mirror of
https://0xacab.org/anarsec/anarsec.guide.git
synced 2025-07-23 23:01:04 -04:00
md formatting
This commit is contained in:
anarsec
parent
0dc607247e
commit
b6bbc36b6f
8 changed files with 141 additions and 79 deletions
|
|
@ -36,7 +36,7 @@ Other operating systems exist. Perhaps you have already heard of Linux or Ubuntu
|
|||
|
||||
* Tails is also a system that allows you to be incognito, meaning anonymous. It hides the elements that could reveal your identity, your location, etc. Tails makes use of the [Tor anonymity network](/glossary#tor-network) to protect your anonymity online: the Tor Browser and all other default software are configured to connect to the Internet through Tor. If an application tries to connect to the Internet directly, the connection is automatically blocked. Tails also changes the so-called "MAC address" of your network hardware, which can be used to uniquely identify your laptop.
|
||||
|
||||
|
||||
|
||||
<div class="is-family-monospace is-size-7"><center>
|
||||
<p><em>Tor Browser features</em></p>
|
||||
<br>
|
||||
|
|
@ -54,7 +54,7 @@ Tails allows non-experts to benefit from digital security and anonymity without
|
|||
|
||||
This tutorial is in several sections. The first is about the basics for starting to use Tails. The second section contains tips on using software included in Tails, as well as what you need to know about how Tor works. The third section is about troubleshooting any issues that you might encounter with your Tails USB to avoid giving up at the first problem - most of the time the solution is simple!
|
||||
|
||||
#### The concept of a threat model.
|
||||
## The concept of a threat model.
|
||||
|
||||
Tails is not magic and has plenty of limitations. The Internet and computers are hostile territory and are based on stealing your data. Tails does not protect you from human error, compromised hardware, compromised firmware, being hacked, or certain other types of attacks. There is no absolutely perfect security on the Internet, hence the interest in being able to make a [threat model](/glossary/#threat-model).
|
||||
|
||||
|
|
@ -64,39 +64,43 @@ It makes no sense to say "such and such a tool is secure". Security always depen
|
|||
|
||||
# I) The Basics of Using Tails
|
||||
|
||||
#### Prerequisites
|
||||
## Prerequisites
|
||||
|
||||
***Selecting a USB/DVD:***
|
||||
|
||||
* Tails only works on USBs of more than 8 GB or on DVDs (where it is not possible to use the Persistent Storage feature described below). The data on the USB will be completely erased at installation, so save your data elsewhere beforehand, and if you don't want any trace of what was there before, use a new USB.
|
||||
* The article [Tails Best Practices](/posts/tails-best/#using-a-write-protect-switch) recommends using a USB with a write-protect switch (an unchangeable data medium) to make sure that nothing is left behind when doing sensitive work, and that the laptop cannot compromise your Tails system. The article details how to adapt to this. The write-protect switch will need to be disabled during installation. If you are unable to obtain such a USB, you can use Tails from a DVD-R/DVD+R, or always boot it with the `toram` option (described at more length in the article).
|
||||
|
||||
***Selecting a laptop:***
|
||||
|
||||
* Although it is possible to use Tails on a desktop computer, this is not advised because it is only possible to [detect physical tampering](/posts/tamper/#tamper-evident-laptop-screws) on a laptop. Additionally, it would be harder to tell if someone had opened your desktop case and installed a physical keylogger. See [Tails Best Practices](/posts/tails-best/#reducing-risks-when-using-untrusted-computers) for more on obtaining a laptop.
|
||||
|
||||
Some laptop and some USB models do not work with Tails, or some features will not work. To see whether your model has known issues, consult the [Tails known issues page](https://tails.boum.org/support/known_issues/).
|
||||
|
||||
If Tails is too slow, make sure that the USB is 3.0 or higher, and using a USB 3.0 port on the laptop. If Tails completely freezes often, it's possible to increase the RAM of your computer. 8 GB will be sufficient.
|
||||
|
||||
#### Installation
|
||||
## Installation
|
||||
|
||||
To install Tails on a USB, you need a "source" and a USB (that is 8 GB or larger).
