Commit 900b068e authored by Tails developers's avatar Tails developers
Browse files

Split walkthrough into several pages

parent d2d42275
[[!meta title="Walkthrough"]]
**WARNING**: this documentation is still a work in progress. It is thus
incomplete, plenty lies on some points, and lacks screenshots. Originally
written for Incognito, it has not been fully adapted for Tails yet. Outdated
section are marked with **FIXME**. Please do **not** take them as true.
[[!map ./walkthrough/*]]
[[!meta title="Introduction"]]
In this document we try to present The Amnesic Incognito Live
System in an easy to understand and reasonably thorough manner in hope
to give the new user a crash course in what might be a completely new
set of applications and concepts regarding anonymity and security on
the Internet.
It is quite long so you might want to not read it in one go but
instead read the introduction and conclusion, as well as the sections
on only those applications you intend to use with the possibility to
return to it whenever you want to try something new or use it for
reference.
If you have experience with these applications and concepts from
elsewhere and feel comfortable with the user interface in general,
reading this document is maybe not necessary at all. A word of caution
to all users is not to alter the network, proxy and firewall settings
unless you know what you are doing – poking around with them too much
might spoil the built-in defences of Tails.
# <a name="what"></a>What is Tails?
**FIXME**: start of duplicated section: this and the [[about]] page are
duplicated information. Merge or inline the [[about]] page (whithout what's
next) here?
Amnesia, **noun**: Forgetfulness; loss of long-term memory.
Incognito, **noun**:
1. One unknown or in disguise, or under an assumed character or name.
2. The assumption of disguise or of a feigned character; the state of
being in disguise or not recognized.
Tails is a [Free
Software](http://www.gnu.org/philosophy/free-sw.html)
[LiveDistro](http://en.wikipedia.org/wiki/Livedistro) based on [Debian
GNU/Linux](http://www.debian.org/) assisting you to securely and
anonymously use the Internet almost anywhere you go, e.g. your home,
work, university, favourite Internet café or local library.
Tails is designed to be used from either a CD or a [USB
drive](#usb).
Tails has several applications (Web browser, IRC client, Mail
client, Instant messenger, office suite, image and sound manipulation,
etc.) pre-configured with security in mind; all outgoing connections
to the Internet are forced to go through [the Tor
network](https://www.torproject.org/), whose purpose is to protect
them against traffic analysis. Moreover, Tails is designed to leave
no trace on local storage devices unless explicitely asked.
**FIXME**: end of duplicated section
To use it, you simply insert the CD or USB-drive that you have
installed Tails on in a computer and restart it. Tails should
then start as an independent operating system instead of Microsoft
Windows or whatever operating system you have installed. You might
need to select the inserted boot device in the BIOS, or using some
kind of boot menu (try F12).
# <a name="why"></a>Why do you need anonymity?
In case you did not know, we currently find ourselves in a state of
steady decline of our freedoms and privacy, with increasing levels of
mass surveillance and repression all over the world (see [this report
from Privacy
International](http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-559597)).
Without taking any precautions, your Internet service provider, the
state, the police and global surveillance systems like
[ECHELON](http://en.wikipedia.org/wiki/ECHELON) (which is _not_ a
conspiracy theory; see [this report from the European
Parliament](http://www.fas.org/irp/program/process/rapport_echelon_en.pdf))
can record what you do online: what you read, what you write and who
you communicate with.
This is possible since all messages sent over
the Internet contain the [IP
addresses](http://en.wikipedia.org/wiki/Ip_address) of both the sender
and receiver, much like an ordinary mail sent through the postal
system contain addresses of both sender and receiver for two-way
communication. IP addresses can easily be traced back to the physical
location of the computers and their owners, and from that ultimately
back to you.
If you do not mind this fact, then more power to you, but if you do
mind, then Tails might be just what you need.
Moreover, just like with a postcard, any information traveling on the
Internet can be read by many computers that relay them.
# <a name="why_notrace"></a>Why do you need to prevent traces to be kept?
A lot of traces of your activities are left on your computer's hard
disk. Such traces can easily be gathered by anyone with a bit of
computer knowledge when no special measure is taken to prevent this
(the only serious one being full disk encryption).
Again, if you do mind this fact, Tails might be just what you need.
# <a name="how"></a>How does Tails provide with anonymity?
**FIXME**: semi-duplicated section: this and the [[about]] page are
duplicated information. Merge or inline the [[about]] page (whithout what's
next) here?
First of all, true anonymity is impossible. Given enough resources an
attacker will get you. What one can do is to make the cost of doing
that so high that it becomes infeasible.
Tails tries to do this by sending all your Internet traffic through
the [Tor™ network](https://www.torproject.org/) which makes your
Internet traffic very hard to trace. If someone tries to trace you
when you are using Tails, the trail will stop somewhere in Tor
network with the IP addresses of some of its participants, not your.
Similarly, if someone tries to see destination of your traffic, they
will only reach as far as some computer in the Tor network. In fact,
you will be the only one knowing exactly what is going on – not even
the computers in the Tor network that you send your traffic through
will know the whole picture!
As at least a rudimentary understanding of Tor currently is essential
for using it securely (and knowing its limits) we strongly recommend
reading the [Tor overview](https://www.torproject.org/overview.html)
and [Understanding and Using Tor – An Introduction for the
Layman](https://wiki.torproject.org/noreply/TheOnionRouter/TorALaymansGuide).
At the very least you should read the following paragraphs about
common misconceptions about the service offered by the Tor software.
By relaying your Internet traffic through the Tor network (which
Tails does per default) your communications should _only_ be
considered to be untraceable back to the computer you use, not
encrypted or in any other way unreadable by others. While the traffic
_is_ encrypted when it leaves your computer and when you get back your
responses, it will not necessarily be so when sent between the Tor
network and your destination (this is unavoidable for technical
reasons). This means that an eavesdropper at some later point will be
able see your traffic without Tor's encryption unless you take further
precautions (described [later on](#ff)), but will not be able to link
it back to your computer.
As such, if you are sending or receiving sensitive data whose
disclosure would be damaging in itself even if it is untraceable, you
need to use end-to-end encryption to hide the meaning of your data to
everyone except the recipient. Examples of such sensitive information
that you need to protect in this way are your real identity or other
personal information linkable to you, login details and passwords,
bank account or financial details, anything illegal or political, and
secrets in general.
There are several tools bundled with Tails offering end-to-end
encryption for various applications: [GnuPG](http://www.gnupg.org/)
provides with encryption for email,
[OTR](http://www.cypherpunks.ca/otr) is for instant messaging (MSN,
ICQ, IRC, etc.) among others.
Also, bear in mind that while web browsing on sites for whom the
addresses begin with `http://` the connections are not encrypted (see
[more about this](#ff)). However, web sites whose addresses start with
`https://` (notice the additional "**s**") use encrypted connections
and are thus **s**ecure. FIXME: tell a bit about certificates and
X.509 limits. Many web browsers, including Firefox, also display a
lock or a similar symbol in the address field or status bar indicating
that the connection is secure.
Notice that not all web sites offer this feature, but most that in any
way handle your data (webmail logins, bank account logins etc.)
usually do. Keep your eyes open!
Furthermore, most software bundled with Tails will warn you when
your previously encrypted connection switches to unencrypted mode: be
careful!
At last, some applications have features and services that may
compromise the anonymity offered by the Tor network. All modern web
browsers, such as Firefox, support
[JavaScript](http://en.wikipedia.org/wiki/Javascript), [Adobe
Flash](http://en.wikipedia.org/wiki/Adobe_flash),
[Cookies](http://en.wikipedia.org/wiki/HTTP_cookie) and other services
which have been shown to be able to defeat the anonymity provided by
the Tor network.
For instance, a web page using JavaScript can make your web browser
send your real IP address to the web server hosting the web page which
possibly can disclose it not only to the web server's owner but also
eavesdroppers that happen to fetch the message when it is sent between
the Tor network and the web server.
When running Iceweasel (Firefox) in Tails all such features are
handled by an extension called
[Torbutton](https://www.torproject.org/torbutton/) which does all
sorts of things to prevent the above type of attacks. But that comes
at a price – since this will disable some functionality, certain sites
might not work as intended.
# <a name="how_amnesia"></a>How does Tails provide with amnesia?
**FIXME**: duplicated section pasted from [[doc/about]] (Use anywhere but leave
no trace): this and the [[about]] page are duplicated information. Merge or
inline the [[about]] page (whithout what's next) here?
Using Tails on a computer doesn't alter or depend on the operating system
installed on it. So you can use it in the same way on yours, the computer of a
friend or one at your local library. After removing your Tails CD or USB stick
the computer can start again on its usual operating system.
Tails is configured with a special care to not use the computer's hard-disks,
even if there is some swap space on it. The only storage space used by Tails is
the RAM memory, which is automatically erased when the computer shuts down. So
you won't leave any trace neither of the Tails system nor of what you did on
the computer. That's why we call it "amnesic".
This allows you to work on sensitive documents on any computer and protect you
from data recovery after shutdown. Of course, you can still explicitly save
some documents to another USB or external hard-disk and take them aways for
future use.
**FIXME**: end of pasted part
**FIXME**: start of translation from French.
However, there are some limitations:
- if the computer you are using is powered off brutally (e.g. power supply cut,
power cable or battery unplugged, poweroff by pressing power button, …) RAM
won't be cleared immediatly on shutdown. It will be possible to achieve a cold
boot attack (**FIXME**: add a link) for several minutes to several hours
(depending on the RAM model and the temperature) which would enable an
attacker to recover everything that have been achieved during the session,
from typed texts to saved files, including password and encryption keys.
- information saved on external devices are *not* protected by default: if they
are sensitive, they should be encrypted using specific tools (e.g. GnuPG) or
saved on encrypted device (e.g. using LUKS through palimpsest). These tools
are included in Tails, it's then up to you to learn using them. It is also
likely that the files you may create using Tails will keep tracks that they
were created using this operating system.
- if you need to access your local hard drive(s) form Tails, please stay careful
about the exchanges to render possible.
- to end with you might be tempted to use Tails as an host inside a
virtualisation software (e.g. VirtualBox or QEMU). Be warned that both the
host operating system and the virtualization software will be able to monitor
what you are doing in Tails. Moreover traces are likely to be left on the
local hard disk. Please see [[support/virtualization]] for more information.
**FIXME**: end of translation from French.
[[!meta title="Use Tails"]]
[[!map ./use/*]]
[[!meta title="Start Tails"]]
**FIXME**: link to [[download#index6h1]]
[[!meta title="Use the Tails desktop"]]
# <a name="live"></a>Understand the consequences of using a live system
Some other important things that need to be understood before
proceeding are the concepts of [LiveDistro, LiveCD and
LiveUSB](http://en.wikipedia.org/wiki/Livedistro). In essence a
LiveDistro is an operating system (like Windows or Mac OS X, although
Tails uses Linux) that is run from some removable media like a CD or
USB drive.
Starting a computer on a media containing Tails doesn't change anything on the
operating system actually installed on your hard drive: as a live system, Tails
doesn't use your hard drive during the whole session. Be your hard drive absent
or damaged, it wouldn't prevent your computer to start Tails. Consequently,
removing the CD or USB stick containing Tails is enough to retrieve your usual
operating system.
**FIXME**: Not true because of time change
A consequence of this amnesia is that you can't save anything on the device
containing Tails be it files you create or download or any configuration you
might do. You should save anything you want to keep for later access into a
separate device (other USB stck, other CD or any device you would choose).
Future versions of Tails will propose a feature to save some files or
configuration, but it is still being developped.
**FIXME**: find an appropriate place for this paragraph
To end with, Tails is based on alpha software and is always being developped,
which means it might contain programming errors or obsolete protections. It is
crucial to stay tuned through Tails website (https://tails.boum.org/) and not to
rely on it for strong anonymity.
**FIXME**: end of unordered paragraph
# <a name="applications"></a>Walkthrough applications included in Tails
In this section we will now briefly present the main applications
included in Tails. Users are encouraged to look for further
information about them elsewhere and to experiment (while not doing
anything sensitive!) for their own benefit. All the pictures are
clickable to get them undistorted and in full size, but note that some
of the text is smudged in order to protect identities. Let us take a
look at the Tails desktop:
# Use the GNOME desktop
[[!img support/walkthrough/Desktop_en.jpg title="Tails Desktop as of 0.6.1" align="center"]]
**FIXME**: Upgrade the screenshot
The graphical user interface used in Tails is called GNOME and
shares many fundamentals with that of Microsoft Windows, Mac OS X and
most other modern operating systems, so if you have used any of them,
getting used to GNOME will take no time. As this document is not
intended as a complete guide for GNOME there are only a few things about
it that we will mention here to spare you some time.
First of all, in the upper left corner of the screen there is a button
with a logo in it, followed by three menus: *Applications*,
*Shortcuts* and *System*.
**FIXME**: check the English names.
The *Applications* menu is where you will find short cuts to the
installed applications. Please explore the different categories of
applications and try out those that seem interesting.
The *Shortcuts* menu is here to make it easy to access storage media.
The *System* menu allows to:
* customize some aspects of the GNOME desktop (*Preferences*);
* change some important aspects of the system and hardware behavior
(*Administration*);
* shutdown the computer.
On the right of these three menu entries, a few shortcuts allow to
launch the most frequently used applications. Passing the mouse cursor
over one of these shortcut will display the application name and its
function.
In the upper right corner you will find a couple of icons, each which
offers an interface for some running application : the onion icon is
made to control Tor, the two computer screens are for the network
settings. Other icons help you keep an eye on the battery level if you
run from a laptop, one allows to instantly change the keyboard layout,
another controls the sound level. Note that the clock icon allows to
change the current timezone to make it show the local time.
You are encouraged to check these icons out with the left and right
mouse buttons, but we will say more about some of them later on in
this article.
**FIXME**: check the English names
At the center of the screen is a vast area called the Desktop. A
*Computer* icon provides access to storage media; the *Personal
folder* is a shortcut to the default folder where most applications
save the files; then comes the shortcut to this documentation, and
another allows to report a bug in Tails to its developers; to end
with, the Trash is the place where "deleted" files are moved.
When media storage is connected to the computer, additional icons
appear on the Desktop.
On the bottom of the screen is another panel: on its left, an icon
allows to minimize all open windows to show the Desktop; then come the
buttons for open windows; on the right, a set of four similar
rectangle icons gives access to four different workspaces.
# Type password securely on a public computer
[OnBoard](https://launchpad.net/onboard)* starts automatically with Tails and
is accessible by the keyboard icon in the systray on the top left of the screen.
This virtual keyboard that can be used to safely enter passwords using the mouse
when you suspect that a hardware keylogger may be present.
# <a name="cold"></a>Protection against cold boot attacks
**FIXME**: merge with stuff in Introduction
What happens if the police knocks on your door when you are running
Tails? This is a tough one to deal with, and there is not that much
that can be done actually. If you are really unlucky they have brought
with them freeze spray and other equipment which can be used to mount
a [cold boot attack](http://en.wikipedia.org/wiki/Cold_boot_attack).
This is done in order to get the contents of your RAM. Due to how
modern computing works, basically everything that you have been doing
for a good whike is stored in the RAM, so all information – including
passwords, encryption keys and the secret plans you wrote in a text
editor but then erased – may be stored in it in plain text. The more
resent the activity, the more likely it is that it is still in the
RAM.
RAM is usually considered to be extremely volatile, meaning that the
data itstores starts to disintegrate rapidly once power is removed.
However, it has been shown that the data might be recoverable for
seconds or even minutes after this happens, and apparently freeze
spray can be used to increase that period significantly. Once the
power is restored the RAM state will keep getting refreshed, so if the
power supply is portable the removed RAM modules' contents are in the
hands of the attacker. Alternatively the computer can simply be reset
(i.e. switched off and back on quickly), which barely even affects the
power. Then a tiny LiveCD system is loaded with the ability to dump
the RAM to some writeable media. In both cases the RAM contents can be
analysed in a computer forensics laboratory which might turn into a
major disaster depending on what they find.
So, what should you do when you hear them knocking? You should calmly
make a clean shut-down of Tails using the "Log out" option in the K
menu, then selecting "Turn off computer" in the window that appears.
Then you wait, possibly trying to buy valuable time by barricading
your door. There are two reasons for this:
1. If you are using an encrypted persistent home partition, the master
encryption key will be cleared from RAM, preventing the intruders
from getting it.
2. One of the last things Tails does before shutting down completely
is filling the RAM with random junk, thus erasing everything that
was stored there before. Unfortunately this might take a couple of
minutes depending on the speed of your processor and the amount of
RAM installed, so while this clearly is not a perfect solution it
seems it might be the best thing to do.
As far as the authors know cold boot attacks are not standard
procedure within law enforcements and similar organisations anywhere
in the world yet, but it might still be good to be prepared and stay
on the safe side.
[[!meta title="Work on sensitive document"]]
**FIXME**: to be written
[[!meta title="Use encryption"]]
# Use OpenPGP encryption
Tails includes [GNU Privacy Guard](http://www.gnupg.org/) (GnuPG) – A Free
implementation of OpenPGP used for encryption of all sorts.
## Manage keys with Seahorse
Tails include Seahorse, a graphical program to manage OpenPGP keys. You can
start it from the top panel clicking *System* → *Preferences* → *Password and
Encryption keys*
## Encrypt and decrypt webmail with FireGPG
**FIXME**: move stuff from [[2_connect_to_internet_anonymously]]
# Use encrypted storage devices
Tails includes *Disk Utility*, a storage device management which has the ability
to easily create encrypted partitions. Even if considered as deprecated,
TrueCrypt is also available to provide backward compatibility to Incognito
users. See [[truecrypt]].
**FIXME**: explain how to create and use an encrypted USB stick?
[[!meta title="Debugging and trouble-shooting Tails"]]
**FIXME**: write this section and how to bugreport using WhisperBack
[[!meta title="Other applications"]]
**FIXME**: There is currently no password manager in Tails
There are several other interesting security or Internet related
applications included in Tails some which we list and present
briefly here. Those that have graphical user interfaces (which most
do) can be found in the *Applications* menu. A list is available on [[features]]
page.
[[!meta title="Conclusion"]]
By offering you Tails we hope that you have the technological means
to stay anonymous on the Internet. However, we want to emphasize that
staying anonymous is _not_ only a technological problem – there is no
tool, including Tails and Tor, that will magically make you
anonymous on the Internet. You will have to behave as well. While deep
technical knowledge of the architecture of the Internet, cryptology,
traffic analysis techniques and the applications you use certainly can
help (mainly by knowing what _not_ to do), we believe that some good
ol' fashioned common sense and caution will be enough in most cases.
Among other things, that includes:
* Choosing good passwords and not writing them down in unprotected
places.
* Using end-to-end encryption whenever possible.
* Not trusting everyone and everything but being a bit suspicious in
general.
* Making an effort for properly authenticating with everyone you are
communicating with.
* Being very careful when dealing with identifying information such as
name, whereabouts, the local time and so on. Any such piece of
information that you leak will help a would be adversary to get
closer to you.
Also, please try to follow the instructions given by security tools as
much to the letter as possible. There are situations where one can be
creative or improvise solutions, but you should really try to learn
when that is appropriate before you do it. For instance, when using
PGP encryption you are often asked to verify the authenticity of any
new public key that you have just got. If you do not do this it is
possible that you are using a compromised key sent by an attacker
performing a [man-in-the-middle
attack](http://en.wikipedia.org/wiki/Man_in_the_middle_attack).
Usually the authentication works by presenting you with the key's so
called fingerprint, which is a unique identifier for that key that
cannot be faked. Verification should then be done by asking you friend
to send you the fingerprint through some safe channel, which could be
anything from telling it by telephone or VoiP (which is hard for an
attacker to manipulate on the fly) or even face-to-face (but hen you
can exchange the actual keys securely instead), and then making sure
that they are the same. Assuming the channel is safe the fingerprint
sent by your friend and the one you get from the key should be
identical, otherwise something is wrong.
The above authentication methods are of course not always possible,
but here is one of those places you can be creative. For example, you
could send the fingerprint hidden in an innocent looking image by some
means, although this is admittedly not bulletproof. You could make
this method a bit safer by first sending the picture to your unknowing
recipient and telling him or her how the fingerprint is hidden when
you know that it has been received. Additionally, these kinds of
tricky exchanges are always better to make over interactive
communication channels such as IRC or with instant messaging since
that will decrease the window of opportunity for any eavesdropper to
interfere. Email is not very suitable as delays are long which gives
the attacker ample time to act. An alternative authentication method
to fingerprints, used by OTR, is to simply ask both parties of a
shared secret that both should know. In this case, do not choose just
anything – if someone is watching you they probably know which high
school you went to, the size of your shoes and similar facts.
This is probably the place where we are expected to wish you good
luck, but we will not. Relying on luck simply is not good practice in
these situations. Stay cool and be smart! Thanks for you time!
The Tor™ trademark and the Tor Onion Logo are trademarks of [The Tor
Project.](https://www.torproject.org)
......@@ -27,8 +27,105 @@ or USB stick.
Tips and tricks
===============
The [[main Tails documentation|support/walkthrough]] has a chapter on
virtualization.
Some [[support/virtualization/tips]] can help making the host
operating system and virtualization software a tiny bit more secure.
# Extract from the old documentation
**FIXME**: following this is an extract from the old walkthrough. To be merged
with the rest of the document.
## <a name="vm"></a>Tails and Virtualization
**FIXME**: merge with stuff in Introduction, with [[virtualization]]
Certain users might not want to restart the computer every time they
wish to use the Internet anonymously with Tails. For those, a so
called [virtual machine](http://en.wikipedia.org/wiki/Virtual_machine)
can be used to run Tails inside the "host" operating system
installed on the computer (e.g. Microsoft Windows, Mac OS X, etc.).
Essentially these programs emulate real computers that you can run
"guest" operating systems (in this case Tails) in so they appear in
a window within the host operating system. Using one of these
technologies allows for convenient access to Tails's features in a
protected environment while you at the same time have access to your
normal operation system.
There are a few security issues with this approach though. The main
issue is if the host operating system is compromised with a software
keylogger or virus, which Tails does not provide any protection
against (in fact, that is impossible). Secondly, performance is a
usually a bit worse compared to running it on its own. As such, this
is only recommended when the other alternative is not an option or
when you are absolutely sure that your host system is clean.
Additionally, some of these virtual machines are closed-source, so it
is very difficult to determine if they do something that could break
Tails's security. In conclusion, use virtual machines with care.
### QEMU