back to article Want a bit of privacy? Got a USB stick? Welcome to TAILS 3.12

The Linux distro for the security-conscious has been updated with a fresh USB installation method. Hot on the heels of Apple's latest privacy blunder, The Amnesic Incognito Live System (TAILS) has emitted version 3.12. The big news this time around is the arrival of a USB image alongside the usual ISO. ISOs, handy for burning …

  1. DCFusor Silver badge

    An ARM version might be more useful...

    Title says it all, or nearly. How many dirt-cheap SBC's are there out there...I run a few headless here, for example (VNC is a friend).

    1. Eddy Ito Silver badge

      Re: An ARM version might be more useful...

      Hmm... I wonder what it would take to give the full Tails treatment to Android. I know you can get an ARMv7 Tor Browser on Android but I really want the whole enchilada. Tordroid anyone?

      1. Ken 16 Silver badge

        Re: An ARM version might be more useful...

        CopperheadOS?

    2. doublelayer Silver badge

      Re: An ARM version might be more useful...

      Other than raspberry pis, what are you going to run the ARM version on? We have ARM servers (I'm pretty sure it's not those), and most other ARM devices won't boot normal Linux, let alone one built for a much different purpose. This is a desktop OS, and we don't have many ARM desktops.

      1. The Vociferous Time Waster

        Re: An ARM version might be more useful...

        An SD image for raspberry pi would be good - the zero W is about ten bucks so you could make a reasonably priced burner computer.

        1. doublelayer Silver badge

          Re: An ARM version might be more useful...

          Maybe, but you would need to connect it to an HDMI screen and USB input devices. That doesn't make it less disposable because you could keep those parts even if you were paranoid enough to destroy the pi (you don't need to), but it would be clunky. Unfortunately, there isn't a convenient system for using a pi portably. As much as I like it, battery performance isn't great and there isn't much hardware that can be carried without trailing wires behind you. For portable usage, the easiest solution is probably still the old-fashioned laptop.

          1. Charles 9 Silver badge

            Re: An ARM version might be more useful...

            Pi's can have screens built onto them. That's why they have special ribbon ports for display connectors. And I guess you haven't seen those micro keypads they sell all over the place. $10 each, fits in your pocket.

    3. NoneSuch
      Thumb Up

      Re: An ARM version might be more useful...

      "The TAILS gang warned that a USB stick loaded with 3.12 might fail to boot a second time"

      A "Burner" USB stick. Use it once and chuck it.

  2. Starace
    Alert

    ISOs

    "ISOs, handy for burning to a DVD or spinning up a virtual machine, are not so good when it comes to one of TAILS' strengths – running Linux without a trace."

    An image written to DVD has one big advantage over a USB stick; it's much easier to use it in a way that you *know* is read only.

    If you really want to run without a trace then no writable media is a good starting point.

    1. H in The Hague Silver badge

      Re: ISOs

      "If you really want to run without a trace then no writable media is a good starting point."

      You could put the files on a CF card, set its switch to read-only, then put it in a USB adapter.

      Would that work?

    2. MiguelC Silver badge

      Re: ISOs

      You can set the partition to read-only after burning the ISO (or use one of those drives with a built-in R/W toggle button), but it might break TAILS if it expects to use the drive's free space for anything. Need to RTFM to know more...

      1. W.S.Gosset Bronze badge

        Re: ISOs

        Hopefully the Custom Install might allow choice of a separate Swap partition?

        Although I seem vaguely to recall some hassles some years ago trying to setup more than 1 partition on a USB stick.

      2. Kastenbrust

        Re: ISOs

        In the Silk Road case and others like it we've seen law enforcement recover encryption keys by physically freezing the RAM while apprehending you, or even simply ensuring the device stays powered on and logged in, so even burning Tails to a disk isn't foolproof.

        1. TFL
          Linux

          Re: frozen-RAM attacks

          How often does that get used in practice? Keeping something powered up is certainly a thing if they can do so, but the chilled-RAM would depend on getting access to the innards pretty quickly if the suspect got it powered down fast enough.

          I do seem to recall reading about some guy who got raided, who had been using a battery-less laptop in a university somewhere. Don't recall if they got a conviction, but he'd had the cord yanked out before they could stop him.

          1. Anonymous Coward
            Anonymous Coward

            Re: frozen-RAM attacks

            Was about to mention that you could always run a laptop sans battery

          2. Robert Helpmann?? Silver badge
            Childcatcher

            Re: frozen-RAM attacks

            How often does that get used in practice?

            Keeping the machine powered on is Computer Forensics 101. If there is an opportunity to do this, it will typically be done. I find myself yelling at TV crime shows that depict law enforcement turning machines off after having just caught their suspect in the act because that is just how basic a step that is.

            1. Cynic_999 Silver badge

              Re: frozen-RAM attacks

              "

              Keeping the machine powered on is Computer Forensics 101

              "

              In theory perhaps, but in practice it's no more practical to bring a computer forensic expert to every police raid than it would be to bring a cardiac specialist to every ambulance callout, so it's only done when the suspected crime is extremely serious.

              The search officers are told to take a note/photograph of the screen contents then turn all desktops off by the mains or remove laptop batteries without shutting down in case there is software that will wipe the HDD unless a special shutdown process is used.

        2. shawnfromnh

          Re: ISOs

          So they freeze the ram. You pull the plug and everything goes away and you pull the usb stick and then format it and start again with a new identity this time. Hell freezing ram is not a problem since ram requires power to maintain and so do internet connections to download that ram information so pulling the plug basically kills their download and the evidence in one quick moment. When I was on windows I would keep the power strip on my desk so if I hit the wrong site I could just click it off and the website that locked up my PC was gone. I didn't know much back then so this was my virus prevention method back then.

  3. karlkarl Bronze badge

    Why Etcher?

    Why has everyone suddenly opted for the big old fat bloated Etcher for disk imaging on Windows?

    Why not the original classic from the early days of Raspberry Pi?

    https://sourceforge.net/projects/win32diskimager/

    Is it because Etcher is run by a company with the potential to fsck everyone over and you are all a bunch of corporate hoes? Who knows? ;)

    Did you know of the alternative?

    1. Uncle Slacky Silver badge
      Linux

      Re: Why Etcher?

      I use the even older classic "dd"...

    2. Anonymous Coward
      Anonymous Coward

      Re: Why Etcher?

      Because its typical modern nonsense.

      The current software works fine, but its name isn't cool enough and/or it isn't written in a cool enough programming language.

      So let's go reinvent the wheel and we'll call it PI because that sounds cooler.

    3. Charles 9 Silver badge

      Re: Why Etcher?

      Or is it because Win32DiskImager doesn't play nice on newer systems (64-bit, for example)? I know it tends to complain a lot on my system. A newer, modern version would be nice.

      1. Steve Evans

        Re: Why Etcher?

        Odd, I've not had any problem with Win32DiskImager on Win7 or Win10 64bit.

    4. Anonymous Coward
      Anonymous Coward

      Re: Why Etcher?

      I was wondering exactly that. On windows (at work), I use Rufus.

      Etcher came along boasting built using "web technologies". Huh? It's for writing disk images, I don't give a fuck about web technologies! How is that an advantage to me?

      The other day I installed the latest version on someone else's machine and it all became clear: it seems to exist to funnel adverts at me. It's also called balena-etcher now, which puts me off it even more. Seeing projects recommend Etcher (not even aware of the name change) is sort of as annoying / disturbing as being told to install stuff by curl | bash. Beware junk.

    5. DropBear Silver badge

      Re: Why Etcher?

      "Why has everyone suddenly opted for the big old fat bloated Etcher for disk imaging on Windows?"

      Because it is the literally sole (Yes, I looked. A lot...) image burning GUI on windows that doesn't look like it had its UI designed in the darkest ages of Win95 - control is nice when you need it, but what most people want is select image file -> select target drive -> click 'burn' -> DONE. Not eleventy billion options they have no idea what to set to. "I have been given an image file and sent here to burn it, so dammit stop asking me questions I don't know the answer to and just fucking make it happen!". And Etcher is the only one that does that. Yes, I'm perfectly capable of using any of the other ones. No, I profoundly loathe using any of them.

      "Etcher is run by a company with the potential to fsck everyone over"

      What do you mean "potential"...?!? If it wasn't clear enough how much they care about their users, take a loot at this undead feature request...

    6. shawnfromnh

      Re: Why Etcher?

      My other go to is suse studio image writer or unetbootin though suse is far superior. I think for suse image writer on arch you just search for image writer in pamac.

  4. Crazy Operations Guy Silver badge

    With Systemd? No thanks

    I can't take claims of security and privacy seriously when they are using systemd...

    1. PyLETS
      Black Helicopters

      Re: With Systemd? No thanks

      Whatever concerns you have about the way particular Unix-like systems manage background services, I think you miss the point of Tails.

      Any software sufficiently complex beyond 1970 levels of complexity isn't fully auditable and will have a bugcount proportional to the number of million lines of code, and a proportion of these bugs will be security issues, many of these undiscovered. Let's assume a high proportion of the Tor nodes operating are likely to be spying on network traffic. The human who is so operational-security minded that they can avoid leaving any trace of a real world identity behind in relation to coherently organised digital enterprises probably hasn't been born. So absolute security is unlikely to be achievable against an extremely well funded and determined adversary, proven by facts such as Russ Ulbricht's arrest and conviction despite his best efforts to cover all of his traces.

      As I understand it, Tails and Tor doesn't attempt the impossible, but instead addresses the following genuinely interesting and challenging engineering problem:

      When it comes to online privacy, which risks are sufficiently high that these need to be managed, and how can the cost to attackers be raised by the highest multiple in relation to an acceptable level of inconvenience of the technology used for this purpose by a technically adept user ?

      1. Crazy Operations Guy Silver badge

        Re: With Systemd? No thanks

        My concern isn't over tor or anything at that level, I know those things aren't perfect and I can accept those risks. My concern is that they are taking unnecessary risks at the OS level. Systemd is bloated and, from recent reports, full of holes. Security flaws that don't have to exist at all. Tor does not require much to run, it does not require systemd, nor does it require a large swath of Debian's codebase.

        My complaint is that they are claiming security and privacy, but just taking a stock, general-purpose distro to build on top of. A distro that has made compromise after compromise in the name of increasing market share over security.

        1. Charles 9 Silver badge

          Re: With Systemd? No thanks

          Well, security is a dilemma. You can't trust yourself to do it right, nor can you trust anyone else.

        2. wayward4now
          Linux

          Re: With Systemd? No thanks

          You do know that you don't have to use Debian and you don't have to use systemd??

          I have had zero problems with systemd since the very first beta trials, and it appears to solve problems related to cluster hardware automatically being restarted upon fail.

    2. Uncle Slacky Silver badge
      Thumb Up

      Re: With Systemd? No thanks

      If you want something similar without systemd (and/or 32-bit compatible) there's heads:

      https://heads.dyne.org/

  5. Anonymous Coward
    Anonymous Coward

    4.19 is yummy, didn't bat an eyelid at my Aquantia 10gig! Windows can't find a driver, obviously. So that means downloading some multi-gigabyte exe from somewhere and hoping it doesn't completely fuck my system. If I wanted to get it working in Windows, which I don't, because Windows is utter shit.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019