Image: Tails. Every computer geek has been asked to share the magic button. Such that you click, and everything is encrypted by itself. I pressed it again and it was decrypted. He said in a whisper “Geminio!” — a backup has occurred. People dream of simple, beautiful, free and effective solutions.
Sometimes dreams come true. For example, I know of a device that could be installed in a desktop computer case. Inside, the miracle machine was an electric hole punch. Outside, on the front panel of the system unit, there was a button. When trouble arrived on the doorstep of an office or apartment, the computer owner vigorously pressed a button, and the hole punch literally punched the hard drive. So that the “enemy” does not get the data. Clearly, there was a risk in a stressful situation of confusing the hole punch button with the power button. What can I say? Magic is often imperfect.
· Tails
First of all, you should get to know the main character of this article.
Without this OS, there would be no need to try to open the door to the world of anonymity. Tails is used more than 20,000 times a day, and journalists and human rights activists use Tails to denounce wrongdoing by governments and corporations. TheAmnesicIncognitoLiveSystem is an operating system that you can run on almost any computer from a USB drive or DVD. This OS is aimed at maintaining your privacy and anonymity will help you use the Internet anonymously and bypass censorship - all connections are forced to go through the TOR network, as well as leave no traces on the computer you use and use the latest cryptographic tools to encrypt your files, email, instant messaging and hiding all files and directories on electronic media.
Results
Tails is the most well-known anonymous operating system available in the public domain. The best advertisement for the OS is that Edward Snowden himself used it, and he recommends Tails to all users who care about their anonymity, especially when accessing the World Wide Web.
Currently, version 1.1 of Tails is available, but plans are already known to work on versions 2.0 and 3.0, in which the process of integrating updates will be accelerated, which will make it possible to quickly close the vulnerabilities found in the applications and Linux OS used. Work will also be carried out to further improve the security of the system and mechanisms for maintaining user anonymity.
While the majority of developers continue to work on Tails for PCs and laptops, a small number of programmers are focused on creating Tails for mobile devices running Android and Ubuntu, the release of which will most likely be announced in the near future.
· Installation of Tails
Well, let's start installing this miracle. We will need one USB 8GB (min.), Etcher program and half an hour of time.
First of all, we go here and download the image directly. In my case, this is version 3.12, then download the Etcher program to install our OS from the official website, after which we proceed with the installation. The interface of this program is intuitive: select the OS image, flash drive and press start. The process takes about 5 minutes. After the image download is completed, without disconnecting the USB, reboot the computer, go into the BIOS and select the flash drive as the boot device. Next, we boot from it.
Password management
One of the best uses for persistent storage is to keep track of all your passwords. You need to use different strong passwords for each website and application that needs them. Unfortunately, it is almost impossible to track them all without computer help.
To solve this problem, the distribution comes with KeePassX, an open quality password manager.
KeePassX official website.
You can use it to keep track of all your passwords. After that, you just need to remember one password that will unlock this application.
· Tails Preset
Now you will see the Greeting menu, it will greet you every time you log in and I advise you to always apply the following settings. You need to go to additional settings, where you set the administrator password, MAC address spoofing, connection via Tor and bridges.
And again we need the “applications” tab. Go to the TAILS folder and Configure persistent volume.
We went to Persistent Wizard. First, we set a password, you will need to enter it every time you turn on Tails, then we see a number of options with options - those files and settings that should be saved, check the box on what you want.
Beginning of work
After booting from a working flash drive, we will need to create a permanent protected partition, a kind of “hard drive on a flash drive.” This is done through Application → Tails → Configure Persistence.
We restart the computer and on the loading screen select Use Persistence and More Options, after which we enter the password for our storage.
Select the region from the menu at the bottom of the screen. This is important because Tor entry nodes depend on the region. This is where you should experiment. In my case, Denmark was the best choice.
In the advanced settings menu, set a password for programs that require administrator rights. You can install any one, it works within the session and does not affect anything else.
Keep in mind that the download takes some time, and then Tails will still connect to Tor for a few minutes. You can track the process by clicking on the Onion Circuits icon - the onion in the upper right corner of the screen.
After some time, Tails will inform you that it has successfully connected to Tor. By default, the network is configured so that all traffic will go through it. Now you can download everything we need for work.
· Saving files and settings Persistent Volume
Before you upgrade your Tails, you need to learn how to save the results of your improvements. Tails is not designed to retain programs, settings, and files installed on it when turned off. But the developers have provided the ability to save certain data in a persistent partition that we created earlier. For example, to install a program, you need to go to the Synaptic package manager, specify a new program repository and select the one you need. And to simply save some files, move them to Home/Persistent.
So, despite the fact that the work session itself is not saved when the computer is turned off, APT packages (settings, browser extensions, etc.) with the correct settings will be saved in the persistent partition. This makes it possible to deploy all the necessary programs during the boot process of the operating system.
Advantages and Disadvantages of Talis Linux
The advantages of the OS include:
- Ability to install additional programs;
- Storing encrypted information on removable media with Tails OS;
- Ability to use persistent storage on third-party operating systems;
- Independent change of program configuration.
The operating system includes the following disadvantages:
- Security threat to persistent storage when using third-party operating systems;
- Reduced protection level if the program is not installed by default;
- Weakening of anonymity as a result of changes in program configuration;
· Data protection in Persistent Volume
Persistent Volume is encrypted by default, but there is one problem - anything can be decrypted, but not found. To make our persistent partition impossible to detect, we use something better than what the developers recommend.
The hidden section is not very convenient to use, so install this program only if you need it; if you do not need TrueCrypt, skip this step.
So, the Tails developers recommend using Cryptsetup, but the section created by this tool is hidden quite well. Why create such a section if it can be found, so we will use TrueCrypt, the section created by this tool cannot be detected. PS Despite the fact that the TrueCrypt project was closed back in 2014, it is suitable for us, since there were people who continued the development.
The TrueCrypt section is hidden so that the OS will not find it until you enter the required password. Therefore, while writing files to our hidden partition, it may get damaged. In order not to damage the dogs in the hidden section, when creating it you need to check the box, as in the screenshot below.
Communication
Now that we have secured our information, we can begin to transfer it, that is, to communicate. Let's start with Pidgin. It's great as an IRC client, and Tails has beefed it up a bit. The OS includes Pidgin with an installed plugin for the OTR protocol. It is he who interests us most. Avoiding complex mathematics, we can say that this protocol provides secure data transmission with the possibility of retraction, that is, it is impossible to prove that a specific message was written by a specific person.
Before you can start chatting with someone over OTR, you need to connect to an IRC server. It is very important to make sure that SSL is used. Tor encrypts traffic as it passes between nodes, but unless you use SSL, your traffic will be transmitted in clear text to the Tor entry node and from the exit node to the destination. Some Tor nodes are banned from IRC servers, so you may need to restart Tor. This can be done with the /etc/init.d/tor restart command.
After the connection to the server is established, select Buddies → New Instant Message.
In the dialog window that opens, select Not Private → Start Private Conversation.
You will be offered three options for authentication: enter the answer to the secret question that you discussed with your interlocutor in advance (in this case, you must enter the same answer, spaces and case are counted); enter a general “secret” phrase; check fingerprint - this is a forty-character sequence that identifies the OTR user.
Now you can correspond via OTR. But what about voice communication? Here, alas, not everything is smooth. Since Tails routes all traffic through Tor, it poses a number of challenges for voice communication. First, most VoIP programs use UDP, while Tor only supports TCP packets. Secondly, Tor is not very fast and packets sometimes arrive with a significant delay. So there may be delays and disconnections.
However, there is OnionPhone, a special plugin for TorChat. Mumble also works well, although this option is less secure. For Mumble to work through Tor, you need to launch it with the torify mumble command, and also select the Force TCP option in the program’s network settings.
· TOR browser
This browser is known to everyone interested in Internet security and to anyone who has at least once tried to bypass various blocks, be it rutracker or any other blocked services.
The first tab we need is “Browser Privacy”. We'll always set it to work in private browsing mode, always enable tracking protection, and turn on everything for fake and deceptive content.
Now click on TorButton, this button is to the left of the search bar. Here we select the maximum level of protection.
The strongest browser defender is, of course, “Add-ons”, they will protect you from tracking when surfing the Internet, malicious sites will be blocked.
Some of them are already installed in TOR in advance by the developers, but they do not provide complete protection Disconnect
- Confidential Ad Blocker: Blocks google analytics/Yandex statistics trackers, etc. - the main means of tracking your browsing history, location and many other data.
Adblock Plus
— Blocks trackers, mining, advertising, etc.
User-Agent Switcher
- Automatically changes your computer\browser fingerprint.
Man in the Middle
- Protects against Internet traffic interception\MITM attacks.
This extension can be hidden from the extensions panel. Disable WebRTC
- The WebRTC protocol reveals the real ip, the TOR connection chain and other data, even if you use other security measures, so let's disable this protocol.
Now you need to configure these extensions.
NoScript
- this extension must be configured depending on the level of protection you want to have.
But it is important to remember that if you check all the boxes, most sites will not work correctly. Https Everywhere
- click on the button for this add-on and check both boxes.
AdBlock Plus
- Go to the settings and in the “third-party filters” it is advisable to select additional databases.
User-Agent Switcher
- Here we select a 25% spread and all UserAgents.
Operating system vulnerabilities How vulnerable are the most common operating systems?
Si you are using a regular operating system , you will have to continue reading because you will find the most important vulnerabilities .
Date of departure:
window
The critical points of a computer running Windows operating system are:
- L' The Cortana virtual assistant can be intercepted and therefore the instructions given to it can be decrypted.
- Temporary internet files are not automatically deleted so that any spyware can remain on the device for a long time until you remove it manually.
- Script crossovers are another point to consider when talking about Windows vulnerabilities. This software is installed without the user's consent through the computer and is used to track the activities performed.
- Finally, Windows Updates are not always effective in patching and protecting against new malware, leaving the operating system vulnerable from this point of view.
- Access to the microphone and camera of some apps is considered a weak point that should be kept in mind if you need to protect your privacy.
MacOS
Regarding the Apple operating system for computers, the following vulnerabilities can be found:
- Purchase history is a point that should be taken into account from a user privacy perspective. This type of information is not deleted automatically in iTunes or iCloud.
- Applications can access à iCloud if they are not configured correctly, so there is user intervention due to which the OS has low security needs.
- Find My Mac apps for laptops allow access to the device's location and therefore the user's location, which can compromise privacy.
- One configuration correcte cookies, computer browsing history and blocking la advertising on the Internet can also be considered a vulnerability of the OS, since it does not automatically limit these parameters for the user.
· Attached
Well, you are protected from tracking and can start surfing the Internet with peace of mind, but Tails also has software already included with the OS, and I’ll tell you about it
· Communication
For communication, Tails is equipped with Pidgin, OnionShare and Thunderbird. Let's deal with everything in order. Pidgin acts as a chat client with an add-on installed for encrypting messages, OnionShare will help you share files, and Thunderbird will help you with email.
· Encryption and privacy
Since this OS is focused on anonymity and security, the development team has invested quite a lot of interesting tools for anonymization. For example, the MAT program, it erases file metadata, which can reveal a lot of personal information about the creator. As I said earlier, there are many such programs in Tails, so you can view a list of them on the developer's website or explore on your own
· Other useful software
The creators did not skimp on software useful to any user: LibreOffice, Gimp and Inkscape, pdf-redact-tools and some others.
List of the Most Secure Tails Alternatives to Linux Distros You Should Know About
If you want to use other secure Linux distributions and Tails alternatives, you can choose the most suitable one from the following list:
Dragora.org
Ideal for those who want to start the Linux journey. , you can use this GNU which stands out for the simplicity offered by its features to keep your data private. You can download them and learn the technical aspects Linux distribution together .
debian.org
This operation system will offer you important utilities to protect the privacy of your data when you browse the Internet. It is based on the Linux kernel and FreeBSD. , so it becomes a reliable tool that receives constant updates.
PureOS.net
The facility that it offers and the protection that it offers to the user are two of the most remarkable features of this Linux distribution. . It is based on Debian, so stability and updates are guaranteed. You can easily adapt the source codes and make it the ideal operating system for you.
If you have any questions, please leave them in the comments, we will get back to you as soon as possible, it will be a great help for more community members. Je vous remercie!
0 255 5 minutes to read
Facebook Twitter LinkedIn Tumblr Pinterest Reddit. VKontakte Share by email print
