Tails project

What is the relationship between Tor and Tails?

查看我们的答案 为什么 Tails 选择 Tor.

Why is Tails based on Debian and not on another distribution?

We are deeply rooted and involved in Debian. The friendships, relationships, and technical expertise we have in Debian have many benefits for Tails, and we are not ready to build the same relationship with Ubuntu, OpenBSD, or any other distribution. See our statement about our relationship with upstream for details.

阅读文章 [为什么有这么多系统衍生自 Debian] (http://upsilon.cc/~zack/blog/posts/2011/09/why_there_are_so_many_debian_derivatives/) by Stefano Zacchiroli.

Why isn't Tails based on Ubuntu?

首先,请阅读上一个问题问题的答案。

  • The rapid development cycle of Ubuntu would be too fast for Tails.

  • Ubuntu adds features in ways that we find dangerous for privacy. For example Ubuntu One (partly discontinued) and the Amazon ads and data leaks.

  • Ubuntu is led by a company that takes most of the important decisions and has the power to make them happen.

  • We usually ship kernels and video drivers from Debian backports. The result is comparable to Ubuntu in terms of support for recent hardware.

  • We think that the general quality of the maintenance work being done on packages matters from a security perspective. Debian maintainers generally are experts in the fields their packages deal with; while it is generally not the case outside of the limited number of packages Ubuntu officially supports.

  • We are actively working on improving AppArmor support in Tails; a security framework that is already used in a few Ubuntu applications.

  • We are also working on adding compiler hardening options to more Debian packages included in Tails; another security feature that Ubuntu already provides.

Why does Tails ship the GNOME Desktop?

We had users ask for LXDE, XFCE, MATE, KDE, and so on, but we are not going to change desktop. According to us, the main drawback of GNOME is that it requires quite a lot of resources to work properly, but it has many advantages. The GNOME Desktop is:

  • Well integrated, especially for new Linux users.

  • Very well translated and documented.

  • Doing relatively good regarding accessibility features.

  • Actively developed.

  • Well maintained in Debian, where it is the default desktop environment.

We invested quite some time in acquiring GNOME knowledge, and switching our desktop environment would require going through that process again.

We are not proposing several desktop environments to choose from because we want to limit the amount of software included in Tails.

Installation

Do I need a USB stick dedicated to Tails?

Yes. Tails requires a USB stick dedicated to only running Tails.

If it were possible to use the same USB stick with another operating system, for example to store files to use on Windows, a virus in the other operating system could corrupt your Tails.

That's why your Tails USB stick is not recognized in Windows and why we discourage installing other live operating systems on the same USB stick.

To store files in your Tails USB stick, use the Persistent Storage. To exchange files between Tails and another operating system, use a separate USB stick.

Can I install Tails permanently onto my hard disk?

This is not possible using the recommended installation methods. Tails is designed to be a live system running from a removable media: USB stick or DVD.

This is a conscious decision as this mode of operation is better for what we want to provide to Tails users: amnesia, the fact that Tails leaves no traces on the computer after a session is closed.

Can I install Tails with UNetbootin, YUMI, Rufus, Ventoy, or another tool?

No. Those installation methods are unsupported. They might not work at all, or worse: they might seem to work, but produce a USB stick that does not behave like Tails should. Follow the download and installation documentation instead.

Should I update Tails using apt upgrade or Synaptic?

No. Tails provides upgrades every six weeks, that are thoroughly tested to make sure that no security feature or configuration gets broken. If you upgrade the system yourself using apt or Synaptic, you might break things. Upgrading when you get a notification from Tails Upgrader is enough.

Can I buy a preinstalled Tails USB stick or DVD?

No, we don't sell preinstalled Tails devices.

Selling preinstalled devices would in fact be a pretty bad idea:

  • If burned on a DVD, then this DVD would be outdated on the next release. This means after 6 weeks at most.

  • If installed onto a USB stick, then it would be impossible to verify that the Tails on the USB stick is genuine. Trusting that a Tails USB stick is genuine should be based either on cryptographic verification or on personal trust (if you know someone you trust who can clone a Tails USB stick for you). But once Tails is installed on a USB stick it is not possible to use our cryptographic verification techniques anymore. Being able to trust your Tails USB stick is something that we really care about.

Can I verify the integrity of a Tails USB stick or DVD?

It is impossible to verify the integrity of a Tails USB stick or DVD while running Tails from it. It would be like asking to someone whether they are lying: a true liar would always pretend to tell the truth.

If you worry that your Tails might be corrupted, do a manual upgrade from a trusted operating system to upgrade it to a trusted version of Tails.

In the future, we might make it possible to verify the integrity of a Tails USB stick from another trusted OS. (#7496)

Tor Browser

Why is JavaScript enabled by default in Tor Browser?

Many websites today require JavaScript to work correctly. As a consequence JavaScript is enabled by default in Tails to avoid confusing many users. But Tor Browser takes care of blocking dangerous JavaScript functionalities.

Tor Browser also includes a security level and the NoScript extension to optionally disable more JavaScript. This might improve security in some cases. However, if you disable JavaScript, then the fingerprint of your Tor Browser differs from most users. This reduces your anonymity.

We think that having JavaScript enabled by default is the best possible compromise between usability and security in this case.

We have plans to allow storing the security level in the Persistent Storage. (#9700)

Can I install other add-ons in Tor Browser?

Installing add-ons in Tor Browser might break the security built in Tails.

Add-ons can do many things within the browser, and even if all the networking goes through Tor, some add-ons might interact badly with the rest of the configuration or leak private information.

  1. They can track and reveal information about your browsing behaviour, browsing history, or system information, either on purpose or by mistake.

  2. They can have bugs and security vulnerabilities that can be remotely exploited by an attacker.

  3. They can have bugs breaking the security offered by other add-ons and break your anonymity.

  4. They can break your anonymity by making your browsing behaviour distinguishable amongst other Tails users.

Unless proven otherwise, no add-on, apart from the ones already included in Tails, have been seriously audited and should be considered safe to use in this context.

Should I manually update add-ons included in Tor Browser?

No. Tails provides upgrades every six weeks, that are thoroughly tested to make sure that no security feature or configuration gets broken. Updating add-ons in Tor Browser might break the security built in Tails.

How to analyse the results of online anonymity tests?

Fingerprinting websites, such as https://coveryourtracks.eff.org/, try to retrieve as much information as possible from your browser to see if it can be used to identify you.

As explained in our documentation about the fingerprint of Tor Browser in Tails, Tails provides anonymity by making it difficult to distinguish a particular user amongst all the users of Tor Browser (either in Tails or on other operating systems).

So, the information retrieved by such fingerprinting websites is not harmful for anonymity in itself, as long as it is the same for all users of Tor Browser.

For example, the user-agent string of Tor Browser includes Windows NT but this value preserves your anonymity even if you run Windows NT. On the other hand, changing this value makes you distinguishable from other users of Tor Browser and, as a consequence, weakens your anonymity.

Furthermore, we verify the result of those websites before each release, see our test suite.

Networking

Can I use Tails with a VPN?

Currently, Tails does not work with VPNs.

Tor provides anonymity by making it impossible for a single point in the network to know both the origin and destination of a connection.

Unlike Tor, VPNs don't provide strong anonymity because the VPN provider can see both where you are connecting from and where you are connecting to.

But VPNs have clear benefits over Tor in some situations where strong anonymity is not needed, for example:

  • To access websites that block Tor or can only be accessed from a given country

  • To use videoconferencing tools like Jitsi or Zoom

  • To access private VPN services like intranets or share folders

  • To browse the Internet at higher speeds than Tor

We are now considering adding VPN support to Tails, either:

  • By adding another browser that would use a VPN instead of Tor. (#19465 or #19942)

  • By giving the option to use a VPN instead of Tor for the whole system and still having Tor Browser to use Tor only (#19901)

For more information, see our blueprint on VPN support.

Can I choose the country of my exit nodes or further edit the torrc?

Editing the Tor configuration file, also called torrc, to modify how Tor creates circuits can weaken your anonymity in ways that are hard to understand and explain. That is why we don't explain how to modify the Tor configuration file in Tails, for example, to choose the country of your exit nodes or exclude some entry guards.

Still, you can close a given circuit and trigger Tor to create a new one using the New Tor circuit for this site button of Tor Browser or the Onion Circuits utility.

Why does Tails automatically connect to websites when starting?

The clock of the computer needs to be set at the correct time to both:

  1. Be able to connect to the Tor network in the first place

    The computer clock is fixed a first time, approximately, before connecting to Tor, either automatically or manually.

  2. Protect your anonymity while using Tor

    The computer clock is fixed a second time, precisely, to prevent a website from identifying you by analyzing minor differences of your computer clock with the correct time.

    This second synchronization is made by sending HTTPS queries through Tor to several websites and deducing a correct time from their answers. You can see the list of websites that Tails can connect to in /etc/default/htpdate.pools.

See also our design document on time synchronization.

Can I help the Tor network by running a relay or a bridge in Tails?

It is currently impossible to run a Tor relay or bridge in Tails.

Can I run a Tor onion service from Tails?

You can use OnionShare to share files, websites, and chat rooms from Tails using onion services.

It is technically possible to use Tails to create other onion services, but it is complicated and not documented yet.

Can I use ping in Tails?

It is impossible to use ping in Tails, because ping uses the ICMP protocol while Tor can only transport TCP connections.

Included software

Can my favorite software be included in Tails?

If a software is not included in Tails, but is included in Debian, you can use the Additional Software feature of the Persistent Storage to install it automatically every time you start Tails.

First of all, make sure that this software is already available in Debian, as this is a requirement to be included in Tails. Adding to Tails software which is not in Debian imply an additional workload that could compromise the sustainability of the project. On top of that, being in Debian brings many advantages:

  • It is included in the Debian process for security updates and new versions.

  • It is authenticated using OpenPGP signatures.

  • It is under the scrutiny of the Debian community and its many users and derivatives, including Ubuntu.

To check whether a software is in Debian, search for it on https://packages.debian.org/. If it is not yet available in Debian, you should ask its developers why it is not the case yet.

Second, this software might not be useful to accomplish our design goals. Refer to our design documents to understand which are the intended use cases, and the assumptions on which Tails is based.

We also try to limit the amount of software included in Tails, and we only add new software with a very good reason to do so:

  • We try to limit the growth of the images and automatic upgrades.

  • More software implies more security issues.

  • We avoid proposing several options to accomplish the same task.

  • If a package needs to be removed after its inclusion, for example because of security problems, then this might be problematic as users might rely on it.

After considering all this, if you still think that this software is a good candidate to be included in Tails, please explain us your proposal on GitLab.

Here is some of the software we are often asked to include in Tails:

  • monero: not in Debian (#17823)

  • bitmessage: not in Debian

  • retroshare: not in Debian

  • rar/unrar: not Free Software

Can I do voice or video calls from Tails?

Not yet.

  • Videoconferencing tools that work in web browsers, like Jitsi or Zoom, don't work in Tor Browser yet.

    They rely on the WebRTC technology, which uses UDP connections. But, the Tor network only supports TCP connections, like the ones used for HTTP and email.

    The Tor Project is working on supporting UDP traffic over Tor, which should remove this limitation.

  • Proprietary applications like Skype or Zoom will never be available in Tails because they are not Free Software.

  • Mumble is the only voice chat application that we know works from Tails. You can use the Additional Software feature to add Mumble to your Tails.

    Wahay is a decentralized voice chat application based on Mumble. If you are a Debian developer, please help us get Wahay in Debian.

Can I download using BitTorrent with Tails?

Tails does not ship any BitTorrent software and is unlikely to do so in the future.

The problem with using BitTorrent over Tor is double:

Can I download videos from websites?

You can install youtube-dl as Additional Software. youtube-dl allows downloading videos from more than 700 websites.

For example, to download a YouTube video, execute the following command in a terminal:

torsocks youtube-dl "https://www.youtube.com/watch?v=JWII85UlzKw"

For more information, refer to the official youtube-dl website.

Can I use Monero in Tails?

Yes. You can install the Feather Monero wallet as an AppImage.

Tails currently does not include a Monero wallet. However, we are interested in making it easier to use Monero in Tails in the future. See #17823 for a list of unofficial guides on how to use Monero in Tails.

Does Tails need an antivirus?

No, as other Linux systems, Tails doesn't require an antivirus to protect itself from most malwares, such as viruses, trojans, and worms. There are various reasons why Linux operating systems generally don't need antivirus softwares, including the permission design of Linux systems.

See the Wikipedia page on Linux malware for further details.

Why does Tails include old versions of software?

The Tails 6 series is based on Debian 12 (Bookworm).

The version of each application included in Tails corresponds to the version available in this version of Debian. Even though some versions might be old, the Debian Security Team provides security updates.

Newer versions of all applications will be available starting from Tails 7.0, which will be based on Debian 13 (Trixie). Until then, you cannot update any of the applications included in Tails to a newer version.

You can see which version of a software package is available in each version of Debian on https://packages.debian.org/.