Leave No Trace Behind : Tails (The Amnesic Incognito Live System)

Ziyahan Albeniz

Leave No Trace Behind : Tails (The Amnesic Incognito Live System)

Years ago, at a holiday, I had to access my emails and desperately asked a stranger using a computer to borrow their device for few minutes.

Quickly checking my emails, I thanked that stranger but was numerous questions were left behind in my mind – did I correctly log out of my email session, could the computer I borrowed had a malware installed like keylogger?

The only thing to do was to change my email password as soon as I got access to a trusted computer.

There may be circumstances like this where we would need to use others’ computers. Especially university students perform lots of personal tasks like checking their emails or social media on their schools’ computer labs. I am not sure if they as suspicious as I do after these tasks, but at the end of the day the potential threats I mentioned above do apply to them.

You may wish that, from time to time, even for your own computer, the processes you do not leave traces on your computer, and that you cannot access the data you attach importance to in the event of theft or forensic review.

Do not criminalize the incident immediately. Journalists at most places in the world are fighting for their rights against oppressive regimes; Turkish Muslims at East Turkestan are trying every way against China’s digital surveillance.

In this article, what is going to be talked about is the installation and usage of an operating system enabling you to leave no trace behind when using someone else’s computer, or your own: Tails. Tails is an abbreviation of The Amnesic Incognito Live System.

Amnesic means the operating system running on the RAM and not writing data to hard disk. For this reason, whatever the reason, no data would be accessible forensically. Incognito addresses the anonymity of the system’s identity. The system does all of the internet connections through the TOR network. A more detailed article about TOR can be found in this issue of Arka Kapi Magazine. Live indicates the portability and states that you can boot a computer with any tool whether carried on a CD, USB or a mini memory card.

You can visit the following address to download Tails : https://tails.boum.org/install/ 

When visited the site, you must have seen the warning stating that the site is being watched by secret services, therefore after downloading the Tails installation file, it has been designed in such a way for you to share with your friends.

Here, it is assumed that the reader already uses Windows operating system and will perform necessary actions on this operating system.

The first question that the Tails download page displays us supports this assumption. The installation page asks which operating system Tails will be installed over.

Click Windows and continue.

The page after that asks us to choose the Tails download process – will we continue with a trusted friend’s Tails installation, or will we install Tails from a Windows machine from scratch.

Let’s indicate that we’re going to install Tails on Windows from scratch.

With this option, in order to download the 1.2 GB Tails installation file, you’re going to need a USB of at least 8 GB, an hour for downloading and half an hour for installation.

A page that provides a summary of the actions we will take respectively welcomes us.

The steps followed will be:

  • Downloading the Tails installation file
  • Installing Tails to the disk
  • Booting the PC with Tails
  • Configuring Tails
  • Rebooting the system

Continue by clicking the Let’s Go button.

If you read this article up to this point and have decided to install Tails, you probably feel under surveillance of legal or illegal corporations. Even for this reason you may be subject to some attacks during installation.

When installing Tails, an attacker that captured your connection may perform a Man in the Middle (MiTM) attack and may change the file you’re downloading with a copy they designed that will enable them to watch over you.

Therefore, in order to avoid this scenario, the page encountered during the installation phase is about a verification process where you can tell if the file you downloaded is really the file prepared by the Tails team.

This process is known as the file signature verification. You can also verify through the browser immediately after download. You can take a look at the articles written by Bayram Gök about encrypting and signing messages and cryptology in the previous issues of our magazine for further information.

For now, you can use Tails’ file verification add-on for Chrome: https://chrome.google.com/webstore/detail/tails-verification/gaghffbplpialpoeclgjkkbknblfajdl

At this stage of the installation, using an application called Etcher, we will write the Tails image that we have downloaded to the USB disk and bring it to the consistency that the computer can boot directly from this USB disk:

Etcher is a 75.2 Mb portable program. After downloading by clicking the Download Etcher for Windows link, the below screen will welcome you. We must say that the signature verification we have made for the Tails file is also essential for the Etcher file.

Send the Tails file you downloaded by clicking the Select Image (the file with .iso extension) option.

Next is choosing the USB flash drive that the file will be copied on. Pay attention and be careful – for every data on your USB flash drive will be deleted!

Press the Flash!  Button after selecting the USB flash drive.

With the below operation, we understand that the writing process to the USB flash drive is finished:

Now it is time to boot the computer with this USB. During this whole process, the USB flash drive must be plugged in the computer.

This option pops up by pressing F2 on some computers, ESC or DEL on others etc.. You can get some help on how to change the boot order by visiting http://www.boot-disk.com/boot_priority.htm .

When you boot your computer with the Tails-installed USB drive, after a few actions, you will see the following screen:

At this step, we need to make a few settings like the Keyboard Layout or Language. What needs more attention is the Additional Settings field. Open this field by clicking the + sign and continue the process:

Now, we are going to assign a password to Tails with Administration Password. We will need these permissions especially during the configuration of TOR when modifying some files.

Our goal is to use Tails without leaving any trace on the PC disk. However, if you want to anonymize your identity during your internet browsing, your connection settings should be done via Tor.

For this, choose the Network Connection in the Additional Settings field.

Let’s make this connection through a bridge (for countries where direct TOR access is blocked), and select this choice.

Performing your untraceable operations, you might not need to have an internet connection. It is possible to cut all internet connection of the system by choosing Disable all networking.

After making necessary settings, Tails is ready to go. Start Tails by clicking the button Start Tails.

Now, what we need to connect to the internet, and then enter the Bridge settings to make the internet connections over TOR.

If you want, you can click on the network icon on the right side of the taskbar and provide a connection to the modem in your home or work, or plug in a network cable to the network card.

After a connection is established, you may encounter such a screen below. This screen mentions that a connection to the TOR network can not be established because of blocking (some countries block TOR as previously mentioned).

Together with the Configure option, we can make the necessary bridge settings that will allow us to connect indirectly to the Tor network.

Sadly, since Tor is being censored in some countries as shown on the screen that welcomes us, we enter the bridge settings in the box just below.

Wait a minute – how do we find these bridges?

For this, by sending an email to TOR’s email service, we demand the current settings.

But TOR does not run on Tails yet we booted the system with Tails?

This can be solved by using Unsafe Browser found under the menus Tails > Internet.

Now that we have reached our email account, let’s send the email. Send an email to the address [email protected] with get transport obfs4 written as the message’s body, and wait for the answer.

The expected settings came. Now, take this information and enter them into the TOR configuration screen and click Connect:

Now that this is also done, we have come up to a point very crucial for Tails. Yes, this system has been designed to be forgetful. Yet, there is such information which does not want to enter over and over again. In such cases, the encrypted disk offered by Tail is exactly what we need.

Now, we are going to create an encrypted field over the USB drive and hide the data of chosen type here. For instance, after entering the wireless network password once, let this be hidden in the encrypted disk. One day, you might want to store your Bitcoin wallet, the database of your password manager here.

Let’s create the disk. Choose the Configure persistent volume option from the Applications > Tails menu.

We encounter the following screen:

Here, a partition of the disk to be encrypted will be created. This process can be thought of as encrypting the disk as described in the Bitlocker article in the previous (sixth) issue of Arka Kapi Magazine

Now, specify a passphrase which will be used as a key to encrypt the data on the disk. Enter a passphrase in the box.

The operation of the creation of the persistent area starts by clicking the Create button:

After this process, which the data will be saved to this password-protected permanent disk space that we created is specified:

You can specify such options as personal data, network settings frequently used URLs in the browser, email correspondences and wallets of cryptocurrencies within this window.

After creating a password-protected, persistent disk space, the next screen indicates that we need to restart Tails to activate the settings:

Restart Tails to access the safe zone. At the welcome screen of Tails, this time we will see an option asking if we have a password-protected disk, and whether we want to use it in the Tails session:

After entering the password of the encrypted region and clicking the Unlock button, if the password entered is correct, the disk space will be usable in this Tails session.

Since we entered the correct password, we get the Your persistent storage is unlocked message.

If you want to access this persistent disk space, it is possible to do so in the Places > Persistent menu.

You can now use the untraceable operating system Tails confidently.

A few suggestions

If you did not choose a strong password during disk encryption, or if your PC has a back door in its hardware, Tails will not do magic. If it is security we are talking about, instead of putting all your trust into one point, it is essential to always be alert and take security precautions at each layer.

On the other hand, you can install Tails even on a nail-sized micro SD card, and if your PC supports it, you can boot your computer from that SD card.

The greatest advantage of Micro SD cards is they can be swallowed in case of danger.