|
||||
|
||||
Concerning the "source", there are two solutions.
|
||||
|
||||
***Solution 1: Installation from another Tails USB***
|
||||
|
||||
* This requires knowing a Tails user you trust. A very straightforward software called the Tails Installer allows you to "clone" a new Tails USB in a few minutes; see the documentation for cloning from a [PC](https://tails.boum.org/install/clone/pc/index.en.html) or [Mac](https://tails.boum.org/install/clone/mac/index.en.html). Any Persistent Storage data isn't transferred. The disadvantage of this method is that it can spread a compromised installation.
|
||||
|
||||
***Solution 2: Installation by download (Preferred)***
|
||||
|
||||
* You have to follow the [Tails installation guide](https://tails.boum.org/install/index.en.html). The Tails website will guide you step by step; it is important to follow the entire tutorial. It is possible for an attacker to [intercept and modify the data](/glossary#man-in-the-middle-attack) on its way to you, so do not skip the verification steps. As discussed in [Tails Best Practices](/posts/tails-best/#reducing-risks-when-using-untrusted-computers), the install method [using GnuPG](https://tails.boum.org/install/expert/index.en.html) is preferred, because it checks the integrity of the download more thoroughly.
|
||||
|
||||
#### Booting from your Tails USB
|
||||
## Booting from your Tails USB
|
||||
Once you have a Tails USB, follow the Tails guides to [start Tails on a Mac or PC computer](https://tails.boum.org/doc/first_steps/start/index.en.html). The Tails USB must be inserted before turning on the laptop. The "Boot Loader" screen will appear and Tails starts automatically after 4 seconds.
|
||||
|
||||
|
||||
|
||||
|
||||
After around 30 more seconds of a loading screen, the [Welcome Screen](https://tails.boum.org/doc/first_steps/welcome_screen/index.en.html) appears.
|
||||
|
||||
|
||||
|
||||
|
||||
In the Welcome Screen, select your language and keyboard layout in the **Language & Region** section. For Mac users, there is a keyboard layout for Macintosh. Under "Additional Settings" you will find a **+** button, click on it and further configuration options will appear:
|
||||
|
||||
|
|
@ -111,9 +115,9 @@ In the Welcome Screen, select your language and keyboard layout in the **Languag
|
|||
|
||||
When you have enabled Persistent Storage, the passphrase to unlock it will appear in this window. If you haven't enabled Persistent Storage, no data will persist on your Tails USB beyond this session. Click **Start Tails**. After 15 to 30 seconds, the Tails desktop appears."
|
||||
|
||||
#### Using the Tails desktop
|
||||
## Using the Tails desktop
|
||||
|
||||
|
||||
|
||||
|
||||
Tails is a classic and simple operating system.
|
||||
|
||||
|
|
@ -129,7 +133,7 @@ Tails is a classic and simple operating system.
|
|||
|
||||
If your laptop is equipped with Wi-Fi but there is no Wi-Fi option in the system menu, see the [troubleshooting documentation](https://tails.boum.org/doc/anonymous_internet/no-wifi/index.en.html). Once you connect to Wi-Fi, a Tor Connection assistant appears to help you to connect to the Tor network. Choose **Connect to Tor automatically** unless you are in a country where you need to hide that you are using Tor (in which case, you'll need to configure [a bridge](https://tails.boum.org/doc/anonymous_internet/tor/index.en.html#hiding)).
|
||||
|
||||
#### Optional: Create and Configure Persistent Storage
|
||||
## Optional: Create and Configure Persistent Storage
|
||||
|
||||
Tails is amnesiac by default. It forgets everything you did between sessions. This isn't always what you want - for instance, you may want to work on a document that you can't complete in one sitting. The same is true for installing additional software: you would have to redo the installation after each start-up. Tails has a feature called Persistent Storage, which makes it no longer completely forgetful. This is explicitly less secure, but it is necessary for some activities.
|
||||
|
||||
|
|
@ -138,17 +142,21 @@ The principle is to create a second storage area (called a partition) on your Ta
|
|||
A window opens where you have to type a passphrase; see [Tails Best Practices](/posts/tails-best/#passwords) for notes on passphrase strength. You'll then [configure](https://tails.boum.org/doc/persistent_storage/configure/index.en.html) what you need to keep in Persistent Storage. Persistent Storage can be enabled for several types of data:
|
||||
|
||||
**Personal Documents:**
|
||||
|
||||
* **Persistent Folder**: Data such as your personal files, documents, or images that you're working on can be saved in the Persistent Storage on the Tails USB.
|
||||
|
||||
**System Settings:**
|
||||
|
||||
* **Welcome Screen**: Settings from the Welcome Screen can be saved in the Persistent Storage: language, keyboard, and additional settings.
|
||||
* **Printers**: [Printer configuration](https://tails.boum.org/doc/sensitive_documents/printing_and_scanning/index.en.html) can be saved in the Persistent Storage.
|
||||
|
||||
**Network:**
|
||||
|
||||
* **Network Connections**: The passwords for Wi-Fi networks can be saved in the Persistent Storage, so you don't have to type them every time.
|
||||
* **Tor Bridge**: When the Tor Bridge feature is turned on (for users in countries that censor Tor), the last Tor Bridge that you used is saved in the Persistent Storage.
|
||||
|
||||
**Applications:**
|
||||
|
||||
* **Tor Browser Bookmarks**: Tor Browser bookmarks can be saved in the Persistent Storage.
|
||||
* **Electrum Bitcoin Wallet**: The bitcoin wallet and preferences can be saved in the Persistent Storage.
|
||||
* **Thunderbird Email Client**: The email inbox, feeds, and OpenPGP keys of Thunderbird can be saved in the Persistent Storage.
|
||||
|
|
@ -157,6 +165,7 @@ A window opens where you have to type a passphrase; see [Tails Best Practices](/
|
|||
* **SSH Client**: SSH is used to connect to servers. All files related to SSH can be saved in the Persistent Storage.
|
||||
|
||||
**Advanced Settings:**
|
||||
|
||||
* **Additional Software**: With this feature enabled, a list of additional software of your choice is automatically installed every time you start Tails. The corresponding software packages are stored in the Persistent Storage. They are automatically upgraded after a network connection is established. [Be careful with what you install](https://tails.boum.org/doc/persistent_storage/additional_software/index.en.html#warning).
|
||||
* **Dotfiles**: On Tails and Linux in general, the name of configuration files often starts with a dot and are sometimes called "dotfiles" for this reason. These can be saved in the Persistent Storage. Be careful about what configuration settings you change, because altering default settings can break your anonymity.
|
||||
|
||||
|
|
@ -164,13 +173,13 @@ Persistent Storage must be unlocked at the Welcome Screen to use it. If you wan
|
|||
|
||||
In [Tails Best Practices](/posts/tails-best/#using-a-write-protect-switch), we recommend against using Persistent Storage in most cases. Any files that need to persist can instead be saved to a second [LUKS-encrypted USB](#how-to-create-an-encrypted-usb). Most Persistent Storage features do not work well with USBs that have a write-protect switch.
|
||||
|
||||
#### Upgrading the Tails USB
|
||||
## Upgrading the Tails USB
|
||||
|
||||
The security of Tails (and more generally of Linux) depends on the continuous development of the operating system and the resolution of any security flaws through upgrades. It is important to always use the latest version (Tails is updated approximately every month) because security vulnerabilities are regularly discovered in the programs used by Tails, which in the worst case scenario can lead to your identity, IP address, etc., being revealed. A Tails upgrade will patch these security holes and usually enhance other features as well.
|
||||
|
||||
Every time you start Tails, the Tails Upgrader checks if you are using the latest Tails version right after you connect to the Tor network. There are 2 types of upgrades.
|
||||
|
||||
|
||||
|
||||
|
||||
***The [automatic upgrade](https://tails.boum.org/doc/upgrade/index.en.html)***
|
||||
|
||||
|
|
@ -184,16 +193,16 @@ Every time you start Tails, the Tails Upgrader checks if you are using the lates
|
|||
|
||||
# II) Going Further: Several Tips and Explanations
|
||||
|
||||
#### Tor
|
||||
## Tor
|
||||
***What is Tor?***
|
||||
|
||||
[Tor](/glossary/#tor-network) stands for The Onion Router, and is the best way to be anonymous on the Internet. Tor is an open-source software associated with a public network of several thousand relays (servers). Instead of connecting directly to a location on the Internet, Tor will take a detour via three intermediate relays. Tor Browser uses Tor, but other applications can too if they are properly configured. All applications included by default in Tails that connect to the Internet use Tor.
|
||||
|
||||
|
||||
|
||||
|
||||
Internet traffic, including the IP address of the final destination, is encrypted in different layers like an onion. With each hop along the three relays, an encryption layer is removed. Each relay only knows the step before it, and after it (relay #3 knows that it comes from relay #2 and that it goes to such and such a website after, but does not know relay #1).
|
||||
|
||||
|
||||
|
||||
|
||||
This means that any intermediaries between you and relay #1 know you're using Tor but they don't know what site you're going to. Any intermediaries after relay #3 know that someone in the world is going to this site. The web server of the site sees you coming from the IP address of relay #3.
|
||||
|
||||
|
|
@ -205,7 +214,7 @@ Virtually all websites today use [HTTPS](/glossary/#https); the S stands for "se
|
|||
|
||||
If there is a yellow warning on the padlock, it means that, in the page you're browsing, some elements are not encrypted (they use HTTP), which can reveal the exact page you're browsing or allow intermediaries to partially modify the page. By default, Tor Browser uses HTTPS-Only Mode to prevent visiting HTTP websites.
|
||||
|
||||
|
||||
|
||||
|
||||
HTTPS is essential both to limit your web fingerprint, but also to prevent an intermediary from modifying the data you exchange with websites. If the intermediary cannot decrypt the data, they cannot modify it. For an overview of HTTP / HTTPS connections with and without Tor, and what information is visible to various third parties, see the EFF's [interactive illustration](https://www.eff.org/pages/tor-and-https).
|
||||
|
||||
|
|
@ -215,7 +224,7 @@ In short, don't visit websites that don't use HTTPS.
|
|||
|
||||
Perhaps you have seen a strange site address containing 56 random characters, ending in .onion? This is called an onion service, and the only way to visit a website that uses such an address is to use the Tor Browser. The "deepweb" and "darkweb" are terms popularized in news media in recent years to describe these onion services.
|
||||
|
||||
|
||||
|
||||
|
||||
Anyone can create an .onion site. But why would they want to? Well, the server location is anonymized, so authorities cannot find out where the website is hosted in order to take it down. When you send data to an .onion site, after the standard Tor circuit you enter the site's three Tor relays. So we have 6 Tor relays between us and the site; we know the first 3 relays, the site knows the last 3, and each Tor node just knows the relay before and after. Unlike an HTTPS normal website, it's all Tor encryption from end to end.
|
||||
|
||||
|
|
@ -229,7 +238,7 @@ Some sites offer both a classic URL as well as an .onion address. In this case,
|
|||
|
||||
The Tor network is blocked and otherwise rendered more inconvenient to use in many ways. You may be confronted with CAPTCHA images (a kind of game that verifies you “are not a robot”) or obliged to provide additional personal data (ID card, phone number…) before proceeding, or Tor may be completely blocked.
|
||||
|
||||
|
||||
|
||||
|
||||
Perhaps only certain Tor relays are blocked. In this case, you can change the Tor exit nodes for this site: click on the **≣ → "New Tor circuit for this site"**. The Tor circuit (path) will only change for the one tab. You may have to do this several times in a row if you're unlucky enough to run into several relays that have been banned.
|
||||
|
||||
|
|
@ -241,13 +250,13 @@ It is not recommended to perform different tasks on the Internet that should not
|
|||
|
||||
The 'New Identity' feature of Tor Browser is not sufficient to completely separate contextual identities in Tails, since connections outside the Tor Browser are not restarted and you retain the same Tor entrance node. Restarting Tails is a better solution.
|
||||
|
||||
|
||||
|
||||
|
||||
The Onion Circuits application shows which Tor circuit a connection to a server uses (website or otherwise). Sometimes, it can be useful to make sure that the exit relay is not located in a certain country, to be further away from the easiest access of investigating authorities. In the example above, the connection to check.torproject.org goes through the relays tor7kryptonit, Casper03, and the exit node blackfish. If you click on a circuit, technical details about the relays of the circuit appear in the right pane. The 'New Identity' feature of Tor Browser is useful for changing this exit relay without needing to reboot the Tails session, which can be repeated until you have an exit relay you are happy with. We are not suggesting to use 'New Identity' when switching between identities, but simply when you want to change the exit node within a single identity's activity.
|
||||
|
||||
***Tor Browser security settings***
|
||||
|
||||
|
||||
|
||||
|
||||
Like any software, Tor Browser has vulnerabilities that can be exploited. To limit this, it's important to keep Tails up to date, and it's also recommended to increase the security settings of the Tor browser: you click on the shield icon and then **Change**. By default it's set to Standard, which is a browsing quality that hardly changes from a normal browser. We recommend that you set the most restrictive setting before starting any browsing: **Safest**.
|
||||
|
||||
|
|
@ -261,7 +270,7 @@ The Tor Browser on Tails is kept in a ["sandbox"](/glossary/#sandboxing) to prev
|
|||
|
||||
When you download something using the Tor Browser it will be saved in the Tor Browser folder (`/home/amnesia/Tor Browser/`), which is inside the "sandbox". If you want to do anything with this file, you should then move it out of the Tor Browser folder. You can use the file manager (**Applications → Accessories → Files**) to do this.
|
||||
|
||||
|
||||
|
||||
|
||||
*Uploads*
|
||||
|
||||
|
|
@ -273,7 +282,7 @@ Be aware that, because all of your Tails session is running in RAM (unless you h
|
|||
|
||||
***Share Files with Onionshare***
|
||||
|
||||
|
||||
|
||||
|
||||
It is possible to send a document through an .onion link thanks to [OnionShare](https://tails.boum.org/doc/anonymous_internet/onionshare/index.en.html) (**Applications → Internet → OnionShare**). Normally, OnionShare stops the hidden service after the files have been downloaded once. If you want to offer the files for multiple downloads, you need to go to Settings and unselect "Stop sharing after first download". As soon as you close OnionShare, cut the Internet connection, or shut down Tails, the files can no longer be accessed. This is a great way of sharing files because it doesn't require plugging a USB into someone else's computer, which is [not recommended](/posts/tails-best/#reducing-risks-when-using-untrusted-computers). The long .onion address can be shared via another channel (like a [Riseup Pad](https://pad.riseup.net/) you create that is easier to type).
|
||||
|
||||
|
|
@ -281,31 +290,31 @@ It is possible to send a document through an .onion link thanks to [OnionShare](
|
|||
|
||||
When you request a web page through a web browser, it is transmitted to you in small "packets" characterized by a specific size and timing (alongside other characteristics). When using Tor Browser, the sequence of transmitted packets can also be analyzed and assigned certain patterns. The patterns here can be matched with those of monitored websites on the Internet. To make this "correlation attack" more difficult, before connecting to a sensitive website you can open various other pages that require loading (such as streaming videos on a privacy-friendly website like kolektiva.media) in additional tabs of your browser. This is officiallly recommended by Tor - see [Do multiple things at once with your Tor client](https://blog.torproject.org/new-low-cost-traffic-analysis-attacks-mitigations/). This will generate a lot of additional traffic, which will make the analysis of your pattern more difficult.
|
||||
|
||||
#### Included Software
|
||||
## Included Software
|
||||
|
||||
Tails includes [many applications](https://tails.boum.org/doc/about/features/index.en.html) by default. The documentation gives an overview of [Internet applications](https://tails.boum.org/doc/anonymous_internet/index.en.html), applications for [encryption and privacy](https://tails.boum.org/doc/encryption_and_privacy/index.en.html), as well as applications for [working on sensitive documents](https://tails.boum.org/doc/sensitive_documents/index.en.html). In the rest of this section, we will just highlight common use cases relevant to anarchists, but read the documentation for further information.
|
||||
|
||||
#### Password Manager (KeePassXC)
|
||||
## Password Manager (KeePassXC)
|
||||
If you're going to need to know a lot of passwords, it can be nice to have a secure way to store them (i.e. not a piece of paper next to your computer). KeePassXC is a password manager included in Tails (**Application → Favorites → KeePassXC**) which allows you to store your passwords in a file and protect them with a single master password. In the terminology used by KeePassXC, a *password* is a randomized sequence of characters (letters, numbers, and other symbols), whereas a *passphrase* is a random series of words.
|
||||
|
||||
|
||||
|
||||
|
||||
When you [create a new KeePassXC database](https://tails.boum.org/doc/encryption_and_privacy/manage_passwords/index.en.html#index1h1), in the **Encryption settings** window, increase the **Decryption time** from the default to the maximum (5 seconds). Then, select a [strong passphrase](/posts/tails-best/#passwords) and then save your KeePassXC file. This file will contain all your passwords/passphrases, and needs to persist between sessions on your Persistent Storage or on a second LUKS-encrypted USB as described in [Tails Best Practices](/posts/tails-best/#using-a-write-protect-switch). The decryption time setting of a pre-existing KeePassXC file can be updated: **Database → Database Security → Encryption Settings**.
|
||||
|
||||
As soon as you close KeePassXC, or if you don't use it for a few minutes, it will lock. Be careful not to forget your main passphrase. We recommend against using the auto-fill feature, because it is easy to fill your password into the wrong window by mistake.
|
||||
|
||||
|
||||
|
||||
|
||||
1) Right-click on a folder to add sub-groups
|
||||
2) Create a new entry
|
||||
3) Copy the username
|
||||
4) Copy the password
|
||||
|
||||
|
||||
|
||||
|
||||
5) Use the Password Generator when editing an entry
|
||||
|
||||
#### Really delete data from a USB
|
||||
## Really delete data from a USB
|
||||
|
||||
"Permanently delete" or "trash" does not delete data... and it can be very easy to recover. Indeed, when you "delete" a file, you are only telling the operating system that the contents of this file are no longer of interest to you. It then deletes its entry in the index of existing files. It can then reuse the space that the data took up to write something else.
|
||||
|
||||
|
|
@ -318,16 +327,17 @@ However, traces of the previously written data may still remain. If you have sen
|
|||
* For flash memory drives (USBs, SSD, SD cards, etc.), use two pliers to break the circuit board out of the housing, then break the memory chips, including the circuit board, into pieces (beware of splintering). Hold the pieces in the flame of a camping gas torch. You will only achieve a partial decomposition of the transistor material. Use sufficient respiratory protection or distance! The fumes are unhealthy.
|
||||
* If burning the pieces is too involved, discretely dropping them down a storm drain while you tie your shoe would make recovery unlikely.
|
||||
|
||||
#### How to create an encrypted USB
|
||||
## How to create an encrypted USB
|
||||
|
||||
Exclusively store data on encrypted drives. This is necessary for using a separate LUKS USB instead of Persistent Storage on the Tails USB. [LUKS](/glossary/#luks) is the Linux encryption standard. To encrypt a new USB, go to **Applications → Utilities → Disks**.
|
||||
|
||||
* When you insert the USB, a new "device" should appear in the list. Select it, and verify that the description (brand, name, size) matches your device. Be careful not to make a mistake!
|
||||
* Format it by clicking **≣ → Format the disk**.
|
||||
* Select **Overwrite existing data with zeroes** in the Erase drop-down list. Keep in mind that this is likely incomplete if there were sensitive documents on the USB.
|
||||
* Choose **Compatible with all systems and devices (MBR/DOS)** in the Partitioning drop-down list.
|
||||
* Then click **Format…**
|
||||
|
||||
|
||||
|
||||
|
||||
* Now you must add the encrypted partition.
|
||||
* Click on the "**+**"
|
||||
|
|
@ -337,15 +347,16 @@ Exclusively store data on encrypted drives. This is necessary for using a separa
|
|||
|
||||
When you insert an encrypted USB, it will not be opened automatically but only when you select it in the Places menu. You will be prompted to enter the passphrase. Before you can remove the disk when the work is done, you have to right-click on it under **Places → Computer** and then select Eject.
|
||||
|
||||
#### Encrypt a file with a password or with a public key
|
||||
## Encrypt a file with a password or with a public key
|
||||
|
||||
In Tails, you can use the Kleopatra application to [encrypt a file](https://tails.boum.org/doc/encryption_and_privacy/kleopatra/index.en.html#index1h1) with a password or a public PGP key. This will create a .pgp file. If you are going to encrypt a file, do so in RAM before you store it on a LUKS USB. Once the unencrypted version of a file is on a USB, the USB must be reformatted to remove it.
|
||||
|
||||
If you choose the passphrase option, you will have to open the file in Tails and type the passphrase. If you don't want the unencrypted data to be stored in the location where you saved it (e.g. on a USB), it's best to first copy the encrypted file to a Tails folder that is only in RAM (e.g. **Places → Documents**) before decrypting it.
|
||||
|
||||
#### Adding administration rights
|
||||
## Adding administration rights
|
||||
|
||||
In Tails, an administration password (also called a "root" password) is required to perform system administration tasks. For example:
|
||||
|
||||
- To install additional software
|
||||
- To access the computer's internal hard drives
|
||||
- To run [commands](/glossary/#command-line-interface-cli) in the root terminal
|
||||
|
|
@ -355,11 +366,12 @@ By default, the administration password is disabled for more security. This can
|
|||
|
||||
To set an administration password, you must choose an administration password at the Welcome Screen when starting Tails. This password only lasts for the duration of the session.
|
||||
|
||||
#### Installing additional software
|
||||
## Installing additional software
|
||||
|
||||
If you install new software, it's up to you to make sure it is secure. Tails forces all software to connect to the internet through Tor, so you make need to use a program called `torsocks` from Terminal to start additional software that requires an Internet connection (for example, `torsocks --isolate mumble`). The software used in Tails is audited for security, but this may not be the case for what you install. Before installing new software, it's best to make sure there isn't already software in Tails that does the job you want to do. If you want additional software to persist beyond a single session, you have to enable "Additional Software" in Persistent Storage [configuration](https://tails.boum.org/doc/persistent_storage/configure/index.en.html).
|
||||
|
||||
To install software from the Debian software repository:
|
||||
|
||||
* Start Tails with administration rights, then go to **Applications → System Tools → Synaptic Package Manager**.
|
||||
* When prompted, enter your administration password (if it's the first time you do this, it will take time to download the repositories).
|
||||
* Go to "All" and choose the software you want to install: "select for installation", then "apply".
|
||||
|
|
@ -368,12 +380,12 @@ To install software from the Debian software repository:
|
|||
|
||||
For more information, see the documentation on [Installing additional software](https://tails.boum.org/doc/persistent_storage/additional_software/index.en.html).
|
||||
|
||||
#### Remember to make backups!
|
||||
## Remember to make backups!
|
||||
A Tails USB is easily lost and USBs have a much shorter life span than a hard drive (especially the cheap ones). If you put important data on it, think about making regular backups. If you use a second LUKS-encrypted USB, this is as simple as using the File Manager to copy files to a backup LUKS-encrypted USB.
|
||||
|
||||
If you use Persistent Storage, see the [documentation on backing it up](https://tails.boum.org/doc/persistent_storage/backup/index.en.html).
|
||||
|
||||
#### Privacy screen
|
||||
## Privacy screen
|
||||
|
||||
A [privacy screen](https://en.wikipedia.org/wiki/Monitor_filter) can be added on top of the laptop screen to prevent people (or hidden cameras) from seeing the content unless they are directly facing it.
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue