Here’s an easy to follow noobs guide to Tails. Tails is by no means just a noobs OS, it does a lot of the hard work for you and makes connecting to and browsing the .onion network easy as hell. Edward Snowden used it to help stay anonymous during the initial NSA spying leaks. We’ll go over verifying the ISO, installing to USB, setting up persistence, and setting up the environment. For this guide we’ll be using Linux Mint as our operating system. Most steps will be the same across operating systems.
#What we’ll need
- Flash drive, minimum of 4GB
- Host OS (your computer)
- Guest OS (Tails .iso file)
- Virtualbox and Virtualbox Extensions
- PGP knowledge
Part 1 – Installing Virtualbox and Extensions
Unlike the other methods this one only requires one flash drive. We’ll be booting the live Tails system on Virtualbox, and installing it to the USB stick from there. The interface in the pictures may look a little different from what you see, but all of the options are in the same places.
Virtualbox allows you to run other operating systems on top of your current one, kind of like an emulator. This is what we’ll be using to boot Tails so we wont have to reboot during the install. Head over to the download page and select the download appropriate for your current OS.
After downloading, install it like you would any other program. Open it up and you should see the following screen.
This is what will allow the USB stick to communicate with our guest OS, which will allow us to install the live system without needing to reboot. Go to the download page, and download the extension pack for the most recent version. When it’s finished downloading, double click it to open it with Virtualbox.
The above should appear. Click install, follow through with the install process. If successful you should see the following window appear.
We’re done with Virtualbox for now. We’ll come back to it later when setting up the virtual machine.
Part 2 – Downloading and verifying Tails
We need to download the Tails .iso file, and verify that it’s authentic. Tails, or The Amnesic Incognito Live System, is a GNU/Linux distro with a focus on anonymity and privacy. It does this by routing all traffic through the Tor network, deletes all files on shutdown unless explicitly asked not to (persistence storage), and comes with all the other tools you need. Persistant storage will be needed for saving our wallet and keypairs.
Visit the official Tails website and click the download button on the right side. Scroll down a bit on the download page to ‘Download the ISO image’. Click on the ‘ISO image’ button and the ‘signature’ button to download the .iso and the signature. Save these two files in the same location.
Next you’re going to want to download the ‘signing key’ from this link. Import the key into your PGP program of choice. We’ll be verifying the .iso by checking the PGP signature. If you don’t know how to use PGP, check out the guides we have for GNU/Linux, OS X, and Windows.
Verifying the ISO is an important step. We want to make sure what we’re getting is actually from the Tails project. Like the intro said, we’ll be using the command line in Linux Mint . If you’re using Windows or OS X check out this link for instructions.
First we need to import the Tails signing key. Change into the directory where you saved it, then import the key into GPG. Once it’s imported, the output from gpg should reflect that. Take a look at the below picture to make sure you did this step right. If you get an error saying “gpg: no ultimately trusted keys found” this means that you haven’t created your own keypair yet. This is fine just for verifying the .iso file, you can ignore it.
Now we’re going to verify the .iso with the signature we downloaded earlier. Change into the directory where you saved the .iso and signature, and use gpg to verify it with their key. This could take several minutes so be patient. If the .iso image is genuine, you’ll see the output saying that the signature is good. If you see “gpg: This key is not certified with a trusted signature!”, the .iso is still genuine according to the imported key, you just haven’t signed the Tails key with your own. See this link for more details on how to trust the Tails signature key. If you did things correctly, your CLI of choice should look similar to the picture below.
If the .iso isn’t valid you’ll get an error saying “gpg: BAD signature from “Tails developers (signing key) <[email protected]>”. This will most likely be due to a corrupted download, so try downloading the .iso again if this happens.
Part 3 – Booting the .iso
Now that we’ve confirmed the .iso is genuine we can install it on the USB stick.
#Creating the virtual machine
Open up VirtualBox and plug in your USB stick. The first thing you’re going to do is click where it says ‘New’ in the top left corner, which should open a window titled ‘Create Virtual Machine’. Create a name, select ‘Linux’ as type, and version as ‘Linux 2.6 / 3.x (32 bit). See picture for an example.
VirtualBox will now ask how much memory you want to give to Tails. It will default to 256MB, but change it to 1024MB to make sure we don’t run into any issues. If you have less than 2GB of RAM in your computer you can set it to 512MB and everything should be fine. Click ‘Next’.
The next screen will ask if you want to reate a virtual hard drive. Since we’ll be booting the .iso directly, there’s no need to create a hard drive. So click ‘Do not add virtual hard drive’, then click ‘Create’.
In order for Tails to boot properly and recognize the USB stick we need to edit some settings. Click on the virtual machine, then click ‘Settings’ up at the top. The following window should appear.
First we need to make sure it’ll boot the Tails .iso file. On the left click ‘Storage’. You’ll now see the Storage tree, with ‘Controller: IDE’ being empty and ‘Controller: SATA’ having nothing listed. Click where it says ‘Empty’, and there will be some new options on the right side. Under ‘Attributes’ you’ll want to check the box that says ‘Live CD/DVD’, then click the CD/DVD symbol to the right of ‘CD/DVD Drive’ and browse to where you saved the .iso file. If done correctly your window should now look like below.
Next select the ‘USB’ option in the left sidebar. You’ll want to check off the boxes that say ‘Enable USB Controller’ and ‘Enable USB 2.0 (EHCI) Controller. On the right, click the USB icon that has the green “+” symbol on it, and select the USB device you want to install Tails on. Your window should look like below.
Now our VM is prepped to install Tails. Click ‘Ok’ at the bottom right, click your Tails virtual machine, then click Start. The virtual machine will boot the Tails live image, and give you two selections. With your arrow keys highlight ‘Live’ then hit ‘enter’ on your keyboard. It will take a minute or so to load. You’ll then see the below picture, leave ‘No’ selected then ‘Login’.
Part 4 – Tails on USB
I hope you aren’t bored yet, we’re almost done. Click on ‘Applications’, then ‘Tails’, then ‘Tails Installer’. You’ll see the following window. Click on ‘Clone & Install’, and you should see something like the second picture.
Your USB drive should already be selected for the ‘Target Device’, if not do so. Then click ‘Install Tails’. It will confirm that you want to install Tails on the USB drive. Do so, then click ‘Yes’. This will take several minutes, and you’ll be able to see what part the installer is at during the process. Once finished, a pop up will appear reflecting such. Click ‘OK’ to close the installer.
Tails is now installed on the USB drive. The last thing we need to do is configure it.
In order to do this you’ll need to boot your computer from USB. Close the virtual machine, and reboot your computer. You’ll need to change the boot order of the connected devices, the key that needs to be pressed on boot will be different across manufacturers. It’s usually listed on the BIOS splash screen on reboot. If not, consult your computers manual or do a search for which key needs to be pressed on boot. You may also need to disable Secure Boot if you’re using Win8, 8.1, or 10. Check out this link for more info on that.
Follow the same steps as above. Select ‘Live System’, then keep ‘No’ highlighted and click ‘Login’. You’ll now be at the Tails desktop.
The first thing we’ll do is set up persistent storage. This will take up the rest of the free space on your USB drive. Go to ‘Applications’, ‘Tails’, then click ‘Configure persistent volume’. The following window should appear. You’ll want to create a strong password, confirm it, then click ‘Create’. This will take several minutes.
Once that’s finished, it will ask what kind of files you want to store on the persistent volume. What you select is up to you, but for the purposes of this guide we’ll be selecting ‘Personal Data’, ‘GnuPG’, ‘GNOME Keyring’, ‘Network Connections’, ‘Browser Bookmarks’, and ‘Electrum Wallet’. Once that’s done click save. It will now ask you to reboot your computer for the settings to take effect.
After you have rebooted, you’ll see a new option on the start up screen. It will ask if you want to use the persistent storage. Click ‘Yes’, then enter the password you’ve used. Make sure ‘Read-only’ is unchecked.
At the top right you should see an icon that looks like two computer monitors. This is how you’ll connect to your network. Click it, select the network, enter your password if any, and it will begin connecting to the Tor network. Once it’s connected you’ll see the Onion icon in the system tray.
To access the internet through the Tor network, just click on the green globe icon on the left of the system tray. You will also want to disable scripts globally, which you can do by clicking on the NoScript icon to the left of the URL bar. There is also a so-called ‘Unsafe Web Browser’ which you can use if you need to get on a website that doesn’t allow Tor connections. You can find that by going to ‘Applications’ then ‘Internet’.
Tails uses Electrum as the default wallet, this can be found under ‘Internet’ in the ‘Applications’ menu. When creating the wallet make sure to back up your seed in a safe place, this is the only way you can recover a lost wallet. Writing it down on a piece of paper is a good idea.
Tails uses GnuPG for PGP, and Seahorse as a graphical front-end. This can be found by going to ‘Applications’, ‘System Tools’, ‘Preferences’, then ‘Passwords and Keys’. It will also work just fine from the command line.
Part 5 – Conclusion
Congratulations! If you’ve followed this guide you now have an anonymous and secure operating system for browsing the dark web. There are a few more things to Tails such as Pidgin+OTR messaging, Claws Mail, and a metadata anonymization toolkit, but those are beyond the basics. If you want to learn more check out the documentation at https://tails.boum.org/doc/index.en.html.
Thanks to our skilled tutorials master @MLP_is_my_OPSEC :)