Privacy: The Amnesiac Incognito Live System (TAILS)

In the words of Comedy News Anchor John Oliver regarding Edward Snowden: "It is still kind of incredible that a twenty-nine-year-old contractor was able to steal top secret documents from an organization that literally has the word 'Security' in its name." So how did he do it? How did Snowden manage to preserve his anonymity while secretely contacting journalists to share stolen government secrets? The full answer is slightly complicated, but a major part of it comes down to a favorite tool of the privacy community: TAILS.

TAILS is a flavor of Linux designed for maximum anonymity. When using TAILS correctly, you are completely invisible. However, "using TAILS correctly" is a lot harder than it seems. Snowden had to go through many additional, complicated steps to be completely invisible when he was contacting journalists, and even despite all this the NSA instantly nailed him as a suspect when the leaks began. The good news is that most of us are not trying to leak state secrets, so TAILS is plenty good enough for our purposes.

How TAILS Works

TAILS works by routing ALL internet traffic through the Tor network, randomizing your MAC address, and leaving no trace behind when you're finished. You see, TAILS is what's called a "live operating system," meaning it runs off of a USB stick and doesn't save anything. All the cookies you accumulate, all the files you save, everything gets erased. In theory, you could walk into a public library, reboot the library computer and tell it to boot from your TAILS stick, reboot the computer when you're done, take the USB stick with you, and it's like you were never there.

TAILS can be obtained for free (minus the cost of two USB sticks) here.

Using TAILS as a Daily Driver

TAILS can be configured to save information, such as passwords. Suppose you wanted to create an online identity that you absolutely could not afford to have tied back to you. You can use TAILS to sign up for an email account or other similar services and save the password and other information in your "persistent" storage (which is also password protected). If you only ever accessed this identity and files from the TAILS USB, you'll have effectively isolated it. Honestly, this is the only situation where I'd recommend using TAILS persistence. I don't think TAILS was designed to be used as your primary operating system for several reasons. For one, many websites block Tor because of the high potential for abuse or fraudelent activity (banks, for example, almost always block known Tor exit nodes). For another, despite your best efforts, using any operating system will almost surely collect cookies and other unique tracking information. Despite all of TAILS's aggressive, rotating anonymity features, the longer you use it, the more you run the risk of having it tied back to you. I recommend using TAILS only for sensitive activity where you absolutely don't want any risk of it being tied back to you, such as making a sensitive search.

TAILS Warnings

It should go without saying that I don't encourage you to do anything illegal or immoral while using TAILS. It is a well-known fact that if you make enough trouble, you can always be found. Many people, myself included, have very little doubt that Edward Snowden's current whereabouts are known to the NSA. Snowden himself said that if he turned up dead shortly after publishing his latest book to suspect foul play, indicating that he also believed he was still in the reach of the US Government. In my "about" page I used Ted Kaczynski as an example of how an adversary with enough resources can find even a hermit living in the woods. Do not use TAILS for illegal purposes. I don't want to go into detail over the ways that TAILS can be compromised, partially because it's very high-level technical stuff (not all of which I understand myself) and partially because it would require an entire page itself. The short version is that there are known weaknesses and if you cause enough trouble, they will be used against you and you will be caught. If you're using TAILS to be anonymous for legal (or mostly lega/moral) purposes, you're probably fine.

Don't torrent over TAILS as this runs the risk of revealing your true IP address (and it's slower than using a VPN designed for this purpose anyways).

Some people will tell you that by logging into anything on TAILS you instantly lose your anonymity. This is not necessarily true. You can log into websites on TAILS, but be sure to check for HTTPS, and be aware that the more unique activity you engage in (such as online purchasing or message boards) the easier it becomes to unmask you. Additionally, once you log into a site, a cookie is placed on your device that may allow them to track your subsequent activity. If you must log into an account via TAILS, I encourage you to reboot it when you're done to clear all cookies.

Make sure to use the same healthy browsing habits on Tor that you would anywhere, such as not clicking unfamiliar links and using HTTPS.


Previous Next