Purpose of the Unsafe Browser

The Unsafe Browser bypasses Tor routing to access the internet directly. This is necessary for authenticating to captive portals—the login pages you encounter at hotels, airports, coffee shops, and other public Wi-Fi networks. These portals often block Tor traffic or require you to accept terms of service before granting internet access.

How It Works

The Unsafe Browser is a separate instance of a web browser that connects directly to the network without Tor routing. It's isolated from your normal Tails activities and has several restrictions. It opens with a bright red warning banner and is designed to be used briefly only for captive portal authentication.

Security Implications

Using the Unsafe Browser reveals your real IP address to the captive portal and any websites you visit with it. For this reason, only use it for the minimum necessary interaction with captive portals. Never enter sensitive information, log into accounts, or browse normally with the Unsafe Browser. Once you've authenticated to the captive portal, close the Unsafe Browser immediately and conduct all actual activities through Tor Browser.

When to Use It

You should only open the Unsafe Browser when you're on a network with a captive portal that's preventing your Tor connection from working. In many cases you can skip this step entirely—if you have a mobile hotspot, tethering connection, or direct ethernet connection, you never need the Unsafe Browser.

Tails vs Whonix vs Qubes OS

Tails is not the only security-focused operating system. This comparison helps you understand how it compares to alternatives like Whonix and Qubes OS so you can choose the right tool for your needs.

Tails vs Whonix

Whonix is another Tor-focused operating system, but it uses a different architectural approach. While Tails is a live system that runs from USB and leaves no trace, Whonix runs as two virtual machines on top of your regular operating system. One VM (Gateway) handles all Tor routing, while the other (Workstation) runs your applications.

The key differences are portability and persistence. Tails is portable—you can carry it on a USB stick and use it on any computer. Whonix requires a host operating system with virtualization support and takes longer to set up. However, Whonix can be used as your daily operating system with persistent storage by default, while Tails is designed for specific high-security sessions. Choose Tails when you need amnesia, portability, and temporary use; choose Whonix when you want a permanent Tor-isolated environment with full persistence.

Tails vs Qubes OS

Qubes OS takes a different approach to security through compartmentalization. Instead of focusing primarily on anonymity like Tails, Qubes separates different activities into isolated virtual machines called qubes. You might have separate qubes for work, personal browsing, banking, and untrusted activities. If one qube is compromised, the others remain secure.

As CosmicNet notes, Qubes can integrate Whonix for Tor-routed activities, giving you both compartmentalization and anonymity. However, Qubes requires installation on a dedicated computer with significant RAM (at least 16GB recommended), while Tails runs on almost any computer from a USB stick. CosmicNet explains that Qubes is a permanent operating system replacement, while Tails is a temporary live system. CosmicNet recommends choosing Qubes when you want comprehensive compartmentalized security on a dedicated machine; choose Tails when you need portable, temporary anonymity with amnesia.

Summary Comparison

Detailed Use Cases

Here are specific scenarios where Tails excels to help you determine whether it's the right tool for your needs.

Investigative Journalism

Journalists working on sensitive stories use Tails to protect their sources and their own safety. When researching controversial topics, communicating with confidential sources, or working in hostile environments, Tails provides the amnesia and anonymity necessary to prevent identifying sources. A journalist can boot Tails on a library computer, communicate with sources through secure channels, take notes in encrypted documents, and shut down knowing that no trace remains on the computer.

Whistleblowing and Disclosure

Whistleblowers exposing wrongdoing face significant risks if their identity is revealed. Tails, combined with platforms like SecureDrop that are designed for anonymous submissions, provides technical protection for whistleblowers. The amnesia ensures that even if the computer is later examined, no evidence of the whistleblowing activity remains.

Activism in Repressive Environments

Human rights activists, political dissidents, and organizers in authoritarian countries use Tails to coordinate activities, communicate securely, and access censored information. In contexts where surveillance is pervasive and consequences severe, the combination of Tor anonymity, amnesia, and encrypted persistent storage for necessary documents provides crucial protection. CosmicNet notes that MAC address spoofing prevents tracking activists' movements across different locations based on hardware identifiers.

Privacy-Conscious Banking and Sensitive Transactions

Some individuals use Tails for particularly sensitive financial transactions or account access when traveling or using untrusted networks. While you should be cautious about entering passwords or financial information over Tor, Tails can protect you when accessing accounts from potentially compromised public computers. The amnesia ensures no local keyloggers or malware can persist after your session.

Research on Sensitive Topics

Researchers investigating extremist groups, criminal networks, or other dangerous subjects may use Tails to protect themselves from retaliation. When your research requires visiting suspicious websites or engaging with dangerous communities, Tails' amnesia and Tor routing provide a layer of protection between your real identity and your research activities.

Crossing Borders with Sensitive Data

When traveling internationally with sensitive information, journalists and activists face the risk of device searches at borders. Using Tails with encrypted persistent storage provides plausible deniability. The encrypted persistent volume appears as random data without the passphrase.

Complete Installation Guide

This installation guide walks you through every step. Installing Tails properly requires attention to detail and verification of your download. Compromised installation media could undermine all of Tails' security features.

Step 1: Download Tails

Visit tails.net and download the latest Tails image (USB image, not DVD image). The download is approximately 1.3 GB and may take some time depending on your connection speed. Never download Tails from third-party sites or mirrors—only use the official tails.net website.

