What is it, who is it for, and how can it protect you
Earlier this month, American cybersecurity firm SentinelOne released a report on discovering a hacker group called ModifiedElephant, which has been operational for over a decade and allegedly planted incriminating evidence on personal devices of Indian journals, human rights activs, academics and lawyers. But is there an operating system (OS) that can help keep journals safe when navigating the internet and communicating with sources? Can it help activs, journals remain anonymous when they go online? What about politicians worried about cyber-espionage from rival interests?
If anyone believes they are threatened cyberattacks from malicious actors with considerable resources, including state and state-aligned entities, Tails OS could be their first step towards protecting their digital activities. Tails, which stands for The Amnesic Incognito Live System, is an open-source, security and privacy-focused operating system. It is based on Debian-based Linux dribution and was famously used NSA whleblower Edward Snowden to speak to journals and documentary filmmakers.
Unlike Windows and Mac OS, Linux is not built one single organisation. A Linux dribution or dro refers to an operating system made using the Linux kernel (the computer program at the core of the operating system) with other programs and applications, tailored towards a particular use case. The Linux kernel is also used for other popular operating systems including Ubuntu, Manjaro, Linux Mint and Pop!_OS.
Tails works on a simple enough premise: it is designed to be booted off a flash drive every time you use it. Tails can be used to operate a computer and access the internet without compromising user identity and data. Since Tails runs separately from the OS installed on a computer and doesn’t make use of the computer’s hard drive. It also does not store any data, which can make it incredibly complicated and annoying to use for most people. In theory, it can offer protection to users even on a compromised system.
Here’s a closer look at the Tails operating system, and how you can safely install it on any flash drive.
What is Tails? What are its features?
Tails was first released in 2009 and has been receiving financial support from the Tor project from its early stages till today. Other sponsors include the United States Bureau of Democracy, Human Rights and Labor, the Mozilla foundation and alternative search engine company DuckDuckGo. default, the OS routes all internet traffic through the Tor network, a free worldwide volunteer network that uses a series of relays to obfuscate internet activity.
When you browse the internet through the Tor network, activity is encrypted and passed through three relays. The first relay may know where you are requesting information from, but not where you are accessing it from or even what it is. The second relay will not know where you are requesting information from, but it will know where you are accessing it from. The connection to the final destination is often encrypted to ensure that the relay cannot read it.
Once you boot Tails from a USB flash drive, the system you are using is temporarily turned into a secure device, provided you followed the right steps to get Tails in the first place. Since it doesn’t use the computer’s storage and runs off the flash drive and the computer’s memory, it has a feature called Amnesia where all this data is automatically deleted any time you leave the OS.
In essence, you start with a clean slate each time you login. But this is not to say that you will lose all your files and storage each time you use the operating system. It also has a feature called persent storage where you can use the extra space available in the flash drive with the OS to permanently store files and configuration. The OS encrypts these stored files default.
Tails also comes with a host of open-source tools and software that can be used to operate and communicate securely, including the Tor Browser with uBlock ad blocker built in, Thunderbird which is an email client that encrypts emails, KeePassXC which is a password manager and OnionShare to share files over Tor among others.
In order to use Tails, you need either an empty flash drive or an empty DVD with at least 8GB of free space (remember that any data on them would be deleted while installing). Other requirements include a computer with at least 2GB of RAM and a processor with 64-bit x86-64 compatibility. Do note that this might not be enough for some systems that have Linux compatibility issues.
How do I make sure I have a safe version of Tails?
The first thing you need to know before you use Tails is that even though it is quite secure and anonymous in comparison with other operating systems, it is not bulletproof. It is not a miracle solution. You also need to do your own research to ensure that Tails is the right choice for you.
Once you make that decision, you need to remember that Tails could get compromised if you are installing it onto a flash drive from a compromised or infected device in the first place. You could also be using a modified version that has been compromised bad actors. This is why it is recommended that you get Tails cloning it from someone you trust. But since that isn’t always possible, it is important to know how to download and install Tails on a flash drive while using a (non-compromised and non-infected) Windows machine.
“Be sure they download Tails from the official website. You must also verify that the website certificate is genuine and valid,” Jean-Pierre Leseur, cybersecurity researcher and independent programmer told indianexpress.com. Leseur is the original developer of the malware DarkComet, which was modified and deployed hacking group ModifiedElephant against Indian citizens. He also recommends that you read the Tails website and attached documentation very rigorously to ensure that it is right for your use case.
Click on the lock icon next to the address bar on your browser to verify the website certificate.
This is what the certificate should look like.
“They can download the ISO and when it is done, ensure the image is clean. They need to calculate the hash of the ISO file and compare it with the one in the official Tails website,” Leseur added.
He is referring to the hash of the OS image file created using SHA 256 (Secure Hash Algorithm). This algorithm turns any file into a unique output that is 256 bits long. In order to ensure the integrity of the Tails image file you have downloaded, you need to calculate its SHA 256 hash and make sure it matches the hash value given on the Tails website.
First, you need to open the command prompt on your system searching for it using the search function in the Taskbar.
Once the command prompt is open, you need to enter the following command: certutil -hashfile [File Path] SHA256.
You need to replace [File Path] with the exact file path to where the image file is on your computer. For us, the file was in the D drive, so the command looked like: certutil -hashfile D:/tails-amd64-4.27.img.
Make sure that the hash value matches to ensue the file hasn’t been tampered with.
After the hash has been generated, compare it with the one on the website to ensure that they match exactly.
After ensuring that both the hash and the size of the file matches that on the official Tails website, you can proceed to install the OS on the flash drive. The Tails website recommends balenaEtcher, a free and open-source utility, for flashing the image file onto a pen drive.
But since we have had mixed experiences with flashing using balenaEtcher, we recommend Rufus, another free and open-source tool for creating bootable USB drives.
Rufus can be downloaded as a portable executable file from its website (rufus.ie/en). After downloading Rufus, insert the pen drive you want to flash the OS to and open Rufus. In the dialog box that appears, select the flash drive you inserted in the “Device” dropdown menu and select the Tails file you want to flash in the “Boot Selection” entry.
You can leave the default option on other entries. Hit start.
Select the file you want to flash and the drive you want to flash it to.
You can leave the rest of the options in their default setting.
Once the image file is flashed onto the USB, you now have a working copy of the Tails operating system.
Remove the USB from the computer and you are ready to boot Tails OS from any compatible Windows computer.
On the computer you want to boot the OS, click on the start menu. Next, hold the shift key and hit Power+Restart, which will open up a “Choose Option” screen. From there, follow these instructions from Tails to boot up the OS from the right drive.
That’s it. You now have access to Tails on your PC. Of course, as we’ve noted above, this is not software geared for common folks. But if you are one of those who is worried about threats to your online safety, then this is definitely an option you can consider, provided you are prepared to handle the learning curve that comes with this software.