Commit 95a8eb13 authored by Tails developers's avatar Tails developers
Browse files

doc: split walkthrough's introduction

parent 083cf259
......@@ -9,6 +9,8 @@ incomplete, plenty lies on some points, and lacks screenshots. Originally
written for Incognito, it has not been fully adapted for Tails yet. Outdated
section are marked with **FIXME**. Please do **not** take them as true.
**FIXME**: repair path to images
# Understand Tails
- [[About|about]]
......
......@@ -19,230 +19,14 @@ to all users is not to alter the network, proxy and firewall settings
unless you know what you are doing – poking around with them too much
might spoil the built-in defences of Tails.
# <a name="what"></a>What is Tails?
**FIXME**: here was a section moved to about.mdwn
**FIXME**: start of duplicated section: this and the [[about]] page are
duplicated information. Merge or inline the [[about]] page (whithout what's
next) here?
Amnesia, **noun**: Forgetfulness; loss of long-term memory.
Incognito, **noun**:
1. One unknown or in disguise, or under an assumed character or name.
2. The assumption of disguise or of a feigned character; the state of
being in disguise or not recognized.
Tails is a [Free
Software](http://www.gnu.org/philosophy/free-sw.html)
[LiveDistro](http://en.wikipedia.org/wiki/Livedistro) based on [Debian
GNU/Linux](http://www.debian.org/) assisting you to securely and
anonymously use the Internet almost anywhere you go, e.g. your home,
work, university, favourite Internet café or local library.
Tails is designed to be used from either a CD or a [USB
drive](#usb).
Tails has several applications (Web browser, IRC client, Mail
client, Instant messenger, office suite, image and sound manipulation,
etc.) pre-configured with security in mind; all outgoing connections
to the Internet are forced to go through [the Tor
network](https://www.torproject.org/), whose purpose is to protect
them against traffic analysis. Moreover, Tails is designed to leave
no trace on local storage devices unless explicitely asked.
**FIXME**: end of duplicated section
To use it, you simply insert the CD or USB-drive that you have
To use Tails, you simply insert the CD or USB-drive that you have
installed Tails on in a computer and restart it. Tails should
then start as an independent operating system instead of Microsoft
Windows or whatever operating system you have installed. You might
need to select the inserted boot device in the BIOS, or using some
kind of boot menu (try F12).
# <a name="why"></a>Why do you need anonymity?
In case you did not know, we currently find ourselves in a state of
steady decline of our freedoms and privacy, with increasing levels of
mass surveillance and repression all over the world (see [this report
from Privacy
International](http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-559597)).
Without taking any precautions, your Internet service provider, the
state, the police and global surveillance systems like
[ECHELON](http://en.wikipedia.org/wiki/ECHELON) (which is _not_ a
conspiracy theory; see [this report from the European
Parliament](http://www.fas.org/irp/program/process/rapport_echelon_en.pdf))
can record what you do online: what you read, what you write and who
you communicate with.
This is possible since all messages sent over
the Internet contain the [IP
addresses](http://en.wikipedia.org/wiki/Ip_address) of both the sender
and receiver, much like an ordinary mail sent through the postal
system contain addresses of both sender and receiver for two-way
communication. IP addresses can easily be traced back to the physical
location of the computers and their owners, and from that ultimately
back to you.
If you do not mind this fact, then more power to you, but if you do
mind, then Tails might be just what you need.
Moreover, just like with a postcard, any information traveling on the
Internet can be read by many computers that relay them.
# <a name="why_notrace"></a>Why do you need to prevent traces to be kept?
A lot of traces of your activities are left on your computer's hard
disk. Such traces can easily be gathered by anyone with a bit of
computer knowledge when no special measure is taken to prevent this
(the only serious one being full disk encryption).
Again, if you do mind this fact, Tails might be just what you need.
# <a name="how"></a>How does Tails provide with anonymity?
**FIXME**: semi-duplicated section: this and the [[about]] page are
duplicated information. Merge or inline the [[about]] page (whithout what's
next) here?
