Tails 0.10 is out

by tails | January 11, 2012

The Amnesic Incognito Live System (Tails), version 0.10, is out.

Changes

Notable user-visible changes include:

  • Tor: upgrade to 0.2.2.35-1.
  • Iceweasel
    • Install Iceweasel 9.0 from the Debian Mozilla team's APT repository.
    • Update Torbutton to 1.4.5.1-1.
    • Support viewing any YouTube video that is available in HTML5 format.
    • Use Scroogle (any languages) instead of Scroogle (English only) when booted in English. Many users choose English because their own language is not supported yet; let's not hide them search results in their own language.
    • Install the NoScript Firefox extension; configure it the same way as the TBB does.
    • Disable third-party cookies. They can be used to track users, which is bad. Besides, this is what TBB has been doing for years.
  • Do not transparently proxy outgoing Internet connections through Tor. Instead drop all non-Torified Internet traffic. Hence applications has to be explicitly configured to use Tor in order to reach the Internet from now on.
  • Software
    • Upgrade Vidalia to 0.2.15-1+tails1. This version will not warn about new Tor versions (this is handled by Tails security check instead).
    • Upgrade MAT to 0.2.2-1~bpo60+1.
    • Upgrade VirtualBox guest software to 4.1.6-dfsg-2~bpo60+1, built against the ABI of X.Org backports.
    • Upgrade I2P to 0.8.11; the start script (which was broken in Tails 0.9) is now fixed.
    • Install unar (The Unarchiver) instead of the non-free unrar.
    • Install Nautilus Wipe instead of custom Nautilus scripts.
  • Hardware support
    • Upgrade Linux kernel to 3.1.6-1.
    • Upgrade to X.Org from squeeze-backports.
    • Install more, and more recent b43 firmwares.
    • Upgrade barry to 0.15-1.2~bpo60+1.
  • Internationalization
    • Add basic language support for Russian, Farsi and Vietnamese.
    • Install some Indic fonts.
    • Install some Russian fonts.
    • Add Alt+Shift shortcut to switch keyboard layout.
  • Miscellaneous
    • Support booting in "Windows XP-like camouflage mode".
    • Do not fetch APT translation files. Running apt-get update is heavy enough.
    • Add MSN support thanks to msn-pecan.
    • Add custom SSH client configuration:
      • Prefer strong ciphers and MACs.
      • Enable maximum compression level.
      • Explicitly disable X11 forwarding.
      • Connect as root by default, to prevent fingerprinting when username was not specified.
    • Replace flawed FireGPG with a home-made GnuPG encryption applet; install a feature-stripped FireGPG that redirects users to the documentation, and don't run Seahorse applet anymore.
    • Blank screen when lid is closed, rather than shutting down the system. The shutdown "feature" has caused data losses for too many people, it seems. There are many other ways a Tails system can be shut down in a hurry these days.
    • Fix bug in the Pidgin nick generation that resulted in the nick "XXX_NICK_XXX" once out of twenty.
    • Pre-configure the #tor IRC discussion channel in Pidgin.
    • Reintroduce the htpdate notification, telling users when it's safe to use Tor Hidden Services.
    • Various htpdate improvements.

Plus the usual bunch of minor bug reports and improvements.

See the online Changelog for technical details.

I want to try it / to upgrade!

See the Getting started page.

Known issue

The memory erasure on Tails shutdown cannot guarantee that all memory in the 2 GB to 4 GB region is wiped. The improvements made in Tails 0.10 should at least make the situation better than previously.

Comments

Please note that the comment area below has been archived.

January 12, 2012

Permalink

Hi,
I'm from Iran and when I open "https://tails.boum.org", IE show this message:
"There is a problem with this website's security certificate"
Tis problem is from my PC, My Network or sth else.
Can u guide me plz?

yahoo (and other big websites) are a mess of scripts calling scripts. there are too many things to go wrong.

you could try yahoo's POP and SMTP through email software. yahoo cannot wreck that as easily as they can wreck webpages.
you'd have too look at guide to setup email through tor.

and if not at home, i think you need a portable email software on your usb.
sorry, that I am guessing at this, because I've never used many portable programs.

January 14, 2012

Permalink

Could I ask Tails developers to include nvidia drivers into iso, if possible.
My PC doesn't work properly without nvidia drivers and gnome screen is almost not readable.

I doubt they'll ever include proprietary drivers, in fact I doubt it's legally possible, there is no live cd I know which comes with them. Nouveau is getting there. You could also create your own iso with the drivers included.

January 14, 2012

Permalink

Tails is crap, and I'm being nice here. Bloated, contains HAMRADIO and PACKET RADIO modules which no one in their right mind would use on a distro aimed at Tor use (and in the US, most if not all encrypted radio comms are illegal per FCC regs I believe, disregarding cell phones and the like consumer appliances which have backdoors anyway), I don't even believe 1% of Linux users use them, yet they're generated right there in the directories.

Google about ham radio / packet radio modules and their use over wireless devices, ethernet, and sound cards, there's some serious shady actions going on I can tell you from my observations with different distributions and these driver modules being rolled into them on many distributions of Linux.

The first agenda on your boot-to-Linux distribution is to check for these likely SPOOK friendly modules, generated in these two directories on Ubuntu, Debian, and some other distributions. First, DELETE all of your kernel headers and compiling tools so the SPOOKS can't reload them, install ARPWATCH and watch for ARP and DNS poisoning.

Now look for these modules and DELETE THEM with sudo or su depending on your distro: (kernelversion below should be replaced by your kernel version, you can just hit TAB once you're in /lib/modules since there should only be one kernel on your drive)

/lib/modules/kernelversion/kernel/net
^ in that directory if you don't use bluetooth, delete everything in bluetooth dir
^ while you're there, locate the following directories and delete the contents:
directory names: can, ax25, x25, rose, netrom, ipx, appletalk
delete the subdirectories, too

run the killall command with sudo to stop bluetoothd and the bluetooth applet if you don't use them (I wouldn't!), and check lsmod | grep bluetooth, it's running and you should disable it, so when you type sudo rmmod bluetooth it'll say two other processes are using it, rmmod both of them, one of them is rfcomm, then remove bluetooth.

now venture into:

/lib/modules/kernelversion/kernel/drivers/net
^ in this directory, if you don't use bluetooth, delete everything in bluetooth dir
^ locate the following directories and delete the contents:
directory names: can, ax25, x25, rose, netrom, ipx, appletalk

ALSO: in one of the above top dirs, you'll find a HAMRADIO directory, delete everything inside. Some of these modules are blacklisted in a blacklist rare conf file, but this DOES NOT prevent them from being loaded, especially by SPOOKS/hacker slime.

If you're on a LiveCD install, don't bother removing them it's futile because the CD itself contains the headers and modules which the BACKDOOR BANDITS which control the airwaves can REINSTALL.

To find information on these modules, type modinfo and the module name, for example, you're in an ax25 directory, type modinfo ax25 and it will tell you more about the module, but many modules don't say anything, which leads me to believe there's more PACKET RADIO/HAMRADIO spyware located within these modules apart from the ones I've mentioned. There's no earthly good reason for these modules to exist, nor kernel headers, on a Linux distro vanilla install, ESPECIALLY NOT ON TAILS which should be geared towards the support of PRIVACY.

And why does my cd-rom drive light flash like crazy when I'm sitting at the Tails desktop with no programs running aside from the default? My hard drives and all writable mediums are UNPLUGGED along with their power cords.

Why is it so bloated, why so many applications? LESS IS MORE! I recommend everyone NOT use Tails until it improves. I couldn't believe my eyes when I saw CUPS daemon was loaded, on a security distro LiveCD? You've GOT TO BE kidding me.

People, if you want to make a CD geared towards privacy, cut down the apps to only those required, let the users decide if they want to add potentially buggy packages which may affect their privacy and security and for Buddha's sake, GET RID OF THE HAM RADIO/PACKET RADIO modules! Do you REALLY believe anyone is using any of these modules with Tor? If you do I have a bag of magic beans to tell you. And what the heck is CAN? A protocol for BANKS? You can't tell me this is something you need on such a CD.

You folks need to strip your distro down to the bare basics and start over, what you have, in my opinion, is a bloated messy .iso of junk, thrown together without serious thought to privacy and security of end users, with Tor just happening to be included.

Keep tabs on the activity of your system with snapshots and a simple command:

sudo find /usr/bin -mtime -60

(60 equals 60 minutes)

Turn your system on, boot from Tails or any other LiveCD and wait for a day, maybe two, maybe three, and issue that command to discover files having been modified and secured against virus scanning with various tools. It's a field day for LiveCDs which include kernel headers, ham/packet radio modules, and applications which are likely to contain bugs. Your CDROM drive light flashing while you're doing NOTHING is one indication of a hacker/SPOOK attack, especially so when you're not connected to a wireless/wired connection! This isn't a conspiracy, this is FACT!

If this post is not approved, I won't be shocked, if it is refuted with lame attempts, I'm guessing one or the other will occur, shame on you.

I love the idea of Tails, I hope for its future, and I wish the developers a great New Year.

"This isn't a conspiracy, this is FACT!

If this post is not approved, I won't be shocked, if it is refuted with lame attempts, I'm guessing one or the other will occur, shame on you."

You might call it refuting but this is an attempt to resolve some of your misunderstanding and half-knowledge.

First the things you got right:
It's absolutely true that a security focused distro needs to be stripped down, Tails isn't. Tail is a general purpose OS retrofitted to be a Privacy distro. There is a simple reason for that: It's simple and works. Rolling your own distro without the backing of a project as large as Debian is difficult, maintaining and auditing it with a consistent QA borders impossible.
Software bloat gives yields of attack surface and makes the system slower, less reliable and less trustworthy as you need to trust more developers to not mess up and introduce bugs and to not include backdoors.

It's also true that Tails comes with lots of applications that not only "likely" but with certainty contain bugs, loads of them. It has to be noted that choosing Debian as the base was a particular poor decision in terms of software security. Debian is the only mainstream distro that doesn't use the usual hardening features of gcc nor any security enhancing kernel patches.

Now to the things you didn't quite get right:
The radio kernel modules:

The Linux kernel contains hundreds of drivers for thousands of devices, it supports more hardware than any other OS. Debian ships with a default kernel that has most of them enabled because that's what its users and developers want: support loads of hardware. By using the Debian kernel Tails benefits from having many eyeballs to check for security and privacy issues, it supports a lot of hardware out of the box and gets the stability of a well tested enterprise distro.
For local kernel exploits these modules represent another potential security risk but they are absolutely 100% harmless w.r.t. hacking or leaking "over the radio waves". Typical PCs and Laptops don't have ham radios connected! In the remote case that there are one or two Tails user who runs Tails on their ham radio computer they might want to have that hardware available and if not, they'd sure know how to turn them off.

the "mysterious CDROM drive light":
Ever heard of cron jobs? services?
Just because you aren't actively loading files or GUI programs from the disk doesn't mean there is no disc activity.

If you think there are backdoors somewhere in FOSS code please download the code, audit it (or hire someone to do that for you), compile it and compare with official verified download of the binary. Then release with the proof. If you don't want to got through this length we'd all appreciate if you posted your theories and opinions labeled as that and not as capital "facts".

Please don't start randomly deleting header files and compiler tools, there's apt-get remove and if you have issues with the kernel please read the relevant documentation on recompiling the kernel.

Debian is a piece of junk. Critical security updates are released almost as frequently as for windows vista.

TAILS should have been designed with OpenBSD (with a graphic interface)

Oh, on the contrary. Debian has a good record of quickly releasing security patches. Among the mainstream distros it probably ranks #2 after RHEL and Fedora and is better than Ubuntu for example (don't make me dig up the reference). Remember that outdated versions don't equal vulnerable, Debian backports security patches to stable versions. In any case there's also testing and unstable.

OpenBSD would not be a great choice, it does not have any sort of Mandatory Access Control and it doesn't have signed updates or releases which is inexcusable for such security focused OS.

The natural choice is Gentoo Hardened with full PIE, Grsecurity and a MAC of your choosing.

"Debian is the only mainstream distro that doesn't use the usual hardening features of gcc nor any security enhancing kernel patches."

Is this true for the *buntus as well?

till now tails is the only distro available for next door users in the need of privacy, as activists and such, aka its an useful tool for such people.
of course it couldnt be the ultimate and perfect solution, but it does helps loads of people without computer skills, to stay anonymous.
for those of you criticizing it, why dont you guys get togheter to improve it and/or build up a decent alternative instead to complain?
thats what should come out from intelligent people caring about the same topic...rest is just bullshit from my modest point of view.
thanks to tails devs for their work, wich i suppose is open to everyone for suggestions impriovements and alternatives, talking shit without taking actions, is just bullshit.
peace.

lot of activists with no computer skills are actually using it to stay anonymous around the world while fighting for freedom they usually have no time to become skilled due to their messed up political situations. tails can be very useful for them.

criticizing with no action don-t mix well ...thats why.

im curious, can you please prove with facts why you think it only gives a false sense of security?
did you check the whole code, if so, whats wrong with it? why you guys dont trust it?
and last but not least...are you able to improve it and/or suggest a decent alternative?
what im tryng to say is that we should all care for the same topic, and try to do our best to build up a better society, both inside and outside the net. criticizing something, without improving it is pointless.
cheers.

Me again, in response to this statement:
"lot of activists with no computer skills are actually using it to stay anonymous"
note: I took the "no computer skills" quite literally.

This isn't specific to Tails but to every technology that provides security/anonymity. It's obvious to us but there is this notion that by using these tools one would "magically" be protected (if you don't understand how something works it seems "like magic", that's one definition for the latter). Just like tools can be used for good and evil it all depends on how one uses the tools: securely and conscious of the risks or careless and ignorant.

To illustrate that with just one example: Your Tails using activist logs into Facebook or Gmail using his real name. Glossing over all the Tor-specific attacks he'll be trackable via 3rd party scripts (Goolge Analytics, Like-button, Google Ads...)
Someone with "no skillz" won't have yet developed the kind of common sense we take for granted. Without computer knowledge and experience such pitfalls aren't intuitive or obvious at all!

The second aspect however is that Tail isn't a tough target. There is a lot of more or less academic research on Tor and other anonymous networks but that leaves out the whole picture: compared to attacking the network, let alone cryptography, hacking Firefox on Debian is really easy. There is no access control, no ASLR, no security to speak of. Heck, it's worse than what a patched XP would offer.

If you want some links on how Debian has less security feature than pretty much any other non-hobby OS I can do that. Though it's obvious enough that I don't think that would be necessary.

To be fair to the Tails team, there is a lot of good documentation on their websites that educates users about these risks. But isn't someone reading and understanding all of that no longer someone "with no computer skills"?

and no 100% safe way to test their security, assuming some tests will fail.
if they are already used to significant risk, maybe they'll use it. and maybe they'll be OK. especially if their persecutors are also technically incompetent.

"especially if their persecutors are also technically incompetent."

That's exactly the kind of mindset that gets you killed. Never assume your opponent is more stupid than you are...

January 19, 2012

Permalink

I'm not an advanced user and I haven't tried it, but there was a Slitaz Privacy Edition. Slitaz is a small (30MB!) distro, but I'm not sure if is appropriate for privacy.

The problem I have seen with TAILS is that uses GNOME, which actually is slow with old computers. What about using XFCE instead?

February 02, 2012

Permalink

My problem with this and older versions is:
tor is only online when i boot with router online.

Router is not online while i'am booting,tails says network is active
but.....get tor not online. Router is online!

When i boot with Internet online there is a lot of network activity,ssh-,ntp-errorpopup? and no chance to configurate Vidalia before working with.

Hope new version solve this