A new minor release of Tails*, an operating system focussed on privacy and anonymity, has been made. In version 2.0.1 the browser was updated, fixing two security bugs. Security problems in Virtualbox, curl, OpenJDK, Kerberos, and the TIFF library were also corrected. The new version can again boot on 32-bit computers that have UEFI.
* The Amnesic Incognito Live System
Previously: TAILS Linux 1.3.2 is Released
Related Stories
TAILS - The Amnesic Incognito Live System - is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly.
It is a complete operating system designed to be used from a DVD, USB stick, or SDcard independently of the computer's original operating system. It is Free Software and based on Debian GNU/Linux. Tails comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, email client, office suite, image and sound editor, etc.
An emergency release was made a little over one week ago, and we covered that release then. As mentioned, the next scheduled release was due on Mar 31st and has, in fact, taken place. The announcement was delayed on this site so that it didn't become mixed up in any April 1st stories that were on the site yesterday.
TAILS version 1.3.2, is now available for download here: https://tails.boum.org/download/index.en.html
For full details of TAILS, please refer to the homepage, or for specific information relating to this release, please look here.
As always, we ask that if you download via torrent, please seed afterwards to help others obtain the software.
(Score: 0) by Anonymous Coward on Wednesday February 24 2016, @06:41AM
Anyone notice google search brownout?
(Score: 2) by frojack on Wednesday February 24 2016, @07:06AM
Anyone notice google search brownout?
Seems like an odd place to worry about Google on a story about TAILS. Maybe you should consider using DuckDuckGo.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Wednesday February 24 2016, @07:27AM
Doesnt duck duck go append the query to the URL? I still use it but I dunno about that practice.
(Score: 0) by Anonymous Coward on Wednesday February 24 2016, @07:39AM
What if it does? You control the referer header. If you don't, it's time to change browser!
(Score: 2) by hemocyanin on Wednesday February 24 2016, @08:03AM
compare:
https://duckduckgo.com/?q=tails+release&t=ffsb [duckduckgo.com]
https://www.google.com/search?q=tails+release&ie=utf-8&oe=utf-8 [google.com]
Clearly, they both include the search in the URL, at least with Iceweasel in Debian Wheezy.
(Score: 0) by Anonymous Coward on Wednesday February 24 2016, @08:10AM
Maybe this is just a stupid concern then. So what is different about the way startpage does it?
(Score: 0) by Anonymous Coward on Wednesday February 24 2016, @09:25AM
I have Javascript turned off. When I search from
https://duckduckgo.com/ [duckduckgo.com] the results page is at https://duckduckgo.com/html [duckduckgo.com] . When I open the duckduckgo.com URL you posted, it tells me (without showing any results) "This page requires JavaScript." So it would appear that people who allow Javascript to run are taken to a results page that has the search terms in the URL, whereas people without Javascript are sent to a results page without the search terms in the URL.
(Score: 2) by hemocyanin on Wednesday February 24 2016, @08:18PM
interesting. Maybe I should go back to turning off JS, but it is such an enormous hassle these days. I hate computers more and more.
(Score: 2) by frojack on Wednesday February 24 2016, @09:11PM
Without Javascript they set cookies.
With javascript they put it in the url.
Pick your poison.
I'd rather have it in the url, which is transmitted over SSL than have it leaving lingering cookies on my drive.
No, you are mistaken. I've always had this sig.
(Score: 2) by frojack on Wednesday February 24 2016, @09:06PM
Its ssl, in both browsers, so what is your worry here?
The difference is Duck claims to block all tracking.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Wednesday February 24 2016, @08:04AM
No, with Duck Duck Go the search terms don't become part of the URL of the results page.
(Score: 3, Informative) by TheRaven on Wednesday February 24 2016, @12:04PM
sudo mod me up
(Score: 0) by Anonymous Coward on Thursday February 25 2016, @12:35AM
There are browser extensions to eliminate those.
Here's something I do (without installing anything):
Take your browser offline.
(I can click the blue globe so that it splits; I can also do File; Work Offline (a toggle).
Drag the link and drop it where you want the new tab to be.
(I almost never *click* links for this and other reasons.)
Put your browser back online and hit the Refresh button for that tab.
Pulling up Page Info shows no referrer.
-- OriginalOwner_ [soylentnews.org]
(Score: 4, Informative) by maxwell demon on Wednesday February 24 2016, @09:12AM
Or Ixquick. Or, if you actually want the results of Google (but obviopusly not personalized), Startpage.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by davester666 on Wednesday February 24 2016, @08:12AM
this distribution has probably been backdoored...
(Score: 0) by Anonymous Coward on Wednesday February 24 2016, @10:16AM
"this distribution has probably been backdoored..."
reasons/proof?
(Score: 0) by Anonymous Coward on Wednesday February 24 2016, @11:46AM
I would imagine "Tails" as a butt/backdoor joke.
(Score: 0) by Anonymous Coward on Wednesday February 24 2016, @12:03PM
if he had a reason he'd have named it.
he's a deadhist.
(Score: 2) by melikamp on Thursday February 25 2016, @12:27AM
Do you leave all your doors unlocked because there's no proof a thief will enter? And when someone gives you a binding contract to sign, you sign it without reading, right? Because if you don't read it, then there's no proof it requires you to pawn your firstborn or anything like that. Closed source blobs inside the Linux kernel inside Tails are like a contract you cannot possibly read ever, yet you are bound by it not legally, but physically, since you cannot possibly analyze or alter the behavior of non-free software. And it sounds like you will sign it anyway because... there's no proof of malicious functionality?!? Has it occurred to you that you cannot prove anything in this case specifically because you are being scammed? Has it crossed your mind that the blobs are there specifically to deliver undetectable malware? What the fuck else could it be inside a network driver that's a secret? That software would not even work on any other card. This type of software gets no effective protection from copyright, since it only works in this one manufacturer's cards, and is totally useless anywhere else. There's absolutely no practical case for making its function secret, unless it's a malicious function.
(Score: 2) by melikamp on Wednesday February 24 2016, @01:18PM
(Score: 0) by Anonymous Coward on Wednesday February 24 2016, @02:13PM
[citation needed]
(Score: 2) by melikamp on Wednesday February 24 2016, @07:02PM
(Score: 0) by Anonymous Coward on Friday February 26 2016, @09:43AM
The mystery code isn't loaded unless the hardware that uses it is present, correct? I wouldn't fault the Linux maintainers too much for attempting to have compatibility with such hardware, although by doing so they make the situation less obvious.
Also, some hardware has closed-source firmware which is permanently loaded (examples: the majority of PCs because of the BIOS or EFI; hard drives; optical drives). It could be backdoored at the factory, for all we know.
(Score: 0) by Anonymous Coward on Wednesday February 24 2016, @08:24AM
If you like to draw as little attention yourself while using TAILS by pretending to be using Windoze, sorry 'bout that.
A bit more detail on 2.0 changes. [eweek.com]
In addition:
For a system that you don't typically install but rather use as-is on removable media, it shouldn't make any difference--unless you are philosophically opposed to Lennart and his stuff.
-- OriginalOwner_ [soylentnews.org]
(Score: 0) by Anonymous Coward on Wednesday February 24 2016, @04:45PM
unless you are philosophically opposed to Lennart and his stuff.
You know, I saw Lennart Poettering a grocery store in Hamburg yesterday. I told him how cool it was to meet him in person, but I didn't want to be a douche and bother him and ask him for photos or anything. He said, "Oh, you living in the now?" in German even though I appraoched him speaking English.
I was taken aback, and all I could say was "huh?" but he kept cutting me off and going "huh? huh? huh?" and closing his hand shut in front of my face. I walked away and continued with my shopping, and I heard him chuckle as I walked off. When I came to pay for my stuff up front I saw the God of systemd trying to walk out the doors with like fifteen packs of tofu in his hands without paying.
The girl at the counter was very nice about it and professional, and was like "Sir, you need to pay for those first." At first he kept pretending to be busy and not hear her, but eventually turned back around and brought them to the counter.
When she took one of the packs and started scanning it multiple times, he stopped her and told her to scan them each individually "to prevent any electrical infetterence", and then turned around and winked at me. I don't even think that's a word. After she scanned each box and put them in a bag and started to say the price, he kept interrupting her by yawning really loudly.
No wonder Linus hates him.
(Score: 2) by meisterister on Thursday February 25 2016, @12:29AM
...he then proceeded to split into about eight different, smaller Lennarts who started to carry the packages outside. Suddenly, one of them started screaming about a dependency problem and they all stopped dead where they were.
(May or may not have been) Posted from my K6-2, Athlon XP, or Pentium I/II/III.
(Score: 0) by Anonymous Coward on Wednesday February 24 2016, @10:06AM
If you're using Tor/Tails and wish to use DDG search, try:
http://3g2upl4pq6kufc4m.onion/ [3g2upl4pq6kufc4m.onion]
it's faster and it doesn't randomly time out sometimes like cleanet DDG.
(Score: 1, Interesting) by Anonymous Coward on Wednesday February 24 2016, @11:04AM
I prefer to run Tails off a DVD rather than USB. I don't like the idea of "updating Tails" to the next version via USB drive. I like the verification of the ISO's GPG sig.
Releasing a new ISO once per month is frustrating enough, as its size is huge and IMO contains too many extras for what the distro is known for (using Tor!).
I offered to contribute to the project were they to develop and release a much smaller version apart from the larger one. A simple OpenBox window manager with only the most basic packages installed (no audio/video editors, libreoffice, JAVA, etc.) but they don't appear interested. I don't want the bloat of Gnome and other packages.
Sometimes there are emergency releases and we see versions like 1.8.1, 1.8.2, and 2.0.1 (and older if you go back to look) and unless you "upgrade" you're going to be downloading the huge ISO all over again. It's almost hilariously sad to see security updates to critical packages (some which would require a reboot on a normal, HDD installed Linux distro) appear at Debian.org just a few days or a week following a new Tails version. Somewhere on the Tails site they mention not to update packages yourself and instead wait for their new release (or, "upgrades).
However, if you keep up with their changes, they have made package management really interesting with:
apt-transport-tor:
"Description-en: APT transport for anonymous package downloads via Tor
Provides support in APT for downloading packages anonymously via the Tor
network.
APT already includes mechanisms for guaranteeing the authenticity of the
packages you download. However, an adversary sniffing your network traffic
can still see what software you are installing.
Install apt-transport-tor, edit your sources.list to include only tor://
URLs, and you can make it very difficult for anyone intercepting your
network traffic to be able to tell that you are installing Debian packages,
or which packages you are installing.
Please note that this approach is only as secure as Tor itself - this
software cannot protect you from an attacker who has access to your local
machine. In addition, attackers may be able to correlate your network
traffic with the packets coming out of an exit node, so do be careful."
So I downloaded some packages (not updates) and noticed there was no longer a warning in Tails' Vidalia program's Message Log. I even downloaded a few minor updates which would not normally require a reboot with success. I don't recommend this though because I don't know how deeply the Tails team modifies things. The non-security downloads worked well when I ran them. (for programs not installed by Tails)
I'm not happy with the removal of ".xsessions-errors" (though I'm not sure if this was a Debian developer choice or Tails developer. I have not pursued this yet.) and a lot of the changes 2.0/2.0.1 introduced.
If I worked with a team I could develop a Tails spin which only had the basics which could probably fit on a regular cdrom or mini cdrom. Several other distros release other spins, usually with Desktop Environments though and less often with something simple like OpenBox. Maybe the other distros have more users/developers or maybe its because the mission of Tails differs, IDK.
(Score: 0) by Anonymous Coward on Wednesday February 24 2016, @11:50AM
If you want the tiny-tush version of Tails just cut out what you don't want and publish it as a derivative work.