Worried about PC privacy? Looking for a secure way to keep the bad guys at bay? How about a complete PC in your pocket, all contained on a single USB stick, that doesn't leave behind any traces that you've been there?
Enter Tails: a Linux distribution (think operating system) focused on privacy and security.
The Tails home screen is a little spartan.
The name Tails is an acronym for The Amnesic Incognito Live System. It's famously (infamously?) the secure OS of choice of NSA whistleblower Edward Snowden.
But much like with virtual private networks (VPNs), which also protect your privacy and provide security, Tails has plenty of legitimate uses.
Unlike other operating systems (OSes), Tails doesn't use your computer's internal storage. Instead, it runs directly off a USB key and uses your computer's RAM (memory). This means everything is wiped clean when you remove the USB key or shutdown or restart your computer.
You can save files to the USB key, which are then heavily encrypted. How much you can save depends on your USB stick's storage capacity.
Tails has a wide-enough range of built-in apps that the average user shouldn't find themselves wanting, but its cumbersome privacy and security measures mean it isn't a replacement for a day-to-day OS such as Windows or macOS. It's for more specific-use cases that can vary from person to person.
A huge amount of what you do online is tracked by at least one, if not multiple parties. Websites follow your IP address and leave cookies that track your browsing across multiple sessions.
Persistent logins such as Google, Facebook or browser accounts can record your every move, then sell that information. And governments, both domestic and foreign, have the ability to snoop on your activities for their own purposes.
Tails uses the Tor network to hide your internet activity and block traffic.
You can use a VPN to hide your activity, but Tails goes further.
Every internet application built into Tails connects via the Tor network, which bounces your data through three (out of thousands) relays across the world, none of which have the whole picture of who you are and what you're doing.
Any traffic not routed via the Tor network is blocked by Tails, which further protects your privacy by making it hard for apps and malware to broadcast data without your knowledge.
The downside is the internet runs a bit slower, but we found Tails' built-in Tor connection felt faster than using Tor on another OS such as Windows and not too much slower than a good VPN.
Tails' list of security features is long and, at times, excruciatingly niche. But to drastically simplify things, many of its measures make sure no-one can install anything on your computer long term without your knowledge.
And, if they do, it's unlikely any malware will be able to send any personal information back to malware makers or other parties.
The most notable facet is blunt and brutal. Tails erases every stored file that doesn't come with the OS by default every time you restart or turn off your computer, taking any potentially compromised files with it. And you have zero chance of reclaiming them.
If you want to save files between sessions, you need to set up a special encrypted persistent folder, into which you must transfer those files before shutting Tails down.
You also need to adjust certain settings every time you log on, and even if you save certain downloaded apps as persistent, that only means they'll be automatically downloaded the next time you start up Tails. This means large programs are cumbersome to use regularly.
Because your OS and everything else is saved to a single USB, you don't need to carry a computer around with you – as long as there's a computer with a USB port where you're headed that was manufactured within the last 10 years or so.
This has advantages for professionals or travellers who are always on the go, especially if you're travelling in hazardous locations where you're worried about device theft or confiscation.
We found the Tails installation process quick and relatively easy.
The Tails installation process has many steps, but the website has easy-to-follow, detailed instructions. But even though the instructions are comprehensive, it's useful to know a few things beforehand.
From the Tails home page, click Get Tails in the top menu bar to get started.
What you need to install Tails:
- An 8GB (preferably larger) USB stick
- Windows 7 or later, macOS 10.10 (Yosemite) or later, Linux
- An internet connection
- A second connected device.
For a normal install, you need at least an eight gigabyte (GB) USB stick. But we recommend a bigger one, as any long-term file storage will be kept on the USB stick and not your computer.
You'll also need a second device to follow the website's instructions to the end. This is because, at some point, your computer is going to be occupied setting up the Tails USB, and the last part of the set-up is done from your computer's boot menu.
A smartphone or tablet is fine, and you can also print the instructions if need be.
We found the website's installation time estimate of one and a half hours to be overblown. For us, it was only about 30 minutes from clicking download to firing up a fully-functioning Tails OS.
When following the steps, after you select the operating system you're using to create a Tails USB, you'll be prompted to download Tails (about 1.2GB), either as a direct download or via BitTorrent.
BitTorrent is the fastest and most secure method, so if you have a torrent manager we advise taking this option – it only took us about six minutes on an NBN Standard Plus (50/20) plan.
Direct download will also work, but could take between one and two hours, even on a fast internet connection.
If installing from Windows, you need Windows 7 or later. Macs need macOS 10.10 (Yosemite) or later.
Whether using Windows or macOS, the Tails instructions tell you to download a program called Etcher. This is a safe and easy-to-use piece of software, so go ahead and follow the link provided on the website.
The instructions for how to use Etcher seem long, but they're accurate and not too complicated.
Etcher is a safe and easy-to-use program that is required when installing Tails.
After you've created the Tails USB, it's time to restart your computer (with the Tails USB plugged in). For Tails to work, your computer needs to boot from the USB instead of its own storage drive. It won't do this by default, so you have to tinker with boot settings.
The menu system for doing this might be called a Boot Menu, BIOS, or UEFI, depending on your computer. While your computer is restarting, somewhere on the screen it will tell you to press a button to load one of these options. The key to activate this menu will be different based on the computer.
Often, it's one of the F keys (such as F2 or F8), but it might be the Delete key or something else. It's usually a good idea to press it a few times to make sure it registers. If you miss your opportunity and the computer boots up normally, just restart it and try again.
Once your Boot Menu/BIOS/UEFI interface loads, you'll need to find a setting that lets you specify what drive the computer boots from. If you can't find it in the settings, use your second device to do a web search for how to adjust boot preferences on your specific computer.
Find your USB key among the list of boot drives and move it to the first position – its device name will likely be either its brand or model. If the USB stick's name is displayed twice with slight variations, put both at the top of the list.
The USB drive we used was called "VerbatimSTORE N GO". Your boot preferences menu might look very different.
From now on, the computer will boot from the USB when it's available, but will boot from the next drive on the list when it's not.
You're unlikely to mess up anything by changing these settings, and you can always load this menu again and change things back to how they were if something goes wrong.
Save your changes and restart the computer. It should now boot up Tails instead of your normal OS.
When Tails starts up, it displays a greeting window. Here, you can make several settings changes, but keep in mind that every time you start Tails up, all these settings will revert to their defaults and you'll need to change them again.
You can make various setting changes while in the Tails greeting window.
From this window, you can choose the Language, Keyboard Layout, and date Formats. Change the language to English – Australia and the other two should automatically adjust.
Before continuing, you should familiarise yourself with the Additional Settings section at the bottom of the window by clicking the "+" icon.
Familiarise yourself with the additional settings by clicking on the "+" button.
Administration Password is a crucial setting even for casual users. For security, most Linux distros don't let you install software without typing in an admin password.
On Tails, this password is deactivated by default, which means you can't install anything because there's no password to enter. It's an added layer of security that stops people installing malware on your Tails system remotely.
But it also means you need to create an Administration Password when you start up Tails if you want to install software.
To do so, click Administration Password and create a password in the provided fields, then click Add. This password won't persist between sessions. Every time you boot up Tails, you'll need to enable Administration Password and pick a password.
Mac Address Spoofing isn't important unless you don't trust the owner of your local network. It creates a false device identity, so any local users won't be able to identify your computer.
But it also might mean you can't connect at all if your local network operator, such as an IT department, only allows pre-approved devices.
Network Configuration has three options:
- The default allows you to connect to the internet.
- The second (Configure a Tor bridge or local proxy) is for use in locations where connecting to the Tor network is illegal – it's perfectly legal in Australia.
- The third disables all networking, allowing you to work completely offline.
Unsafe Browser is the only app in Tails that doesn't access the internet via the Tor network, so it's a significant security weak point.
Only enable this option if the Tor browser can't do something, such as signing into a public Wi-Fi network with a unique user ID, which is common in hotels and airports.
A bit of patience
Tails can take a while to start up. This is because it needs to establish a connection to the Tor network before you can do anything online. Be patient and eventually you should be notified when the connection is established.
By default, Tails deletes all files whenever it shuts down. But you can create a folder called Persistent, which will encrypt and save anything in it, using the available space on your USB key.
Creating a persistent folder will encrypt and save files to your USB stick.
To enable persistent volume, click on Applications in the top left of the desktop. Then mouse over Tails and click Configure persistent volume on the right. Create a secure password (which will persist between sessions) and follow the prompts.
Restart Tails when prompted. You'll need to enter your persistent volume password via the greeting screen each time you start Tails. This is separate from the Administration Password.
The Tails user interface (UI) might look familiar to Windows or macOS users and it's very similar to Linux distros such as Ubuntu.
Launch apps by clicking the Applications menu in the top left of the screen and use the pop-out category menus, or open the full list by clicking Activities Overview.
You can also hit the Start key on a Windows keyboard and type the name of an app, then press Enter or select it from the list. Desktop apps are opened by double-clicking.
To browse files, open the Files app. The folder layout works the same as other OSes, except for the Tor and Tor (Persistent) folders.
Tails has an impressive array of built-in free apps configured to work securely and effectively.
The LibreOffice suite and Tor Browser are just some of the apps included in the Tails system.
The LibreOffice suite is included, along with options for visual, audio and video editing, email, publishing, media playing and more, plus the Tor Browser for web browsing.
Installing new apps is done via the Synaptic Package Manager or the terminal. This can be a bit of a hassle, and only apps that can connect to the Tor network will have internet access.
The Synaptic Package Manager is like an app store, but takes some getting used to.
Downloading from the web
The web browser is usually the most vulnerable app on any computer, as it can visit sites worldwide and interfaces with many software technologies that can be used to break your security, download malicious files or steal your information.
To deal with this last issue, Tails will only download files from the Tor browser into the Tor folder, which is a protected folder isolated to stop malware worming its way into the rest of your system.
If you've set up a persistent volume, you can download files you want to keep into the Tor (Persistent) folder. Once you've downloaded a program or file, you can then move it to a different folder if you wish.