First of all, true anonymity is impossible. Given enough resources an
attacker will get you. What one can do is to make the cost of doing
that so high that it becomes infeasible.
Tails tries to do this by sending all your Internet traffic through
the [Tor™ network](https://www.torproject.org/) which makes your
Internet traffic very hard to trace. If someone tries to trace you
when you are using Tails, the trail will stop somewhere in Tor
network with the IP addresses of some of its participants, not your.
Similarly, if someone tries to see destination of your traffic, they
will only reach as far as some computer in the Tor network. In fact,
you will be the only one knowing exactly what is going on – not even
the computers in the Tor network that you send your traffic through
will know the whole picture!
As at least a rudimentary understanding of Tor currently is essential
for using it securely (and knowing its limits) we strongly recommend
reading the [Tor overview](https://www.torproject.org/overview.html)
and [Understanding and Using Tor – An Introduction for the
Layman](https://wiki.torproject.org/noreply/TheOnionRouter/TorALaymansGuide).
At the very least you should read the following paragraphs about
common misconceptions about the service offered by the Tor software.
By relaying your Internet traffic through the Tor network (which
Tails does per default) your communications should _only_ be
considered to be untraceable back to the computer you use, not
encrypted or in any other way unreadable by others. While the traffic
_is_ encrypted when it leaves your computer and when you get back your
responses, it will not necessarily be so when sent between the Tor
network and your destination (this is unavoidable for technical
reasons). This means that an eavesdropper at some later point will be
able see your traffic without Tor's encryption unless you take further
precautions (described [later on](#ff)), but will not be able to link
it back to your computer.
As such, if you are sending or receiving sensitive data whose
disclosure would be damaging in itself even if it is untraceable, you
need to use end-to-end encryption to hide the meaning of your data to
everyone except the recipient. Examples of such sensitive information
that you need to protect in this way are your real identity or other
personal information linkable to you, login details and passwords,
bank account or financial details, anything illegal or political, and
secrets in general.
There are several tools bundled with Tails offering end-to-end
encryption for various applications: [GnuPG](http://www.gnupg.org/)
provides with encryption for email,
[OTR](http://www.cypherpunks.ca/otr) is for instant messaging (MSN,
ICQ, IRC, etc.) among others.
Also, bear in mind that while web browsing on sites for whom the
addresses begin with `http://` the connections are not encrypted (see
[more about this](#ff)). However, web sites whose addresses start with
`https://` (notice the additional "**s**") use encrypted connections
and are thus **s**ecure. FIXME: tell a bit about certificates and
X.509 limits. Many web browsers, including Firefox, also display a
lock or a similar symbol in the address field or status bar indicating
that the connection is secure.
Notice that not all web sites offer this feature, but most that in any
way handle your data (webmail logins, bank account logins etc.)
usually do. Keep your eyes open!
Furthermore, most software bundled with Tails will warn you when
your previously encrypted connection switches to unencrypted mode: be
careful!
At last, some applications have features and services that may
compromise the anonymity offered by the Tor network. All modern web
browsers, such as Firefox, support
[JavaScript](http://en.wikipedia.org/wiki/Javascript), [Adobe
Flash](http://en.wikipedia.org/wiki/Adobe_flash),
[Cookies](http://en.wikipedia.org/wiki/HTTP_cookie) and other services
which have been shown to be able to defeat the anonymity provided by
the Tor network.
For instance, a web page using JavaScript can make your web browser
send your real IP address to the web server hosting the web page which
possibly can disclose it not only to the web server's owner but also
eavesdroppers that happen to fetch the message when it is sent between
the Tor network and the web server.
When running Iceweasel (Firefox) in Tails all such features are
handled by an extension called
[Torbutton](https://www.torproject.org/torbutton/) which does all
sorts of things to prevent the above type of attacks. But that comes
at a price – since this will disable some functionality, certain sites
might not work as intended.
# <a name="how_amnesia"></a>How does Tails provide with amnesia?
**FIXME**: duplicated section pasted from [[doc/about]] (Use anywhere but leave
no trace): this and the [[about]] page are duplicated information. Merge or
inline the [[about]] page (whithout what's next) here?
Using Tails on a computer doesn't alter or depend on the operating system
installed on it. So you can use it in the same way on yours, the computer of a
friend or one at your local library. After removing your Tails CD or USB stick
the computer can start again on its usual operating system.
Tails is configured with a special care to not use the computer's hard-disks,
even if there is some swap space on it. The only storage space used by Tails is
the RAM memory, which is automatically erased when the computer shuts down. So
you won't leave any trace neither of the Tails system nor of what you did on
the computer. That's why we call it "amnesic".
This allows you to work on sensitive documents on any computer and protect you
from data recovery after shutdown. Of course, you can still explicitly save
some documents to another USB or external hard-disk and take them aways for
future use.
**FIXME**: end of pasted part
**FIXME**: start of translation from French.
However, there are some limitations:
- if the computer you are using is powered off brutally (e.g. power supply cut,
power cable or battery unplugged, poweroff by pressing power button, …) RAM
won't be cleared immediatly on shutdown. It will be possible to achieve a cold
boot attack (**FIXME**: add a link) for several minutes to several hours
(depending on the RAM model and the temperature) which would enable an
attacker to recover everything that have been achieved during the session,
from typed texts to saved files, including password and encryption keys.
- information saved on external devices are *not* protected by default: if they
are sensitive, they should be encrypted using specific tools (e.g. GnuPG) or
saved on encrypted device (e.g. using LUKS through palimpsest). These tools
are included in Tails, it's then up to you to learn using them. It is also
likely that the files you may create using Tails will keep tracks that they
were created using this operating system.
- if you need to access your local hard drive(s) form Tails, please stay careful
about the exchanges to render possible.
- to end with you might be tempted to use Tails as an host inside a
virtualisation software (e.g. VirtualBox or QEMU). Be warned that both the
host operating system and the virtualization software will be able to monitor
what you are doing in Tails. Moreover traces are likely to be left on the
local hard disk. Please see [[support/virtualization]] for more information.
**FIXME**: end of translation from French.
......@@ -6,11 +6,44 @@
> **incognito**, *adjective & adverb*:<br/>
> (of a person) having one's true identity concealed.
**FIXME**: begin paste from index
Tails is a live CD or live USB that aims at preserving your privacy and anonymity.
It helps you to:
* use the Internet anonymously almost anywhere you go and on any computer:
all connections to the Internet are forced to go through the Tor network;
* leave no trace on the computer you're using unless you ask it explicitly.
**FIXME**: end paste from index
Tails is a live system: a complete operating-system designed to be used from a
CD or a USB stick independently of the computer's original operating system. It
is [[Free Software|license]] and based on [[Debian
GNU/Linux|http://www.debian.org/]].
**FIXME**: begin paste from walkthrough
Tails is a [Free
Software](http://www.gnu.org/philosophy/free-sw.html)
[LiveDistro](http://en.wikipedia.org/wiki/Livedistro) based on [Debian
GNU/Linux](http://www.debian.org/) assisting you to securely and
anonymously use the Internet almost anywhere you go, e.g. your home,
work, university, favourite Internet café or local library.
Tails is designed to be used from either a CD or a [USB
drive](#usb).
Tails has several applications (Web browser, IRC client, Mail
client, Instant messenger, office suite, image and sound manipulation,
etc.) pre-configured with security in mind; all outgoing connections
to the Internet are forced to go through [the Tor
network](https://www.torproject.org/), whose purpose is to protect
them against traffic analysis. Moreover, Tails is designed to leave
no trace on local storage devices unless explicitely asked.
**FIXME**: end paste from walkthrough
Tails comes with several built-in applications pre-configured with security in
mind: web browser, instant messaging client, email client, office suite, image
and sound editor, etc.
......
[[!meta title="About Tails amnesia"]]
# <a name="why_notrace"></a>Why do you need to prevent traces to be kept?
A lot of traces of your activities are left on your computer's hard
disk. Such traces can easily be gathered by anyone with a bit of
computer knowledge when no special measure is taken to prevent this
(the only serious one being full disk encryption).
Again, if you do mind this fact, Tails might be just what you need.
# <a name="how_amnesia"></a>How does Tails provide with amnesia?
**FIXME**: duplicated section pasted from [[doc/about]] (Use anywhere but leave
no trace): this and the [[about]] page are duplicated information. Merge or
inline the [[about]] page (whithout what's next) here?
Using Tails on a computer doesn't alter or depend on the operating system
installed on it. So you can use it in the same way on yours, the computer of a
friend or one at your local library. After removing your Tails CD or USB stick
the computer can start again on its usual operating system.
Tails is configured with a special care to not use the computer's hard-disks,
even if there is some swap space on it. The only storage space used by Tails is
the RAM memory, which is automatically erased when the computer shuts down. So
you won't leave any trace neither of the Tails system nor of what you did on
the computer. That's why we call it "amnesic".
This allows you to work on sensitive documents on any computer and protect you
from data recovery after shutdown. Of course, you can still explicitly save
some documents to another USB or external hard-disk and take them aways for
future use.
**FIXME**: end of pasted part
**FIXME**: start of translation from French.
However, there are some limitations:
- if the computer you are using is powered off brutally (e.g. power supply cut,
power cable or battery unplugged, poweroff by pressing power button, …) RAM
won't be cleared immediatly on shutdown. It will be possible to achieve a cold
boot attack (**FIXME**: add a link) for several minutes to several hours
(depending on the RAM model and the temperature) which would enable an
attacker to recover everything that have been achieved during the session,
from typed texts to saved files, including password and encryption keys.
- information saved on external devices are *not* protected by default: if they
are sensitive, they should be encrypted using specific tools (e.g. GnuPG) or
saved on encrypted device (e.g. using LUKS through palimpsest). These tools
are included in Tails, it's then up to you to learn using them. It is also
likely that the files you may create using Tails will keep tracks that they
were created using this operating system.
- if you need to access your local hard drive(s) form Tails, please stay careful
about the exchanges to render possible.
- to end with you might be tempted to use Tails as an host inside a
virtualisation software (e.g. VirtualBox or QEMU). Be warned that both the
host operating system and the virtualization software will be able to monitor
what you are doing in Tails. Moreover traces are likely to be left on the
local hard disk. Please see [[support/virtualization]] for more information.
**FIXME**: end of translation from French.
[[!meta title="About Tails anonymity"]]
# <a name="why"></a>Why do you need anonymity?
In case you did not know, we currently find ourselves in a state of
steady decline of our freedoms and privacy, with increasing levels of
mass surveillance and repression all over the world (see [this report
from Privacy
International](http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-559597)).
Without taking any precautions, your Internet service provider, the
state, the police and global surveillance systems like
[ECHELON](http://en.wikipedia.org/wiki/ECHELON) (which is _not_ a
conspiracy theory; see [this report from the European
Parliament](http://www.fas.org/irp/program/process/rapport_echelon_en.pdf))
can record what you do online: what you read, what you write and who
you communicate with.
This is possible since all messages sent over
the Internet contain the [IP
addresses](http://en.wikipedia.org/wiki/Ip_address) of both the sender
and receiver, much like an ordinary mail sent through the postal
system contain addresses of both sender and receiver for two-way
communication. IP addresses can easily be traced back to the physical
location of the computers and their owners, and from that ultimately
back to you.
If you do not mind this fact, then more power to you, but if you do
mind, then Tails might be just what you need.
Moreover, just like with a postcard, any information traveling on the
Internet can be read by many computers that relay them.
# <a name="how"></a>How does Tails provide with anonymity?
**FIXME**: semi-duplicated section: this and the [[about]] page are
duplicated information. Merge or inline the [[about]] page (whithout what's
next) here?
First of all, true anonymity is impossible. Given enough resources an
attacker will get you. What one can do is to make the cost of doing
that so high that it becomes infeasible.
Tails tries to do this by sending all your Internet traffic through
the [Tor™ network](https://www.torproject.org/) which makes your
Internet traffic very hard to trace. If someone tries to trace you
when you are using Tails, the trail will stop somewhere in Tor
network with the IP addresses of some of its participants, not your.
Similarly, if someone tries to see destination of your traffic, they
will only reach as far as some computer in the Tor network. In fact,
you will be the only one knowing exactly what is going on – not even
the computers in the Tor network that you send your traffic through
will know the whole picture!
As at least a rudimentary understanding of Tor currently is essential
for using it securely (and knowing its limits) we strongly recommend
reading the [Tor overview](https://www.torproject.org/overview.html)
and [Understanding and Using Tor – An Introduction for the
Layman](https://wiki.torproject.org/noreply/TheOnionRouter/TorALaymansGuide).
At the very least you should read the following paragraphs about
common misconceptions about the service offered by the Tor software.
By relaying your Internet traffic through the Tor network (which
Tails does per default) your communications should _only_ be
considered to be untraceable back to the computer you use, not
encrypted or in any other way unreadable by others. While the traffic
_is_ encrypted when it leaves your computer and when you get back your
responses, it will not necessarily be so when sent between the Tor
network and your destination (this is unavoidable for technical
reasons). This means that an eavesdropper at some later point will be
able see your traffic without Tor's encryption unless you take further
precautions (described [later on](#ff)), but will not be able to link
it back to your computer.
As such, if you are sending or receiving sensitive data whose
disclosure would be damaging in itself even if it is untraceable, you
need to use end-to-end encryption to hide the meaning of your data to
everyone except the recipient. Examples of such sensitive information
that you need to protect in this way are your real identity or other
personal information linkable to you, login details and passwords,
bank account or financial details, anything illegal or political, and
secrets in general.
There are several tools bundled with Tails offering end-to-end
encryption for various applications: [GnuPG](http://www.gnupg.org/)
provides with encryption for email,
[OTR](http://www.cypherpunks.ca/otr) is for instant messaging (MSN,
ICQ, IRC, etc.) among others.
Also, bear in mind that while web browsing on sites for whom the
addresses begin with `http://` the connections are not encrypted (see
[more about this](#ff)). However, web sites whose addresses start with
`https://` (notice the additional "**s**") use encrypted connections
and are thus **s**ecure. FIXME: tell a bit about certificates and
X.509 limits. Many web browsers, including Firefox, also display a
lock or a similar symbol in the address field or status bar indicating
that the connection is secure.
Notice that not all web sites offer this feature, but most that in any
way handle your data (webmail logins, bank account logins etc.)
usually do. Keep your eyes open!
Furthermore, most software bundled with Tails will warn you when
your previously encrypted connection switches to unencrypted mode: be
careful!
At last, some applications have features and services that may
compromise the anonymity offered by the Tor network. All modern web
browsers, such as Firefox, support
[JavaScript](http://en.wikipedia.org/wiki/Javascript), [Adobe
Flash](http://en.wikipedia.org/wiki/Adobe_flash),
[Cookies](http://en.wikipedia.org/wiki/HTTP_cookie) and other services
which have been shown to be able to defeat the anonymity provided by
the Tor network.
For instance, a web page using JavaScript can make your web browser
send your real IP address to the web server hosting the web page which
possibly can disclose it not only to the web server's owner but also
eavesdroppers that happen to fetch the message when it is sent between
the Tor network and the web server.
When running Iceweasel (Firefox) in Tails all such features are
handled by an extension called
[Torbutton](https://www.torproject.org/torbutton/) which does all
sorts of things to prevent the above type of attacks. But that comes
at a price – since this will disable some functionality, certain sites
might not work as intended.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment