- Nouvelles
Abonnez-vous à notre lettre d'information pour recevoir les mêmes nouvelles par courrier électronique :
Changements et mises à jour
Update Tor Browser to 13.0.4.
Update Thunderbird to 115.5.0.
Stop downloading the AdGuard filter list for uBlock Origin in the language of the session.
This prevents some advanced browser fingerprinting. (#20022)
Problèmes corrigés
Since many of you are still reporting issues with the new Persistent Storage, we are releasing several improvements to the Persistent Storage and the WhisperBack error reporting tool:
Fix an error when activating the Persistent Storage. (#20011)
Fix the translation of the WhisperBack interface. (#20040)
Improve the interface of WhisperBack to make it easier to report the information we need to troubleshoot issues. (#19351)
Pour plus de détails, lisez notre liste des changements.
Problèmes connus
Aucun spécifique à cette version.
Voir la liste des problèmes connus de longue date.
Get Tails 5.20
To upgrade your Tails USB stick and keep your Persistent Storage
Automatic upgrades are available from Tails 5.0 or later to 5.20.
Vous pouvez réduire la taille du téléchargement des futures mises à jours automatiques en effectuant une mise à jour manuelle vers la dernière version.
Si vous ne pouvez pas faire une mise à jour automatique ou si le démarrage de Tails échoue après une mise à jour automatique, merci d'essayer de faire une mise à jour manuelle.
Pour installer Tails sur une nouvelle clé USB
Suivez nos instructions d'installation :
- Installer depuis Windows
- Installer depuis macOS
- Installer depuis Linux
- Installer depuis Debian ou Ubuntu en utilisant la ligne de commande et GnuPG
Le stockage persistant de la clé USB sera perdu si vous faites une installation au lieu d'une mise à jour.
Pour seulement télécharger
If you don't need installation or upgrade instructions, you can download Tails 5.20 directly:
This release is an emergency release to fix an important security vulnerability in Tor.
Changements et mises à jour
Update the Tor client to 0.4.8.9, which fixes the TROVE-2023-006 vulnerability.
The details of TROVE-2023-006 haven't been disclosed by the Tor Project to leave time for users to upgrade before revealing more. We only know that the Tor Project describes TROVE-2023-006 as a "remote triggerable assert on onion services".
Our team thinks that this vulnerability could affect Tails users who are creating onion services from their Tails, for example when sharing files or publishing a website using OnionShare.
This vulnerability might allow an attacker who already knows your OnionShare address to make your Tor client crash. A powerful attacker might be able to further exploit this crash to reveal your IP address.
This analysis is only a hypothesis because our team doesn't have access to more details about this vulnerability. Still, we are releasing this emergency release as a precaution.
OnionShare is the only application included in Tails that creates onion services. You are not affected by this vulnerability if you don't use OnionShare in Tails and only use Tails to connect to onion services and don't create onion services using Additional Software.
More details about TROVE-2023-006 will be available on the Tor issue #40883 sometime after the release.
Problèmes corrigés
Pour plus de détails, lisez notre liste des changements.
Problèmes connus
Aucun spécifique à cette version.
Voir la liste des problèmes connus de longue date.
Get Tails 5.19.1
To upgrade your Tails USB stick and keep your Persistent Storage
Automatic upgrades are available from Tails 5.0 or later to 5.19.1.
Vous pouvez réduire la taille du téléchargement des futures mises à jours automatiques en effectuant une mise à jour manuelle vers la dernière version.
Si vous ne pouvez pas faire une mise à jour automatique ou si le démarrage de Tails échoue après une mise à jour automatique, merci d'essayer de faire une mise à jour manuelle.
Pour installer Tails sur une nouvelle clé USB
Suivez nos instructions d'installation :
- Installer depuis Windows
- Installer depuis macOS
- Installer depuis Linux
- Installer depuis Debian ou Ubuntu en utilisant la ligne de commande et GnuPG
Le stockage persistant de la clé USB sera perdu si vous faites une installation au lieu d'une mise à jour.
Pour seulement télécharger
If you don't need installation or upgrade instructions, you can download Tails 5.19.1 directly:
In March 2023, Radically Open Security conducted a security audit on the major improvements that we released in Tails 5.8 (December 2022) on the Persistent Storage, the Unsafe Browser, and the Wayland integration.
To better protect our users, we addressed most of the security vulnerabilities as soon as they were discovered and reported to us, without waiting for the audit to be complete and public. We can now share with your the final report.
We are proud of the conclusion of the auditors:
Overall, the Tails operating system left a solid impression and addressed most of the concerns of an average user in need of anonymity.
