Commit af3c9180 authored by T(A)ILS developers's avatar T(A)ILS developers
Browse files

ortho typo

parent 677e12da
......@@ -9,7 +9,7 @@ from Privacy
International](http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-559597)).
Without taking any precautions, your Internet service provider, the
state, the police and global surveillance systems like
State, the police and global surveillance systems like
[ECHELON](http://en.wikipedia.org/wiki/ECHELON) (which is _not_ a
conspiracy theory; see [this report from the European
Parliament](http://www.fas.org/irp/program/process/rapport_echelon_en.pdf))
......@@ -20,7 +20,7 @@ This is possible since all messages sent over
the Internet contain the [IP
addresses](http://en.wikipedia.org/wiki/Ip_address) of both the sender
and receiver, much like an ordinary mail sent through the postal
system contain addresses of both sender and receiver for two-way
system contains addresses of both sender and receiver for two-ways
communication. IP addresses can easily be traced back to the physical
location of the computers and their owners, and from that ultimately
back to you.
......@@ -52,5 +52,5 @@ When running Iceweasel (Firefox) in Tails all such features are
handled by an extension called
[Torbutton](https://www.torproject.org/torbutton/) which does all
sorts of things to prevent the above type of attacks. But that comes
at a price – since this will disable some functionality, certain sites
at a price – since this will disable some functionalitys, some sites
might not work as intended.
[[!meta title="System requirements"]]
Tails should work on any reasonably recent PC computer, say manufactured after 2005.
Here is a detailed list of requirements.
Here is a detailed list of requirements:
- Either **have a CD reader** or be able to **boot from a USB stick** or an
external USB CD reader.
......
......@@ -51,7 +51,7 @@ available list of exit nodes that might contact it. For example using the [Tor
Bulk Exit List tool](https://check.torproject.org/cgi-bin/TorBulkExitList.py) of
the Tor Project.
**So using Tails doesn't make your look like any random Internet user.**
**So using Tails doesn't make you look like any random Internet user.**
The anonymity provided by Tor and Tails works by trying to make all of their
users look the same so it's not possible to identify who is who amongst them.
......@@ -127,7 +127,7 @@ cooperate to attack you.
Tor tries to protect against traffic analysis, where an attacker tries to learn
whom to investigate, but Tor can't protect against traffic confirmation (also
known as end-to-end correlation), where an attacker tries to confirm a
known as end-to-end correlation), where an attacker tries to confirm an
hypothesis by monitoring the right locations in the network and then doing the
math.
......@@ -147,12 +147,12 @@ you may create will keep tracks that they were created using Tails.
conscious that you might then leave trace of your activities with Tails on it.
Tails doesn't clear the metadata of your documents for you
=============================================================
==========================================================
Numerous files format store hidden data or metadata inside of the files. Text
processors or PDF files could store the name of the author, the date and time of
creation of the file, and sometimes even parts of the editing history of the
file… Those hidden data depend on the file format and the software used.
file… those hidden data depend on the file format and the software used.
Images file formats, like TIFF of JPEG, probably take the prize in this field.
Those files, created by digital cameras or mobile phones, contain a metadata
......@@ -187,7 +187,7 @@ Tails doesn't magically separate your different contextual identities
=====================================================================
It is usually not advisable to use the same Tails session to perform two tasks
or endorse two contextual identities that you really want to keep separate on
or endorse two contextual identities that you really want to keep separate
from another. For example hiding your location to check your email and
publishing anonymously a document.
......@@ -209,18 +209,18 @@ you're using a new identity, if you really want to isolate them better.
Vidalia's "New Identity" button forces Tor to use new circuits but only for new
connections: existing connections might stay open. Plus, apart from the Tor
circuits, other kind of information can reveal your past activities, for example
the cookies stored by your browser. So this feature of Vidalia's is not a
the cookies stored by your browser. So this feature of Vidalia is not a
solution to really separate contextual identities. Shutdown and restart Tails
instead.
