A Comprehensive Guide to Tails OS

Tails (The Amnesic Incognito Live System) is a free, security-focused operating system that you can start on almost any computer from a USB stick. It is designed to protect your privacy and anonymity by forcing all your internet connections through the Tor network and leaving no trace on the computer you use.

Use Case: Tails is the right tool when you need to perform a sensitive task (like researching an opponent, communicating with a journalist, or managing anonymous accounts) without leaving a digital footprint on the computer or the network.

---

Section 1: Acquiring Tails Securely

Ensuring your copy of Tails is genuine and untampered with is the most critical first step.

Step 1: Download Tails

• Navigate to the official Tails website: https://tails.net
• Go to the “Install” section and download the USB image (.img file).

Step 2: Verify Your Download (CRITICAL STEP)

Verification ensures the file you downloaded is the authentic file from the Tails developers and wasn’t corrupted or replaced with a malicious version. You will use PGP (Pretty Good Privacy) for this.

1. Install GnuPG: If you don’t have it, install a PGP tool. For Linux, it’s sudo apt-get install gnupg. For macOS, use brew install gnupg. For Windows, use Gpg4win.
2. Download the Tails Signing Key: This is a special key used by the Tails developers to sign their releases. You can download it from the Tails website or by running:

   wget https://tails.net/tails-signing.key
   

3. Import the Key: Import the key into your PGP keyring:

   gpg --import tails-signing.key
   

4. Download the Signature File: On the Tails download page, there will be a corresponding .sig file for your download. Download this file to the same directory as your .img file.
5. Verify: Open your terminal, navigate to your downloads directory, and run the verify command:

   gpg --verify tails-amd64-X.XX.img.sig tails-amd64-X.XX.img
   

   (Replace X.XX with the version number you downloaded)

   You are looking for the output “Good signature from…“. This confirms your download is authentic. Ignore any warnings about “trust.”

---

Section 2: Creating the Bootable USB

Method 1: balenaEtcher (Recommended for Most Users)

balenaEtcher is a graphical tool that works on Windows, macOS, and Linux. It is the easiest and safest method.

1. Download and install Etcher from https://www.balena.io/etcher/.
2. Open Etcher.
3. Select the Tails .img file you downloaded.
4. Select your target USB drive (at least 8GB). Be absolutely sure you have selected the correct drive, as this will erase all data on it.
5. Click “Flash!”

Method 2: dd Command (Advanced - Linux & macOS)

This command-line tool is powerful but dangerous if used incorrectly. It can easily wipe the wrong disk.

1. Identify Your USB Drive: Plug in your USB. Open a terminal and run lsblk (Linux) or diskutil list (macOS) to identify the device name (e.g., /dev/sdb, /dev/disk2).
2. Unmount the Drive: Make sure the drive is not mounted. Use umount /dev/sdX* or diskutil unmountDisk /dev/diskX.
3. Write the Image: Use the dd command. The syntax is:

   # WARNING: This command is destructive. Double-check your device name.
   sudo dd if=/path/to/your/tails.img of=/dev/sdX bs=4M status=progress
   

   (Replace /path/to/your/tails.img with the actual path and /dev/sdX with your USB device name)

---

Section 3: First Boot & Configuration

1. Boot from USB: Plug the Tails USB into the computer you want to use. Restart the computer and access the boot menu (usually by pressing F2, F10, F12, or Esc during startup). Select the USB drive to boot from.
2. Welcome Screen: On the Tails Welcome Screen, you can set a language and keyboard layout.
3. Create Encrypted Persistent Storage (Highly Recommended):
   • What it is: An encrypted section on your USB drive where you can save files, browser bookmarks, PGP keys, and some settings. This data is protected by a password and persists between reboots.
   • How to Create: On the Welcome Screen, before starting Tails, go to Applications -> Tails -> Configure Persistent Volume. Follow the on-screen instructions to create the volume and choose a strong passphrase. You will only do this once.
4. Starting Tails: After your first boot, you will be prompted to enter your Persistent Storage passphrase to unlock it each time you start Tails.

---

Section 4: Operational Security (OPSEC) Inside Tails

Using Tails is not a magic bullet. Your behavior matters.

• Do Not Log Into Personal Accounts: Do not log into your personal Google, Facebook, or other accounts inside Tails. This would link your anonymous session directly to your real identity.
• Use the Tor Browser: All your web browsing should be done through the included Tor Browser. Do not try to install other browsers.
• Be Careful with Documents: Documents can contain metadata that can identify you (e.g., author’s name, computer details). Use the “Metadata Cleaner” tool included in Tails before sharing any documents.
• Do Not Maximize Windows: The Tor Browser opens in a standard size. Maximizing it can allow websites to fingerprint your screen resolution, a potential way to de-anonymize you.

---

Section 5: Troubleshooting Common Issues

• Tails Won’t Boot: The most common issue is Secure Boot. This is a feature on modern computers that prevents unauthorized operating systems from loading. You will need to enter your computer’s BIOS/UEFI settings (usually by pressing F2 or Del on startup) and disable Secure Boot.
• Cannot Connect to Tor: If you are on a network that censors Tor (like a public library or a restrictive country), you may need to use a Tor Bridge. On the Tails Welcome Screen, you can configure Tor to use a bridge to connect.
• Persistent Volume Issues: If you forget your passphrase, your data is gone forever. There is no recovery. Write your passphrase down and store it in a secure, offline location.