tails update continued

content/posts/tails-best/index.md

@@ -195,7 +195,7 @@ Another reason to avoid using Persistent Storage features is that many of them s
 However, you may want to use some Persistent Storage features that don't store personal data, such as the additional software feature. This requires unlocking the switch for a dedicated Persistent Storage configuration session: 
 
 * Start an "unlocked" session, [create Persistent Storage](/posts/tails#optional-create-and-configure-persistent-storage) with additional software enabled, [install the additional software](/posts/tails#installing-additional-software), and select to "Install Every Time" when prompted. 
-* Now that the configuration is complete, restart Tails into a "locked" session before actually using the software. This way, none of the files you work on are saved to the Tails USB because it is "locked", but now the additional software is configured to install every time you enter your Persistent Storage password at the Welcome Screen. To have a "locked" session with Persistent Storage, the USB switch will need to be locked to the read-only position *after* after the Welcome Screen because Tails will not allow you to enter the password otherwise. 
+* Now that the configuration is complete, restart Tails into a "locked" session before actually using the software. Don't set an Administration password, which is only required during the initial installation. In a "locked" session, none of the files you work on are saved to the Tails USB because it is "locked", but now the additional software is configured to install every time you enter your Persistent Storage password at the Welcome Screen. To have a "locked" session with Persistent Storage, the USB switch will need to be switched to the read-only position *after* you receive the notification "Additional Software installed succesfully" (and before you connect to the Internet).  
 
 The Persistent Storage feature is not possible with the DVD or `toram` boot option.
 
@@ -209,7 +209,7 @@ The compartmentalization approach [discussed above](/posts/tails-best#2-using-ta
 
 If a "personal data" USB is used to save very sensitive files (such as the text of a communique), it is best to overwrite and then destroy the USB once you no longer need the files (see [Really delete data from a USB drive](/posts/tails/#really-delete-data-from-a-usb)). This is another reason to use a separate USB for any files that need to be saved — you don't accumulate the forensic history of all your files on your Tails Persistent Storage, and you can easily destroy these "personal data" USBs as needed.
 
-If you already use Tails and encrypted email, you may be familiar with Thunderbird's Persistent Storage feature for your inbox and PGP keys. This feature won't work with a write-protect switch enabled. Instead of using Persistent Storage for email, simply login to Thunderbird in each new session. PGP keys can be stored on the "personal data" USB like any other file, and imported when needed with one click. This approach has the advantage that if law enforcement manages to bypass LUKS, they still don't have your inbox without knowing your email password.
+If you already use Tails and encrypted email, you may be familiar with Thunderbird's Persistent Storage feature for your inbox and PGP keys. This feature won't work with a write-protect switch enabled. Instead of using Persistent Storage for email, simply login to Thunderbird with IMAP in each new session. PGP keys can be stored on the "personal data" USB like any other file, and imported when needed with Thunderbird's "OpenPGP Key Manager" (File → Import Public Key(s) from File / Import Secret Key(s) from File). This approach has the advantage that if law enforcement manages to bypass LUKS, they still don't have your inbox without knowing your email password.
 
 # Phishing Awareness 
 
@@ -300,7 +300,7 @@ If you are using Persistent Storage, this is another passphrase that you will ha
 
 ### Installing SiriKali 
 
-SiriKali is an encrypted volume program that uses [gocryptfs](https://nuetzlich.net/gocryptfs/) behind the scenes. It is [available in the Debian repository](https://packages.debian.org/bookworm/sirikali) and can be easily installed as [additional software](/posts/tails#installing-additional-software). In Synaptic, right-click SiriKali and select "Mark Suggested for Installation → gocryptfs" (if you are comfortable on the [command line](/glossary/#command-line-interface-cli), you can use gocryptfs directly instead). If you don't want to reinstall SiriKali every session, you will need to [configure Additional Software in Persistent Storage](/posts/tails-best#unlocking-the-switch).  
+SiriKali is an encrypted volume program that uses [gocryptfs](https://nuetzlich.net/gocryptfs/) behind the scenes. It is [available in the Debian repository](https://packages.debian.org/bookworm/sirikali) and can be easily installed as [additional software](/posts/tails#installing-additional-software). In Synaptic, install both sirikali and gocryptfs (if you are comfortable on the [command line](/glossary/#command-line-interface-cli), you can use gocryptfs directly and you don't actually need sirikali). If you don't want to reinstall SiriKali every session, you will need to [configure Additional Software in Persistent Storage](/posts/tails-best#unlocking-the-switch).  
 
 Using SiriKali to create a volume will make two new directories: a "cipher" directory (`VolumeName/` on your "personal data" USB) where the encrypted files are actually stored and a "plain" directory where you access your decrypted volume once it is mounted there (`/home/amnesia/.SiriKali/VolumeName`).  
 
@@ -317,7 +317,7 @@ Using SiriKali to create a volume will make two new directories: a "cipher" dire
 Whenever you want to decrypt the volume, click "Mount Volume":
 
 * This happens automatically upon volume creation. 
-* You can now add files to your mounted volume: right-click the volume and select "Open folder". 
+* You can now add files to your mounted volume: right-click the volume and select "Open Folder". 
 	* You can verify SiriKali is working by creating a test file here. This file will show up encrypted in the cipher directory.
 * When you are done, right-click the volume and select "Unmount."