Monday, November 26, 2012

When You Need an Envelope

A friend introduced me to the world of the TAILS distribution of Linux and secure, anonymous internet usage under the TOR Project.  I took a vacation day today (if one short week is good, two short weeks are better!) and played around with for a few hours.  You could spend a lot of time at the TOR project, and all of it would be well spent.

Here's the deal.  That TAILS link (The Amnesic Incognito Live System) leads you to a distribution of TAILS, currently, 0.14.  That page is complete information for getting started, and the download itself is an .iso file, the kind used for either creation of a CD or DVD (from Windoze, as most are, use something like ImgBrn to burn the image) or to write to a USB drive that's at least 2 GB.  The TAILS link has instructions and link to a method of transferring the .iso file to a USB memory stick.  My Staples had these 4 gig sticks for $4 in bucket by the door a couple of months ago.  I can literally lose these in a shirt pocket.
Why you want a memory stick, especially today's tiny ones like this, is that you can stick it in your pocket and always have a secure computer to work from, if you can reboot.  The computer, of course, has to be where you have to access to reboot it and force it into setup or show other Boot Options.  On your PC, probably where you'll use this the most for now, you'll want to ensure you can boot from a USB drive - on a Dell, usually pressing F12 or F2 when prompted will allow you to choose your boot device.  This table can help you find what you need to press for your PC, if you've forgotten.  If you can't boot from a USB stick, but can boot from a DVD, there's nothing wrong with booting from that.  I recommend the USB stick, though, because everything you are running starts on that device, and the USB stick is simply much, much faster than a DVD, and a DVD won't fit in your pocket! 

So what do you get?  TAILS boots into a Debian based Linux that looks remarkably like Windows - it's the Gnome interface to Linux that Ubuntu used to use a few years ago.  There's even a "look like XP camouflage" option for internet cafes and places where you want to blend in like everyone else.  You don't have to choose a password while booting but I recommend you do - you're assigning yourself as Super User or Administrator in Windows-speak and giving yourself permission to access your full Windows hard drive and any other file shares under Windows (I haven't tried to connect to my network with it).  When you're booting into TAILS, it asks you if you want further options; Yes prompts you for a password.  It doesn't have to be any password you use anywhere else on the PC - it's for the OS only.  You'll have a browser (Ice Weasel = Fire Fox clone), an email client (CLAWS = Thunderbird), a communicator (Pidgin), and you'll have several "Best of Linux" programs installed - GIMP, Open Office, and a fully functioning system.

All of your actions - web use, emails, anything, is run through anonymizers.  Web searches go through Startpage.  Your address is blocked.  Security is built in from the ground up.  All to keep you anonymous. The "Amnesic" part in TAILS is because the system forgets everything you've done when you shut it down.  Pull that USB drive and it's deaf, dumb and blind.  What you sacrifice for this security is speed - TOR works by bouncing your packets around between different relays, and this slows things.  Without running speed test web sites, I'd estimate that loading this blog took about 10x longer than when I'm using Windows - or my FireHD from across the house.  Of course, let's never forget that it's easier to crack the user than crack the encryption, as XKCD so brilliantly put it:

It might be worth your time to read, or re-read, this.  Should you find yourself in some sort of dystopian banana republic and need to get anonymous messages to friends and co-workers, this could well be your ticket. 


  1. Perhaps I'm hopelessly ignorant, but having a fixed entry point, startpage, seems to me a weak area. Could one choose an on ramp anywhere in the world?

    BTW, I've found startpage & ixquick down (or otherwise unavailable) several times in the past 2-3 weeks.


    1. Startpage isn't your entry point - it's just there for anonymizing your web searches. You can live without ever touching Startpage in the TOR universe.

      That TOR link I had explains it, but basically it removes (or reduces) your traceability by routing your packets between anonymous relays. They have a couple of good pages on Traffic Analysis and how the system works.

      Also, see Magnus' comment, below, too.

  2. I've been using startpage every day for about a year now, and haven't had any problems with it, but I'm on a Mac using Safari and Firefox.

  3. Just an important word of caution: if you use TOR for unencrypted connections (plain ol' HTTP), the unencrypted traffic will still be visible to the TOR exit nodes. Meaning that if you use TOR, it is best to use HTTPS connections if at all possible. Here is a link to more information:

  4. FYI, make a bootable cd of TAILS and then use the utility within to burn your liveUSB. Otherwise, you won't have a dynamic copy and will have issues with retaining anything you do in TAILS, passwords, encryption etc.
    The utility is extremely simple to use, but make sure you have a clean USB to use or you will wipe it in process.