This is particularly evident in the isolation of various components by the developers. For example, the configured AppArmor rules often prevented a significant impact of the found vulnerabilities. Shifting to Wayland was a good decision, as it provides more security by isolating individual GUI applications.
All in all, no serious vulnerabilities were found through the integration into Wayland. Unsafe Browser and Persistent Storage should now be less vulnerable to attack, as all vulnerabilities have been fixed.
The auditors found 6 High, 1 Moderate, 3 Low-severity issues. Another issue was fixed before the actual impact was assessed and so marked as having Unknown severity.
We fixed all these issues as soon as possible and before making them public on our GitLab. The last issue was fixed in 5.14, 3 weeks after it was reported to us.
As good as the results of this audit are, they also serve as a reminder that no software is ever 100% secure and that every release of Tails can fix critical security vulnerabilities. Your best protection against all kinds of attack is to keep your Tails up-to-date.
Because at Tails we believe that transparency is key to building trust, all the code of our software is public and the results of this audit as well. You can find below a summary of all the issues and their fixes.
Detailed findings
Tor integration
| ID | Issue | Description | Impact | Status | Release |
|---|---|---|---|---|---|
| TLS-012 | #19585 | Leak clear IP as low-privileged user amnesia | High | Fixed | 5.12 |
| TLS-013 | #19594 | Local privilege escalation to Tor Connection sandbox | High | Fixed | 5.12 |
| TLS-014 | #19595 | Local privilege escalation to Tor Browser sandbox | Moderate | Fixed | 5.13 |
| TLS-017 | #19610 | Insecure permissions of chroot overlay | Unknown | Fixed | 5.13 |
Stockage persistant
| ID | Issue | Description | Impact | Status | Release |
|---|---|---|---|---|---|
| TLS-003 | #19546 | Local privilege escalation in Persistent folder activation hook | High | Fixed | 5.11 |
| TLS-004 | #19547 | Symlink attack in Persistent folder deactivation hook | Low | Fixed | 5.11 |
| TLS-005 | #19548 | Local privilege escalation in GnuPG feature activation hook | High | Fixed | 5.11 |
Core
| ID | Issue | Description | Impact | Status | Release |
|---|---|---|---|---|---|
| TLS-001 | #19464 | Local privilege escalation in tails-shell-library | High | Fixed | 5.11 |
| TLS-009 | #19599 | Man-in-the-middle attack on onion-grater service | Low | Fixed | 5.13 |
| TLS-011 | #19576 | Limited path traversal in tails-documentation | Low | Fixed | 5.13 |
| TLS-019 | #19677 | Local privilege escalation in tailslib leads to arbitrary file read | High | Fixed | 5.14 |
Highlights
In early October, we got together in Rome for a hybrid sprint! We reflected on the year so far, our financial health, and plans to make Tails' mission more sustainable.
Our annual fundraiser is live! For this year's fundraiser, we are reflecting on a year in which progressive, liberatory movements battled intense online surveillance from powerful public and private actors alike.
As we enter 2024, make the gift of privacy. We welcome each contribution, no matter the size. And there are many ways to contribute). Spread word!
And while we have you here, consider nominating Tails for support through Proton's fundraiser. Nominations close on 13 November 2023!
- We also have a new sponsor. Please welcome James Seibel to the community!
Releases
Tails 5.18 was released on October 03, 2023, and Tails 5.19 was released on October 31, 2023.
You have upgrades to Tor Browser, Thunderbird, and the Linux kernel.
You can now close a given Tor circuit from the Onion Circuits interface.
Using SecureDrop on airgapped machines running Tails is even more secure now. Tails 5.19 improves the cryptographic parameters of PGP keys stored in these airgapped machines. SecureDrop is widely used by investigative journalists and whistleblowers.
Metrics
Tails was started more than 830,216 times this month. That's a daily average of over 26,780 boots.
Nouvelles fonctionnalités
Closing a Tor circuit from Onion Circuits
You can now close a given Tor circuit from the Onion Circuits interface. This can help replace a particularly slow Tor circuit or troubleshoot issues on the Tor network.
To close a Tor circuit:
Choose
▸ Open Onion Circuits in the top
navigation bar.Right-click (on Mac, click with two fingers) on the circuit that you want to close.
Choose Close this circuit in the shortcut menu.
When you close a circuit that is being used by an application, your application gets disconnected from this destination service.
For example, when you close a circuit while Tor Browser is downloading a file, the download fails.
If you connect to the same destination server again, Tor uses a different circuit to replace the circuit that you closed.
For example, if you download the same file again, Tor uses a new circuit.
Addition of sq-keyring-linter
At the request of people who use SecureDrop to
provide secure whistleblowing platforms across the world, we added the
sq-keyring-linter
package. sq-keyring-linter improves the cryptographic parameters of PGP
keys stored in their airgapped machines.
Changements et mises à jour
Update Tor Browser to 13.0.1.
Update the Tor client to 0.4.8.7.
Update Thunderbird to 115.4.1.
Update the Linux kernel to 6.1.55.
Problèmes corrigés
Pour plus de détails, lisez notre liste des changements.
Problèmes connus
Aucun spécifique à cette version.
Voir la liste des problèmes connus de longue date.
Get Tails 5.19
To upgrade your Tails USB stick and keep your Persistent Storage
Automatic upgrades are available from Tails 5.0 or later to 5.19.
Vous pouvez réduire la taille du téléchargement des futures mises à jours automatiques en effectuant une mise à jour manuelle vers la dernière version.
Si vous ne pouvez pas faire une mise à jour automatique ou si le démarrage de Tails échoue après une mise à jour automatique, merci d'essayer de faire une mise à jour manuelle.
Pour installer Tails sur une nouvelle clé USB
Suivez nos instructions d'installation :
- Installer depuis Windows
- Installer depuis macOS
- Installer depuis Linux
- Installer depuis Debian ou Ubuntu en utilisant la ligne de commande et GnuPG
Le stockage persistant de la clé USB sera perdu si vous faites une installation au lieu d'une mise à jour.
Pour seulement télécharger
If you don't need installation or upgrade instructions, you can download Tails 5.19 directly:
Highlights
From Tails 5.14, we started asking Tails users to consider donating to Tails when they open Electrum. Since then, Electrum users on Tails have donated USD 5k towards Tails' mission. We are so grateful for your generous support!
The Tails community had very meaningful and lovely contributions to the project. McFly helped solve an issue some users had while identifying the 'Alt' key on Apple keyboards, and also designed some slick business cards. And jawlensky submitted a huge branch with tons of changes all over the website. It will take us a few weeks to process it all!
We were in Kerala at DebConf 2023. Thank you to DebConf for sponsoring our participation.
Releases
Tails 5.17.1 was released on September 15, 2023. The emerency release fixes a critical vulnerability in Tor Browser.
We dedicate this Tails release to Debian developer Abraham Raji who tragically lost his life in an accident on September 13, 2023.
Metrics
Tails was started more than 767,166 times this month. That's a daily average of 25,572 boots.
With malicious actors’ intrusions into human rights growing in sophistication and scale, Tails offers hope for those seeking refuge in a more secure digital environment. We stand on the precipice of a future where digital privacy should be a fundamental right, not a luxury.
Since we started in 2008, millions of people around the world have used Tails to be more secure, autonomous, and anonymous in their digital lives.
We have come so far thanks to you, and need your support to continue to do what we do best: deliver the world's most privacy-preserving operating system!
Your donations a lion's share of our income. But, this share has reduced in the last couple of years. Globally, philanthropic giving has fallen, in what is yet another symptom of the challenging political and economic conditions we find ourselves in. But this hasn’t tempered our ambitions. Despite these challenges, Tails has gotten bigger and better over the past year. We have spent more time improving Tails this year than any previous year. But to achieve this, we have relied a bit more on support from large, institutional donors.
While we are grateful for the support and generosity of our "large" donors, we want to keep our reliance on them to a minimum. We are betting on having diversified income streams as our insurance from economic volatility and assurance of growing Tails sustainably and with complete decisional autonomy. Although, this means that we rely on you even more. And hence this fundraiser!
Our goal is clear: to make Tails even more useful for vulnerable people in high-risk environments. And we want to do this while remaining as autonomous as our users are.
The proceeds from this fundraiser will drive initiatives that will make Tails even more usable and secure. We want to add new, big features to Tails, enhance user experience with even more usability tests, and increase Tails’ use in more geographies around the world.
Every donation, no matter how small, makes a difference. Please donate today and help us keep Tails alive and well in 2024 and beyond! Here are 5 ways you can get involved:
By making a recurring donation. Recurring donations are the best insurance for Tails' mission. These help us weather economic uncertainties and plan our work sustainably.
With a one-time gift. If you can't set-up a recurring donation, you can make a one-time donation. Donate via PayPal, bank transfers, mail in your checks, or just send us good, old cash. Here's a pro-tip: donations of over $1 000 entitle you to some neat sponsorship benefits.
Through cryptocurrency. We accept crypto donations in Bitcoin, Ethereum, and Monero.
Gift matching. If your employer runs gift-matching programmes, consider looking up Riseup Labs and donate to Tails via Riseup Labs. Riseup Labs is our fiscal sponsor in the United States of America.
Spread the word. And finally, please share this fundraiser with your network, friends, and colleagues. Help us amplify our impact by reaching a wider audience!
Thank you for being part of this journey and a toast to our future adventures together! Oh, and in case you have somehow managed to skip over all the links to our donations page so far, here it is: https://tails.net/donate/.
Changements et mises à jour
Update Tor Browser to 12.5.6.
Update Tor to 0.4.8.6.
Pour plus de détails, lisez notre liste des changements.
Problèmes connus
Aucun spécifique à cette version.
Voir la liste des problèmes connus de longue date.
Get Tails 5.18
Pour mettre à jour votre clé USB Tails et conserver votre stockage persistant
Automatic upgrades are available from Tails 5.0 or later to 5.18.
Vous pouvez réduire la taille du téléchargement des futures mises à jours automatiques en effectuant une mise à jour manuelle vers la dernière version.
Si vous ne pouvez pas faire une mise à jour automatique ou si le démarrage de Tails échoue après une mise à jour automatique, merci d'essayer de faire une mise à jour manuelle.
Pour installer Tails sur une nouvelle clé USB
Suivez nos instructions d'installation :
- Installer depuis Windows
- Installer depuis macOS
- Installer depuis Linux
- Installer depuis Debian ou Ubuntu en utilisant la ligne de commande et GnuPG
Le stockage persistant de la clé USB sera perdu si vous faites une installation au lieu d'une mise à jour.
Pour seulement télécharger
If you don't need installation or upgrade instructions, you can download Tails 5.18 directly:
Tails report for August 2023
Highlights
We are hiring! We are looking for a Linux generalist to join the Foundations team. We are committed to making the project more diverse, and request your help circulating the opening.
We published our recommendations for hardware to run Tails.
We interviewed journalists, activists, and digital security trainers to better understand their communication needs. We want to speak to more such folks, especially if they are working in African and Asian contexts. If you are reading this, or know of anyone who fits, sajolida would love to hear from you. He's at sajolida@pimienta.org.
And internally too, we are working on better communication and collaboration tools. We are trying to make working on Tails a bit friendlier for those who don't suffer from command line addiction.
Releases
Tails 5.16 was released on August 06 2023.
You have shiny, upgraded versions of Tor Browser and Thunderbird.
Some users were experiencing difficulties while unlocking Persistent Storage. In Tails 5.16, we fixed some of these issues and continued working on it for Tails 5.17.
You will now see the passphrase recommendation for the Persistent Storage only in lower case. Capitalising each word makes for more cumbersome typing, and is not more secure.
Tails 5.16.1 was released on August 15 2023. It fixes a critical vulnerability in the Linux kernel that large, powerful actors could have exploited (but, to the best of our knowledge, haven't).
Metrics
Tails was started more than 761771 times this month. That's a daily average of 24,573 boots.
This release is an emergency release to fix a critical vulnerability in Tor Browser.
We'd like to dedicate this Tails release to Debian developer Abraham Raji who tragically lost his life in an accident on the 13th of September, 2023.
Changements et mises à jour
Update Tor Browser to 12.5.4 which fixes CVE-2023-4863: Heap buffer overflow in libwebp.
Update Tor to 0.4.8.5.
Pour plus de détails, lisez notre liste des changements.
Problèmes connus
Aucun spécifique à cette version.
Voir la liste des problèmes connus de longue date.
Get Tails 5.17.1
Pour mettre à jour votre clé USB Tails et conserver votre stockage persistant
Automatic upgrades are available from Tails 5.0 or later to 5.17.1.
Vous pouvez réduire la taille du téléchargement des futures mises à jours automatiques en effectuant une mise à jour manuelle vers la dernière version.
Si vous ne pouvez pas faire une mise à jour automatique ou si le démarrage de Tails échoue après une mise à jour automatique, merci d'essayer de faire une mise à jour manuelle.
Pour installer Tails sur une nouvelle clé USB
Suivez nos instructions d'installation :
- Installer depuis Windows
- Installer depuis macOS
- Installer depuis Linux
- Installer depuis Debian ou Ubuntu en utilisant la ligne de commande et GnuPG
Le stockage persistant de la clé USB sera perdu si vous faites une installation au lieu d'une mise à jour.
Pour seulement télécharger
If you don't need installation or upgrade instructions, you can download Tails 5.17.1 directly: