Protecting your identity when using Tails

Clean metadata from files before sharing them

Many files contain hidden data, or metadata:

• JPEG and other image files often contain information about where a picture was taken and which camera was used.

• Office documents often contain information about their author, and the date and time the document was created.

To help you clean metadata, Tails includes mat2, a tool to remove metadata in a wide range of file formats.

Use Tails sessions for only one purpose at a time

If you use Tails sessions for more than one purpose at a time, an adversary could link your different activities together.

For example, if you log into different accounts on the same website in a single Tails session, the website could determine that the accounts are used by the same person. This is because websites can tell when 2 accounts are using the same Tor circuit.

To prevent an adversary from linking your activities together while using Tails, restart Tails between different activities. For example, restart Tails between checking your work email and your whistleblowing email.

If you worry that the files in your Persistent Storage could be used to link your activities together, consider using a different Tails USB stick for each activity. For example, use one Tails USB stick for your activism work and another one for your journalism work.

Limitations of the Tor network

Tails makes it clear that you are using Tor and probably Tails

Everything you do on the Internet from Tails goes through the Tor network.

Tor and Tails don't protect you by making you look like any random Internet user, but by making all Tor and Tails users look the same. It becomes impossible to know who is who among them.

• Your Internet service provider (ISP) and local network can see that you connect to the Tor network. They still cannot know what sites you visit. To hide that you connect to Tor, you can use a Tor bridge.

• The sites that you visit can know that you are using Tor, because the list of exit nodes of the Tor network is public.

Exit nodes can intercept traffic to the destination server

Tor hides your location from destination servers, but it does not encrypt all your communication. The last relay of a Tor circuit, called the exit node, establishes the actual connection to the destination server. This last step can be unencrypted.

The exit node can:

• Observe your traffic. That is why Tor Browser and Tails include tools, like HTTPS Everywhere, to encrypt the connection between the exit node and the destination server, whenever possible.

• Pretend to be the destination server, a technique known as machine-in-the-middle attack (MitM). That is why you should pay even more attention to the security warnings in Tor Browser. If you get such a warning, use the New Identity feature of Tor Browser to change exit node.

To learn more about what information is available to someone observing the different parts of a Tor circuit, see the interactive graphics at Tor FAQ: Can exit nodes eavesdrop on communications?.

Adversaries watching both ends of a Tor circuit could identify users

A powerful adversary, who could analyze the timing and shape of the traffic entering and exiting the Tor network, might be able to deanonymize Tor users. These attacks are called end-to-end correlation attacks, because the attacker has to observe both ends of a Tor circuit at the same time.

No anonymity network used for rapid connections, like browsing the web or instant messaging, can protect 100% from end-to-end correlation attacks. In this case, VPNs (Virtual Private Networks) are less secure than Tor, because they do not use 3 independent relays.

Reducing risks when using untrusted computers

Install Tails from a computer that you trust

Tails protects you from viruses and malware on your usual operating system. This is because Tails runs independently from other operating systems.

But your Tails might be corrupted if you install from a compromised operating system. To reduce that risk:

• Always install Tails from a trusted operating system. For example, download Tails on a computer without viruses or clone Tails from a trusted friend.

• Do not plug your Tails USB stick while another operating system is running on the computer.

• Use your Tails USB stick only to run Tails. Do not use your Tails USB stick to transfer files to or from another operating system.

If you worry that your Tails might be corrupted, do a manual upgrade from a trusted operating system.

No operating system can protect against hardware alterations

Your computer might be compromised if its physical components have been altered. For example, if a keylogger has been physically installed on your computer, your passwords, personal information, and other data typed on your keyboard could be stored and accessed by someone else, even if you are using Tails.

Try to keep your computer in a safe location. Hardware alterations are more likely on public computers, in internet cafés or libraries, and on desktop computers, where a device is easier to hide.

If you worry that a computer might be modified:

• Use a password manager to paste saved passwords. This way, you don't have to type passwords that might be visible to people or cameras near you.

• Use the Screen Keyboard, if you are using a public computer or worry that the computer might have a keylogger.

No operating system can protect against BIOS and firmware attacks

Firmware includes the BIOS or UEFI and other software stored in electronic chips on the computer. All operating systems, including Tails, depend on firmware to start and run, so no operating system can protect against a firmware attack. In the same way that a car depends on the quality of the road it is driving on, operating systems depend on their firmware.

Keeping your computer in a safe location can protect against some firmware attacks, but some other firmware attacks can be performed remotely.

1. Make sure that your USB stick is unplugged.

2. Open Terminal from Applications ▸ Utilities ▸ Terminal.app.

3. Execute the following command:

   diskutil list

   It returns a list of the storage devices on the system. For example:

   /dev/disk0 #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *500.1 GB disk0 1: EFI 209.7 MB disk0s1 2: Apple_HFS MacDrive 250.0 GB disk0s2 3: EFI 134.1 GB disk0s3 4: Microsoft Basic Data BOOTCAMP 115.5 GB disk0s4

4. Plug your USB stick in the computer.

5. Execute again the same command:

   diskutil list

   Your USB stick appears as a new device in the list. Check that its size corresponds to the size of your USB stick.

   /dev/disk0 #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme ∗500.1 GB disk0 1: EFI 209.7 MB disk0s1 2: Apple_HFS MacDrive 250.0 GB disk0s2 3: EFI 134.1 GB disk0s3 4: Microsoft Basic Data BOOTCAMP 115.5 GB disk0s4 /dev/disk1 #: TYPE NAME SIZE IDENTIFIER 0: FDisk_partition_scheme *8.0 GB disk1 1: Apple_HFS Untitled 1 8.0 GB disk1s1

6. Take note of the device name of your USB stick. In this example, the USB stick is 8.0 GB and its device name is /dev/disk1. Yours might be different.

   If you are unsure about the device name, you should stop proceeding or you risk overwriting any hard disk on the system.

7. Execute the following commands to copy the USB image that you downloaded earlier to the USB stick.

   Replace:

   • tails.img with the path to the USB image

     If you are unsure about the path to the USB image, you can insert the correct path by dragging and dropping the icon of the USB image from Finder onto Terminal.

   • device with the device name found in step 6

     You can try adding r before disk to make the installation faster.

   diskutil unmountDisk device

   dd if=tails.img of=device bs=16m && sync

   You should get something like this:

   dd if=/Users/me/tails-amd64-3.12.img of=/dev/rdisk9 bs=16m && sync

   If no error message is returned, Tails is being copied on the USB stick. The copy takes some time, generally a few minutes.

   If you get a Permission denied error, try adding sudo at the beginning of the command:

   sudo dd if=tails.img of=device bs=16m && sync

   If you get an invalid number ‘16m’ error, try using 16M instead:

   dd if=tails.img of=device bs=16M && sync

   The installation is complete once the command prompt reappeared.