Tails is the secure system that protected Edward Snowden. Here’s how it works.
By Russell Brandom
From the moment you boot up, your computer leaves footprints. Websites leave tracking cookies, following you from page to page and session to session, alongside the usual traces left by your IP address. Persistent logins from Google and Facebook tie each site visit to your offline identity. If anyone really wants to go after you, they can also make a direct attack, targeting malware to track your movements in the background. With the right tools, a computer is an open book.
Not this computer, though. It’s running Tails, an open-source operating system designed to leave as little trace as possible,
launching version 1.0 today after more than five years of open development. It’s an amnesiac system, which means it’s completely fresh every time you boot up. There are no save files, no new programs, and most importantly, it becomes a blank slate the moment you shut down. It’s the digital equivalent of buying a new computer for a single session and tossing it into the river once you’re done.
That trick has earned Tails a lot of attention. It’s already standard software at Glenn Greenwald’s First Look Media, where he’s
called it “vital to my ability to work securely on the NSA story.” Tor researcher Jacob Appelbaum praised the project onstage at this year’s Chaos Communications Congress, and in March Tails received a $50,000 grant to keep the project going. Nearly 8,500 computers booted up with Tails on a given day in March, 500 more than the month before. Those are surprisingly high numbers for a project that’s this hard to use, and does this little. But if you need a secure line, Tails is the best way to get it. In the era of the NSA, that’s a rare thing.
Making it work
Tails works by booting your computer off of an external disk — usually a USB drive, an SD card or a CD — but getting Tails onto the right storage drive is harder than it sounds. Ideally, you’d keep it on a CD: once it’s burned into the plastic, the code can’t be changed, making it completely immune to malware. But with new versions being released every few months (and plenty of laptops going without CD drives), a USB stick can be more convenient. We used
Rufus to make a bootable version on a USB drive and SD card, but even then,
certain flash drives simply won’t work with Tails. There are ways to add encrypted storage or persistent programs too, but each extra feature is also a new chance for security problems.
THERE ARE LOTS OF WAYS TO ACCIDENTALLY BREAK YOUR OWN SECURITY
Getting Tails onto a computer isn’t straightforward either. There’s
a long list of computers that can’t run the OS, and it includes most of the computers made by Apple. We spent the better part of a day trying to launch it on a Toshiba Kirabook, only to have Windows 8 punch through every time. It ends up working best on machines that are Linux-friendly, without anything like a high-powered video card to trip things up. There are a few different stable setups, but lots of ways to accidentally break your own security.
In exchange for all the troubleshooting, you get an unusual kind of anonymity. Keeping the operating system on a disk means you’re operating independent of the computer, picking nothing up and leaving nothing behind. It also makes your setup portable. You can launch Tails from an internet cafe and know that none of the programs on the public computer will get in the way of what you’re doing. The new versions of Tails will even hide you within a local network, randomizing the computer’s MAC address to make you even harder to track. None of the methods are completely impenetrable, but together they add up to a major headache for anyone trying to follow you across the web.
EVEN IF THE DEVELOPERS WANTED TO PUT IN A BACKDOOR, THEY COULDN’T
Getting there has been a five-year process, with developers working in their spare time on a miniscule budget —
less than $60,000 a year in donations, before the recent grant. The code has been open for review at every stage, and after each release, auditors have found holes in Tails’ security, creative ways an attacker might circumvent the program. The holes are patched a few months later, then new holes are discovered, then those holes are patched a few months after that. By now, this process has repeated
more than 30 times. It’s the nature of open-source development, a messy, public process that produces secure software through a slow grind of bug hunts. That parade of public security failings is meant to make users feel safe. If there’s a problem in security at any level, you’ll know about it, and the team will be under pressure to fix it as soon as possible. It’s the same open workflow that built Tor and PGP, and stumbled more recently with the Heartbleed bug. But it means that even if the developers wanted to put in a backdoor, they couldn’t.
Even more remarkable, no one knows who’s behind it all. The development team works under pseudonyms and their legal names have never been publicly revealed. “Some of us want to remain anonymous,” the Tails developers told me from a group email account. “Some of us simply believe that our work, what we do, and how we do it, should be enough.”
A smaller, safer internet
If you’ve never worked with secure software, actually using Tails can be a strange experience. It’s got the same applications as a regular computer — web browsing, email, chat — but they’re not like you remember. The desktop looks and feels like Linux (Tails is based on the Debian distribution), but the programs all lead you to privacy by default. Instead of Outlook or Thunderbird, there’s
Claws Mail, a more encryption-friendly email client that also happens to be open source. Instead of Chrome or Firefox, you’ll use a Tor browser, routing your traffic through a web of intermediaries to shake off anyone who might be following. It’s slower and the anonymity also limits where you can go. As soon as you log into a site — whether it’s buying something on Amazon or just checking Twitter — you’ve revealed who you are, and all Tor’s protections go out the window. The same goes for credit cards, which also means you can’t use paid services unless you trust them not to turn over your records. There are ways around it (bitcoin, for a start), but few are easy and none are perfect.
SUDDENLY, THE WEB FEELS CLAUSTROPHOBICALLY SMALL
The simplest service is encrypted chat, run through the Pidgin client. This is Tails’ killer app, the simplest and most protected thing you can do with the software. You’ll need a Jabber host to make it work: I used Jabb3r.org but there are
plenty of others. Once your login is set up, the service feels just like Gchat or AIM, but it offers about as much security as you can get on commercial hardware. The service still leaks metadata, so whoever runs your Jabber server can see who you’re talking to and when, but the conversation itself is forward encrypted, indecipherable even if someone gets the keys after the fact.
Of course, you’ll need accounts and passwords for all those, and you can’t save them on the computer so you’ll have to either physically write them down or set up a login with Tails’ onboard password keeper. Even with that list of logins, the web feels almost claustrophobically small. There’s none of the open, do-anything-you-can-think-of feeling that comes with normal browsing. Most of what you can do with Tails is based on accounts you’ve painstakingly set up in advance. Anything else is too risky. As you start using more products and more infrastructure, you inevitably make yourself more exposed.
If that sounds hard, it should, but it’s not because of Tails. Security is hard, no matter how you get there. It requires discipline, from simple tasks like managing passwords to the more complicated opsec dance that keeps different identities from crossing paths. It means staying away from identity services like Google and Facebook entirely, cutting off decades’ worth of services. But while privacy and security might not have a central place in today’s web, they’re still possible. Tails proves that, whittling the secure computer down to the size of a USB stick. It’s still hard, sure, but it’s not impossible. After a yearlong parade of depressing surveillance news, that might be the most impressive feat of all.
Photography by Michael Shane and Sean O’Kane.