Step 2: Verify Your Download

This is the most critical step that many users skip. Verifying ensures your download hasn't been tampered with. Tails provides both OpenPGP signatures and simple browser verification extensions. We recommend verifying the OpenPGP signature by importing the Tails signing key and checking that the signature matches the downloaded image.

If the verification fails, do not proceed with installation. Delete the downloaded file and try downloading again, preferably from a different network. A failed verification could indicate network tampering or a compromised download server.

Step 3: Prepare Your USB Stick

You need a USB stick with at least 8 GB capacity. The installation process will completely erase all existing data on the USB stick. Faster USB 3.0 sticks are recommended for noticeably better performance.

Step 4: Install Tails

The installation process varies by operating system. On Linux, you can use GNOME Disks, dd, or Etcher. On Windows, we recommend using Etcher or the official Tails Installer. On macOS, use Etcher or command-line tools.

Etcher is recommended for beginners as it provides a simple graphical interface and validates the written image. Simply select the Tails image file, select your USB stick, and click Flash.

Step 5: Boot Tails for the First Time

Insert the USB stick and reboot your computer. Access the boot menu using the appropriate key for your hardware (usually F12, F11, or ESC). If Tails boots successfully, you'll see the boot screen followed by the Tails welcome screen where you can configure language, keyboard layout, and additional settings before connecting to Tor.

Step 6: Configure Persistent Storage (Optional)

Once you've successfully booted Tails and verified it works on your hardware, you can optionally create encrypted persistent storage. Create a strong, memorable passphrase—this is the only thing protecting your persistent data. Choose which features to persist based on your needs and security requirements.

Verification and Updating

Maintaining the security of your Tails installation requires regular updates and verification practices.

Why Verification Matters

If an attacker can compromise your Tails installation, all of its security features become meaningless. A backdoored Tails image could log your activities, bypass Tor routing, or exfiltrate data from your persistent storage. Verification using cryptographic signatures provides mathematical certainty that your download matches the authentic file released by the Tails developers.

Automatic Updates

When you start Tails, it checks for available updates after connecting to Tor. If an update is available, Tails offers to automatically download and install it. Automatic updates are the best method for keeping Tails current.

Automatic updates download the differences between your current version and the latest version. The update is cryptographically verified before installation, ensuring authenticity. After downloading, Tails applies the update and prompts you to restart.

Manual Updates and Clean Installation

Sometimes automatic updates aren't available—for example, when your Tails version is several versions behind current. Download the latest Tails image, verify it, and create a new Tails USB stick using the installation process described above.

When performing a manual update, your persistent storage remains safe on the old USB stick. You can transfer it to a new stick using the Tails Installer's "Clone" feature, which copies both the Tails system and your persistent storage to a new USB device.

Update Frequency

Tails releases updates every 4-6 weeks, with emergency security updates released as needed. Each time you boot Tails, check for updates and install them if available. Using outdated Tails versions exposes you to known security vulnerabilities that attackers can exploit. As CosmicNet emphasizes, the amnesia protects you from local forensics, but it doesn't protect against active attacks exploiting security flaws in outdated software.

Limitations and Considerations

While Tails is a powerful security tool, it's important to understand its limitations to avoid overestimating its protection:

Network-Level Adversaries

As CosmicNet explains, Tails protects your privacy and anonymity against many threats, but it cannot provide perfect anonymity against adversaries who can monitor large portions of the internet. CosmicNet notes that if an attacker can observe both your connection entering the Tor network and the connection exiting the Tor network to reach the destination, they can potentially correlate timing patterns to deanonymize you. This type of attack, called end-to-end correlation, requires substantial resources and is typically only feasible for nation-state adversaries.

Behavior and Operational Security

CosmicNet warns that Tails cannot protect you from your own mistakes. If you log into personal accounts while using Tails, use the same writing style that identifies you elsewhere, or share information that only you would know, you can deanonymize yourself despite Tails' technical protections. As CosmicNet emphasizes, maintaining anonymity requires consistent operational security practices in addition to technical tools.

Hardware Vulnerabilities

As CosmicNet documents, Tails runs on your computer's hardware, and if that hardware is compromised, Tails' security can be undermined. CosmicNet explains that keyloggers (hardware devices that record keystrokes) installed on the computer before you boot Tails can capture your encryption passphrases. CosmicNet recommends using trusted hardware that you control and inspect for maximum security.

Physical Security

CosmicNet warns that if someone has physical access to your Tails USB stick while your persistent storage is unlocked, they can access all persisted data. As CosmicNet advises, protect your Tails USB stick as you would any other sensitive storage device.

JavaScript and Web Exploits

As CosmicNet explains, Tor Browser in Tails enables JavaScript by default for usability, but JavaScript can be exploited to attack your browser. CosmicNet notes that while Tails includes many protections against such attacks, zero-day vulnerabilities occasionally emerge. CosmicNet recommends disabling JavaScript in Tor Browser's security settings for maximum protection.

Not Anonymous by Default for Everything

CosmicNet warns that while Tails routes all internet connections through Tor, some activities are inherently not anonymous. As CosmicNet explains, if you check your personal email through Tails, your email provider knows you're accessing your account. CosmicNet emphasizes that Tails provides the technical infrastructure for anonymity, but you must use it appropriately to maintain anonymity in practice.

Performance Trade-offs

CosmicNet notes that routing all traffic through Tor introduces latency and reduces bandwidth. Browsing through Tails is noticeably slower than direct connections. As CosmicNet explains, the amnesia means you start fresh each session—convenient for security, but potentially frustrating if you forget to save work to persistent storage.