Tails
The Amnesic Incognito Live System. Privacy by design, amnesia by default.
Overview
| Based on | Debian (Stable) |
| Package manager | APT (limited; live system) |
| Package format | .deb |
| Release model | Fixed releases, frequent security updates (every ~4 weeks) |
| Default DE | GNOME |
| Init system | systemd |
| Website | tails.net |
Why Tails?
- All traffic through Tor - Every network connection is forced through the Tor network. Applications that try to connect directly are blocked.
- Amnesic by design - Runs entirely from RAM. When you shut down, everything is wiped. No forensic traces on the host machine.
- Portable - Boots from a USB drive on almost any computer. Carry your secure OS in your pocket.
- Pre-configured privacy tools - Tor Browser, Thunderbird with OpenPGP, KeePassXC, OnionShare, and metadata cleaning tools
- Used by journalists and activists - Recommended by the Freedom of the Press Foundation and used by Edward Snowden
- MAC address spoofing - Automatically randomizes your network hardware identifier at boot
How Tails Works
- Live USB only - Tails is not meant to be installed on a hard drive. It runs entirely from a USB stick.
- Amnesia - All files, settings, and browsing history are lost on shutdown unless saved to Persistent Storage.
- Persistent Storage - An optional encrypted partition on the USB drive for files and settings you need across reboots.
- Unsafe browser - A separate, non-Tor browser available for captive portal login (airport/hotel Wi-Fi). Clearly marked as unsafe.
Package Management
Since Tails is a live system, package management is limited. Installed packages are lost on reboot unless configured in Persistent Storage.
# Temporarily install a package (lost on reboot)
sudo apt update && sudo apt install package-name
# To persist additional packages across reboots:
# 1. Enable Persistent Storage (Tails menu > Persistent Storage)
# 2. Enable the "Additional Software" feature
# 3. Install the package, and Tails will offer to add it to persistent packages
# 4. On next boot, Tails reinstalls your persistent packages automatically
Tails is not a daily driver. It is designed for specific threat models requiring strong anonymity. Everyday use will be slow (all traffic goes through Tor), and the amnesic design means you need to reconfigure things each session unless you use Persistent Storage. For a daily-driver with privacy features, consider Parrot Home or Whonix.
Included Tools
- Tor Browser - Pre-configured, hardened Firefox with Tor integration
- Thunderbird - Email client with OpenPGP encryption support
- KeePassXC - Password manager (use with Persistent Storage)
- OnionShare - Share files, host websites, and chat anonymously over Tor
- MAT2 / Metadata Cleaner - Remove metadata from images, documents, and other files
- LUKS - Create and open encrypted volumes
- Electrum - Bitcoin wallet
- LibreOffice - Full office suite
Tips
- Use a fast USB 3.0+ drive (at least 8 GB). Tails runs from RAM but loads from USB, so speed matters.
- Set up Persistent Storage for KeePassXC databases, GPG keys, Wi-Fi passwords, and dotfiles
- Tails can spoof your MAC address automatically. Do not disable this unless you have a specific reason.
- Keep Tails updated. The automatic updater handles this, but major version jumps require re-flashing the USB.
- Use Tails in addition to good operational security. Tails protects against technical surveillance, not human mistakes.
- Do not use Tails for activities linked to your real identity on the same session as anonymous activities