Tails doesn't make your crappy passwords stronger
=================================================
Tor allows you to be anonymous online; Tails to leave no trace on the
Tor allows you to be anonymous online and to leave no trace on the
computer you're using. But again, **neither of both are magic spells for computer
security**.
If your use weak passwords they can be guessed by brute-force attacks with or
If you use weak passwords, they can be guessed by brute-force attacks with or
without Tails in the same way. To know if your passwords are weak and learn good
practices to create better password, you can read [[!wikipedia
Weak_password#Examples_of_weak_passwords desc="Wikipedia: Weak Passwords"]].
......
......@@ -37,7 +37,7 @@ called fingerprint, which is a unique identifier for that key that
cannot be faked. Verification should then be done by asking you friend
to send you the fingerprint through some safe channel, which could be
anything from telling it by telephone or VoiP (which is hard for an
attacker to manipulate on the fly) or even face-to-face (but hen you
attacker to manipulate on the fly) or even face-to-face (but then you
can exchange the actual keys securely instead), and then making sure
that they are the same. Assuming the channel is safe the fingerprint
sent by your friend and the one you get from the key should be
......
......@@ -17,7 +17,7 @@ create a bootable USB stick (the destination) from it.
The device name should be something like `/dev/sdb`, `/dev/sdc`, etc.
If you're not sure about it's precise device name, do the following.
If you're not sure about the precise device name, do the following.
Unplug the destination USB stick.
......@@ -42,7 +42,7 @@ stick, its brand, its size, etc. on the right side of the screen.
[[!img linux/destination_device_description.png link=no alt="Drive description containing: 'Device: /dev/sdc'"]]
On this screenshot, the destination USB stick is a Kingston DataTraveler of 2.0
GB and its device name is `/dev/sdc`. Yours could de different.
GB and its device name is `/dev/sdc`. Yours could be different.
### Step 2: Do the copy from the terminal.
......
[[!meta title="Trusting Tails signing key"]]
We will present you three techniques from the easiest to the safest. Again,
We will present you three techniques from the easiest to the safest. Again,
none of them is a perfect and magic solution. Feel free to explore them
according to your possibilities and technical skills.
......@@ -63,7 +63,7 @@ You're trusting Alice's key.*
*Furthermore, Alice met Bob, a Tails developer, in a conference, and signed
Bob's key. Alice is trusting Bob's key.*
*Bob is a Tails developer who directly owns the Tails signing key. Bob fully
*Bob is a Tails developer who directly owns the Tails signing key. Bob fully
trusts Tails signing key.*
This scenario creates a trust path from you to Tails signing key that could
......@@ -180,5 +180,6 @@ practices.
- [[!wikipedia GnuPG desc="Wikipedia: %s"]], a free OpenPGP software
- [[Apache: How To OpenPGP|http://www.apache.org/dev/openpgp.html]]
- [[Debian: Keysigning|http://www.debian.org/events/keysigning]], a tutorial on sign keys of other people
- [[Debian: Keysigning|http://www.debian.org/events/keysigning]], a
tutorial on signing keys of other people
- [[rubin.ch: Explanation of the web of trust of PGP|http://www.rubin.ch/pgp/weboftrust.en.html]]
[[!meta title="Use Tails"]]
In this section we will now briefly present how to use Tails, and especially
the the main applications
included in Tails. Users are encouraged to look for further
information about them elsewhere and to experiment (while not doing
anything sensitive!) for their own benefit. All the pictures are
clickable to get them undistorted and in full size, but note that some
of the text is smudged in order to protect identities.
In this section we will briefly present how to use Tails, and
especially the main applications included in Tails. Users are
encouraged to look for further information about them elsewhere and to
experiment (while not doing anything sensitive!) for their own
benefit. All the pictures are clickable to get them undistorted and in
full size, but note that some of the text is smudged in order to
protect identities.
- [[Start Tails|use/start]]
- [[Use Tails inside a virtualization software|use/start/virtualization]]
......
......@@ -30,10 +30,10 @@ it is enabled you might want try disabling it.
# <a name="nm"></a>Networking with NetworkManager
The name is quite self-explanatory – this is what you should use
The name is quite self-explanatory – this is what you should use to
manage your network, which usually only consists of establishing an
Internet connection. In many cases this is done more or less
automatically. For example, if you are connected with wire
automatically. For example, if you are connected with wire,
NetworkManager will try to obtain network access automatically. If you
want to connect via wireless with a supported wireless adapter, you
are basically two clicks away.
......@@ -68,7 +68,7 @@ the screen. Right-clicking this icon displays a configuration menu.
Vidalia menu proposes essentialy two features:
* a *Network map* which displays window showing a map of the Tor network, a list
* a *Network map* which displays a window showing a map of the Tor network, a list
of Tor relays and a the list of currently used routes and their status.
* a *New identity* entry, which will make Tor use a different
route for **future** connections, so that they will appear to come
......@@ -85,12 +85,12 @@ Next we will have a look at the Tor network map:
[[!img Vidalia_Netmap_en.jpg title="Vidalia network map" align="center"]]
In here, all the Tor nodes in the Tor network are listed, as are all
your circuits and connections that go through the Tor network. All
this requires a bit of technical knowledge of how Tor works in order
to understand and use, but it is not at all necessary. From the
your circuits and connections that go through the Tor network. This
requires a bit of technical knowledge of how Tor works in order to
understand and use, but it is not at all necessary. From the
connection listing it should at least be relatively easy for you to
see which exit node and country it appears your connections come from.
Right-clicking on any establisehd circuits enable you to close it in
Right-clicking on any established circuits enable you to close it in
case this one is too slow.
## The *New identity* feature
......@@ -170,7 +170,7 @@ IceWeasel is an unbranded version of Mozilla Firefox webbrowser.
Given Mozilla Firefox's popularity many of you have
probably used it before. Its user interface is like any other modern
web browser, but there are a few things we want to mention, some that
is special with this particular installation. Do you remember what we
are special with this particular installation. Do you remember what we
said [earlier](#how) about end-to-end encryption and its importance
while using Tor? Here is how it looks in Firefox when you are using a
secure, end-to-end encrypted connection:
......@@ -191,7 +191,7 @@ whatever information you are sending. In this case what we are trying
to do is logging in on an email account at
[lavabit](http://lavabit.com/), using their [webmail
interface](https://lavabit.com/apps/webmail/src/login.php). Let us
proceed with logging in there so we can se how it is possible to send
proceed with logging in there so we can see how it is possible to send
end-to-end encrypted email with any webmail service out there with the
nifty [FireGPG](http://getfiregpg.org/) extension.
......@@ -233,7 +233,7 @@ At this stage we are ready to press send. When Bob receives this email
he can also use FireGPG to decrypt it in a very similar way – he will
just have to select the encrypted message and then use the FireGPG
menu to choose "Verify" or "Decrypt", or both. This can be done with
any so called PGP block. There is one important limitation in FireGPG,
any so-called PGP block. There is one important limitation in FireGPG,
though. It cannot generate new keys, so you will have to use another
application for that. We recommend using the [GNU Privacy
Assistant](#gpa), found under the "Utilities" section of the K menu,
......@@ -302,7 +302,7 @@ This is a security feature, also used for separating the different
states in Firefox, which otherwise could lead to trouble (arguably a
bit less so for Tails users).
As we hope you understand by know, there are reasons for all these
As we hope you understand by now, there are reasons for all these
quirks, and while they might be annoying we hope you will learn to
cope with them. If not, feel free to disable Torbutton and never use
it again, but in that case you should expect much less anonymity and
......@@ -384,9 +384,9 @@ OTR and other Pidgin plugins are enabled in the "Tools menu -&gt;
Plug-ins" section. Simply check the appropriate box for enabling any
plugin you want, and possibly you might also want to configure it by
pressing the "Configure Plug-in" button. When this is done for the OTR
plugin a window that can be used to manage your keys will be opened.
plugin a window that can be used to manage your keys will open.
The use of OTR is recommended as many instant messaging protocols
normally send your messages in plaintext. Force your friends to
normally sends your messages in plaintext. Force your friends to
migrate to clients with support for OTR!
**FIXME**: mention `/me` is **not** encrypted when used in a OTR
......
......@@ -35,7 +35,7 @@ launch the most frequently used applications. Passing the mouse cursor
over one of these shortcut will display the application name and its
function.
In the upper right corner you will find a couple of icons, each which
In the upper right corner you will find a couple of icons, each of which
offers an interface for some running application : the onion icon is
made to control Tor using Vidalia, the two computer screens are for the
network settings using NetworkManager. They will be explained more in
......@@ -79,7 +79,7 @@ To connect to remote FTP or SFTP server, go to "Connect to Server..." from
As stated in the [[about]] page, Tails is a [live
system](http://en.wikipedia.org/wiki/Livedistro). It is important
to understand someof the consequences of that.
to understand some of the consequences of that.
Starting a computer on a media containing Tails doesn't change anything on the
operating system actually installed on your hard drive: as a live system, Tails
......@@ -93,7 +93,7 @@ operating system.
A consequence of this amnesia is that you can't save anything on the device
containing Tails be it files you create or download or any configuration you
might do. You should save anything you want to keep for later access into a
separate device (other USB stck, other CD or any device you would choose).
separate device (other USB stick, other CD or any device you would choose).
Future versions of Tails will propose a feature to save some files or
configuration, but it is still being developped.
......@@ -101,14 +101,14 @@ configuration, but it is still being developped.
If an attacker had access to the computer you run Tails on, she might
have installed a piece of hardware that records every key which is
pressed on the keyboard. This kind of hardware is quite common and known
to have been already used.
pressed on the keyboard: that's a keylogger. This kind of hardware is
quite common and known to have been already used.
To prevent against giving such a device your password or encryption
passphrase, you might want to "type" them using the mouse on a virtual
keyboard displayed on screen.
The [OnBoard](https://launchpad.net/onboard)* virtual keyboard starts
The [OnBoard](https://launchpad.net/onboard) virtual keyboard starts
automatically with Tails and
is accessible by the keyboard icon in the systray on the top left of the screen.
It can be used to safely enter passwords using the mouse
......@@ -138,16 +138,16 @@ modern computing works, basically everything that you have been doing
for a good whike is stored in the RAM, so all information – including
passwords, encryption keys and the secret plans you wrote in a text
editor but then erased – may be stored in it in plain text. The more
resent the activity, the more likely it is that it is still in the
recent the activity, the more likely it is that it is still in the
RAM.
RAM is usually considered to be extremely volatile, meaning that the
data itstores starts to disintegrate rapidly once power is removed.
data it stores starts to disintegrate rapidly once power is removed.
However, it has been shown that the data might be recoverable for
seconds or even minutes after this happens, and apparently freeze
spray can be used to increase that period significantly. Once the
power is restored the RAM state will keep getting refreshed, so if the
power supply is portable the removed RAM modules' contents are in the
power supply is portable the removed RAM modules content is in the
hands of the attacker. Alternatively the computer can simply be reset
(i.e. switched off and back on quickly), which barely even affects the
power. Then a tiny LiveCD system is loaded with the ability to dump
......
......@@ -9,7 +9,7 @@ implementation of OpenPGP used for encryption of all sorts.
Tails include Seahorse, a graphical program to manage OpenPGP keys. You can
start it from the top panel clicking *System* → *Preferences* → *Password and
Encryption keys*
Encryption keys*.
## Encrypt and decrypt webmail with FireGPG
......
......@@ -3,7 +3,7 @@
Security considerations
=======================
Even if *TrueCrypt* looks like free software, it is not included in Debian
Even if *TrueCrypt* looks like Free software, it is not included in Debian
due to its restrictive license. The development is done in a closed
fashion, so even if the source code is free, we can assume than there is
not much review happening on a daily basis.
......@@ -14,10 +14,10 @@ and now unsupported) *Incognito* live system to access the data on
previously created media.
In the future, we would like to
[[provide proper
alternatives|todo/provide_a_migration_path_from_truecrypt]] and stop distributing *TrueCrypt*. This means that you
should **not** create new TrueCrypt media if you intend to stay with
Tails in the long run.
[[provide proper alternatives|todo/provide_a_migration_path_from_truecrypt]]
and stop distributing *TrueCrypt*. This means that you should **not**
create new TrueCrypt media if you intend to stay with Tails in the
long run.
Using TrueCrypt in Tails
==========================
......
......@@ -14,18 +14,23 @@ system.
## Microsoft Windows
You should NOT trust Windows to be secure if you use Tails for anything you consider risky. Windows could be made a tiny bit more
You should NOT trust Windows to be secure if you use Tails for
anything you consider risky. Windows could be made a tiny bit more
trustworthy if you installed a HIPS (Host Intrusion Prevention System)
with high security settings instantly after installing Windows. If Windows not is installed from a genuine Windows CD/DVD you can not trust it enough, not even if it's a preinstalled copy of Windows (there have been cases of computers being shipped with malware). If you install a HIPS first after
using Windows for some time (less then an hour online is enough) you
could already have a rootkit that the HIPS can't detect.
Even with a HIPS you should not use Windows as a host OS if you risk personal harm for your use of Tails.
with high security settings instantly after installing Windows. If
Windows not is installed from a genuine Windows CD/DVD you can not
trust it enough, not even if it's a preinstalled copy of Windows
(there have been cases of computers being shipped with malware). If
you install a HIPS first after using Windows for some time (less then
an hour online is enough) you could already have a rootkit that the
HIPS can't detect. Even with a HIPS you should not use Windows as a
host OS if you risk personal harm for your use of Tails.
# Virtualization solutions
## VirtualBox
Tails runs in [VirtualBox](http://virtualbox.org) without any major conifuration
Tails runs in [VirtualBox](http://virtualbox.org) without any major configuration
necessary. VirtualBox is distributed both as a closed-source and as an
open-source (the so called OSE or Open Source Edition), the latter which the
Tails developer's encourages (although it currently lacks USB support compared
......
......@@ -26,19 +26,19 @@ Both are accessible from *Applications* → *Graphics* menu.
# Audio
[Audacity](audacity.sourceforge.net) is a multi-track audio editor for
Linux/Unix, MacOS and Windows. It is designed for easy recording, playing and
Linux/Unix, MacOS and Windows. It is designed for easy recording, playing and
editing of digital audio.
# Desktop publishing
[Scribus](scribus.org) is an Open Source Desktop Page Layout accessible from
the *Applications* → *Graphics*. It can be used for many tasks; from brochure
the *Applications* → *Graphics*. It can be used for many tasks; from booklets
design to newspapers, magazines, newsletters and posters to technical
documentation. It has sophisticated page layout features like precision placing
and rotating of text and/or images on a page, manual kerning of type, bezier
curves polygons, precision placement of objects, layering with RGB and CMYK
custom colors. The Scribus document file format is XML-based. Unlike
proprietary binary file formats, even damaged documents, can be recovered with
proprietary binary file formats, even damaged documents can be recovered with
a simple text editor.
# Printing and scanning
......@@ -46,5 +46,3 @@ a simple text editor.
The [CUPS printing system](cups.org), which includes drivers for several common
printers allows printing, while you can scan with [Simple
scan](launchpad.net/simple-scan)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment