Tails, like many other distributions, comes with several pre-installed programs. Most of which the average Linux user knows very well. Therefore, let’s go through them as briefly as possible. Tails is an operating system based on Linux (now Tails is based on Debian 9 (Stretch)). The first feature of Tails software follows from this – it is a selection of programs for Linux or cross-platform programs (that is, which work on different operating systems, for example, on Linux and on Windows). The second feature of Tails software: programs are selected for business activities that require secrecy. That is, on the one hand, Tails has programs for common tasks: working with documents, images, videos, and sound files. But the list of programs is also supplemented with tools for cleaning metadata, anonymous distribution of files, analysis of Wi-Fi networks and others.
The third feature, which is characteristic of the Linux operating system: not all programs are placed in the menu. In a standard Linux installation, including Tails, the number of programs and utilities is very large. The most frequently used programs are listed in the menu. But don’t think that what you see in the menu is all Tails programs. What you see on the menu isn’t even the tip of the iceberg—it’s the tip. The fourth feature is again related to the fact that we work inside Linux: some (often very necessary) programs have only a command line interface. For many, it is unusual and therefore difficult, but you need to familiarize yourself with at least the basics of working in the terminal – there is a lot of interesting and useful stuff to completely ignore this layer of programs.
Tails includes LibreOffice, a powerful office suite that includes several tools:
Writer — for working with text documents (similar to Word)
Calc – for working with tables (similar to Excel)
Impress — for working with presentations (similar to PowerPoint)
Draw is an application for drawing and drawing flowcharts
Math — for editing formulas
To start the LibreOffice program, select Applications → Office → LibreOffice (select the desired program).
Currently, LibreOffice perfectly supports the MS Word format, meaning you can edit Word documents here. By the way, LibreOffice also works on Windows. I recommend installing this office suite there as well, perhaps even to replace MS Office.
BookletImposer – for converting linear PDF documents to booklets and vice versa.
Simple scan (Simple Scan and SANE, in the Graphics menu) – to support scanning.
Document Viewer (located in the Utilities menu) is a handy program for reading PDFs and other book formats.
Text Editor (located in the Standard menu) is a simple text editor that allows you to edit and save text files.
Graphics. Programs are located in the corresponding menu item, allow you to edit images and create new ones.
GIMP is an advanced image editor. You can use it to edit, enhance and retouch photos and scans, create drawings and create your own images. If you learn to work in the program, it can replace PhotoShop in many ways.
Inkscape is a vector drawing application. You can use it to create a variety of graphics such as illustrations, icons, logos, charts, maps and web graphics.
Scribus is a page layout application. You can use it to design newspapers, magazines, newsletters and posters for technical documentation.
Simple scan – for scanning photos and documents.
Image viewer (located in the Utilities menu) is a built-in program for convenient viewing of photos and pictures. Starts automatically when clicking on an image file.
Screenshot (located in the Utilities menu) — allows you to take screenshots of the entire screen or individual programs and areas.
Libre OfficeDraw (found in the Office menu) is an application for drawing and drawing flowcharts
Audio and video. These are programs for editing and other work with video and audio files.
GNOME Sound Recorder is a simple sound recording application. Audio clips recorded with GNOME Sound Recorder are stored in the Recordings folder.
Audacity is a multi-track audio editor designed for recording, playing back and editing digital audio.
Brasero is an application for burning, copying and deleting CDs and DVDs: audio, video or data.
Pitivi is a non-linear audio and video editor.
Sound Juicer is a CD ripping application.
Traverso is a multi-track audio recorder and editor.
Before moving on to other groups of programs, a few words about the command line. Important thing you need to know: In Linux (this is also true in Windows, but in Linux it is even more pronounced): the functionality of programs with a graphical interface is only the tip of the iceberg of the entire functionality of the operating system. That is, graphic programs give you only a part of the possibilities. Many useful utilities have only a command-line interface. Some tasks simply cannot be performed without entering commands. This is also true for Windows, which also has many console utilities. Therefore, it is impossible not to learn at least the basics. So, to enter commands, you need to open a command line (or the same, Terminal or Console).
To do this, right-click on the desktop and select “Open Terminal”:
This can be done in the menu in the System section:
To execute commands, you need to write it and press Enter. The Ctrl+v key combination for inserting a command will not work – use the context menu. It is also strongly recommended that you familiarize yourself with at least the first part of “Linux Command Line Basics (Part 1)”.
Metadata is “information about other information”. In simpler terms, this is information about files. Most often, many people forget about them or do not know where to look. After all, there may be the most important information! For example, you want to share a file – a Word document – anonymously. You use Tails, you use OnionShare, but in your document, in its properties, your full name is “Petro Semenovych Lebedev” as the author… Will Tails and OnionShare be of much use in this case? Or you took a photo of a document with your phone and want to share it again through anonymous networks and resources, and in the properties of your JPG photo, the GPS coordinates of your house … Neither Tails, nor OnionShare, proxy and even VPN will help in this case. There is a MAT program in the System menu.
This program can remove metadata from many types of files, including office files, images, PDFs, archives, and others Add files to the program (one by one or several at once) and click the Clean button.
Detailed description of the program: https://kali.tools/?p=1204
New version of mat2: https://kali.tools/?p=4749
Next program — PDF Redact Tools.
PDF Redact Tools helps you securely edit and remove metadata from documents before publishing. For its operation, you need to enter commands in the terminal.
Tor Browser is a web browser based on Mozilla Firefox and modified to protect your anonymity.
Pidgin is the encrypted part.
OnionShare – For anonymous file sharing. To share a file, select it, a link will be created for it. Give this link to whoever you want to send the file to. This link can be opened only when connected to the Tor network, for example, in the Tor Browser. Your file will be available for download via the link. Once you close OnionShare, the download link will become useless – the file will no longer be distributed.
Thunderbird mail client with Enigmail support for OpenPGP, as well as for reading RSS and Atom.
Gobby — for co-writing.
For working with cryptocurrencies, there is an Electrum wallet – it is an easy-to-use bitcoin client. In its operation, it does not download the entire Bitcoin blockchain, so it starts up very quickly and does not require synchronization.
This is for hackers – Tails already has the Aircrack-ng package installed. The Wi-Fi interface is called wlan0. In order not to enter the password many times, I recommend switching to the root user:
We transfer the Wi-Fi card to monitor mode:
We look at networks in the district:
If something did not work out for you, then your Wi-Fi adapter is not suitable and you need a special one from this list. If you are interested in this topic, see the book Hacking Wi-Fi networks with Kali Linux and BlackArch (in Russian). But you have to remember – not all programs mentioned in the book are installed in Tails – some of them will need to be installed yourself.
You may have to work with damaged media. Maybe even after formatting. PhotoRec and TestDisk programs can help with this. They are not present in Tails by default, so to install them, run the command:
GnuPG, a GNU OpenPGP implementation for encrypting and signing email and data
Monkeysign is an OpenPGP signing and key exchange tool
PWGen is a strong password generator
Shamir’s Secret Sharing using gfshare and ssss
GNOME’s on-screen keyboard as a countermeasure against hardware keyboard spies
KeePassXC is a password manager
GtkHash — for calculating checksums
Keyringer is a command-line tool for encrypting secrets shared via Git
Paperkey is a command-line tool for backing up OpenPGP private keys on paper
A more detailed description for some programs, as well as instructions for use, will be in the next part of this guide.
Tails has a built-in file manager that isn’t very user-friendly. I recommend installing the double-window file manager Double Commander:
To run in the console, type:
By the way, Double Commander also works great in Windows – to feel the same everywhere, I recommend using cross-platform programs on all systems, then Windows Linux transitions will be much more comfortable.
Store multiple passwords in an encrypted database that is protected by a single password of your choice.
Always use different and stronger passwords because you only need to remember one passphrase to unlock the entire database.
Generation of very strong random passwords.
In recent versions of Tails, KeePassX is replaced by KeePassXC.
Follow these steps to create a new password database and store it on a persistent volume for use in future work sessions. To learn how to create and configure a persistent volume, read the persistence documentation.
When starting Tails, enable persistent volume.
In Persistent Volume Assistant, make sure that the Personal data retention feature is enabled. If it is disabled, enable it, restart Tails and enable persistent volume.
To launch KeePassXC, select Applications → Accessories → KeePassXC.
To create a new database, select Database → New database.
The database is encrypted and protected by a passphrase.
Enter your chosen passphrase in the Enter password text box.
Enter the same password again in the Repeat password text box.
Select Database → Save database.
Save the database as keepassxc.kdbx in the Persistent folder.
Follow these steps to unlock a password database stored on a persistent volume from a previous work session.
When starting Tails, enable persistent volume.
To start KeePassXC, Select Applications → Accessories → KeePassXC.
If you have a database named keepassxc.kdbx in your Persistent folder, KeePassX will automatically display a dialog to unlock the database. Enter the passphrase for that database and click OK.
If you enter an incorrect passphrase, the following error message will appear:
With Russian localization:
Then click OK and try again.
In addition to the password database, you can save your KeePassXC settings using the Dotfiles save function. To do this, create a folder /live/persistence/TailsData_unlocked/dotfiles/.config/keepassxc/ and copy the file ~/.config/keepassx/keepassxc2.ini into it.
The KeePassX 1 database format (Tails 2.12 and earlier) is incompatible with the KeePassXC 2 database format (Tails 3.0 and later). To migrate your database to the new format:
Select Database → Import KeePass 1 database (Import KeePass 1 database)
Select a database, such as keepassx.kdb.
Once your database is open, save it in the new format:
Select Database → Save database.
Save the database as keepassx.kdbx in the Persistent folder.
kdb for the old format.
kdbx for the new format
This operation does not remove your old database from your Persistent folder.
You can now delete the old database or save it as a backup.
GtkHash allows you to calculate checksums. Checksums can be useful for verifying the integrity of a file, for example if you’ve downloaded it from the Internet. To calculate the checksum of a file:
Open the file manager by clicking the Places menu or the Home icon.
Navigate to the folder containing the file for which you want to calculate the checksum.
Right-click the file and select Properties.
In the Properties dialog box, click the Digests tab.
In the Hash Function column of the Digests tabbed section, check the boxes that correspond to the checksums you want to calculate.
Click on the Hash button.
Calculated checksums are displayed in the digest column.
You can also run GtkHash from the Standard menu. In this case, you can choose a file, text or many files to calculate the hash sum.
You can also start GtkHash from the Standard menu.
You can choose different hash functions:
Example of string hash calculation:
Keyringer is an encryption and secret distribution software, this utility works from the command line. Keyringer lets you manage and share secrets using OpenPGP and Git with commands to encrypt, decrypt, and edit text files and other types of documents. By storing these secrets in Git, you can share them with other people. Note: Using keyringer requires prior knowledge of Git and the command line. To save your key configuration across work sessions, you can enable Dotfiles in persistent storage and make the files persistent in the .keyringer folder of your home folder. For example, if you have one keyringer named top-secret:
Be sure to update your dotfiles every time you use keyringer commands like init, teardown, destroy, or preferences. To do this, you can run the following command:
For chatting and instant messaging, Tails includes Pidgin Instant Messenger. You can use it to connect to IRC or XMPP servers (also known as Jabber) and have multiple accounts connected at the same time.
To start Pidgin, select Applications → Internet → Pidgin Instant Messenger or find it in the Favorites submenu. For more detailed documentation, see the official Pidgin user guide.
One account is configured in Pidgin by default:
irc.oftc.net to connect to the OFTC IRC server.
This account is deactivated when Tails is launched. To activate it, select Accounts → Enable Account and select the account you want to enable from the submenu.
As explained on the official page, Off-the-Record Messaging allows you to have personal conversations via instant messaging, providing:
No one else can read your instant messages.
You are sure that the correspondent is who you think.
Sent messages do not have digital signatures that can be verified by a third party. Anyone can spoof a message after a conversation to make it look like it’s from you. However, during the conversation, your correspondent is confident that the messages he sees are valid and unchanged.
If you lose control of your private keys, no previous conversation will be compromised.
Note: OTR is turned off by default and your conversations are not private. File transfer is not OTR encrypted. OTR only encrypts conversations.
Note: To save OTR keys and settings across work sessions, you can enable Pidgin’s Persistent Storage feature. In a private OTR chat over IRC, a message sent using the /me command is not encrypted. The person receiving the message receives a warning.
Every time you start Tails, a random username is generated for all Pidgin accounts. The generator takes a list of common English names and changes them so they’re almost unique and doesn’t show that you’re using Tails. It is based on language confluxer by Christopher Pound. If you want to reuse the same username in different work sessions, you can activate the persistent storage feature and save Pidgin settings.
Reading and writing e-mails (email)
Reading RSS and Atom feeds for news and blogs
To start Thunderbird, select Applications → Internet → Thunderbird. You can enable the persistent storage feature for Thunderbird to save your emails, feeds, and settings after a system reboot. For more detailed documentation, see the official Thunderbird Help.
Attention: It is not possible to connect to email providers that require an OAuth authentication mechanism, such as GMail.
When you start Thunderbird for the first time, a wizard appears to help you set up Thunderbird to access your email account.
To start this assistant again in the main Thunderbird window, choose → Preferences → Account Settings, and then in the Account Settings dialog box, choose Account Actions → Add Mail Account … (Add an email account…).
Enter your name, email address and password in the appropriate fields.
The assistant attempts to automatically configure the correct settings for connecting to your email provider based on your email address. If the settings are configured automatically, contact your email provider to set up your email account manually.
If the automatic setup was successful, you may need to specify which protocol to use to connect to your email provider: IMAP or POP.
With IMAP, Thunderbird is constantly synchronized with the server and displays the emails and folders stored on the server. IMAP is best suited for accessing e-mail from different operating systems.
With POP, Thunderbird retrieves e-mails that are in the inbox on the server and possibly deletes them from the server. POP is better if you only access your email from Tails and store it in persistent storage.
Thunderbird in Tails includes an Enigmail extension to encrypt and authenticate emails using OpenPGP. To set up Enigmail for your email account, you can run the Enigmail Setup Wizard by selecting → Enigmail → Setup Wizard. You can also generate an OpenPGP key associated with an email address as part of the Enigmail setup wizard. If you’re new to OpenPGP, you can read the following tutorials to get started with email encryption using Thunderbird and Enigmail:
Security-in-a-Box: Thunderbird & OpenPGP – secure email
Enigmail: Enigmail Quick Start Guide
Thunderbird в Tails включає розширення TorBirdy для додаткової конфіденційності та анонімності. Для більшої безпеки TorBirdy відключає деякі функції Thunderbird:
Sending emails and displaying feeds (feeds) in HTML format Emails and feeds in HTML format are displayed as plain text and can become difficult to read
Automatic checking of Atom and RSS feeds at startup.
To learn more about TorBirdy’s security features, you can read its project document.
Tails includes OnionShare, a tool for anonymous file sharing. This allows you to share files directly from your running Tails. For this, the onion service (a site whose address ends with .onion) is created in the Tor network. Any Tor user you give this address to can download the files you choose to share. To share files with OnionShare:
Open a file browser.
Right-click the file or folder in the file browser and select Share via OnionShare.
If you need to add more files, drag them into the OnionShare window.
If you want to allow multiple downloads, uncheck Stop sharing automatically. Otherwise, OnionShare will stop sharing files after they have been downloaded once.
Click on Start Sharing. When the files are available, an address will be shown, for example http://bwwijokny5qplq5q.onion/assam-cover.
Now you can give the address to anyone else, for example by email. OnionShare will notify you when redistributable files are downloaded.
After closing OnionShare or closing Tails, the files will no longer be available for download.
Electrum is a Bitcoin client that is particularly suited to the Tails context because:
You can use your wallet from multiple devices and avoid losing your bitcoins due to a backup error or computer crash.
Electrum does not download the blockchain, so the startup time is short.
You can sign transactions from an offline session for added security.
To launch Electrum, select Applications → Internet → Electrum Bitcoin Wallet.
To learn how to use Electrum, read the documentation on the Electrum wiki. For an explanation of how Bitcoin works in simple terms, read The In-Depth Guide to Bitcoin That Won’t Leave You Frustrated. Attention: Bitcoin is not anonymous.
To make it more difficult to link different transactions, you need to use different receiving addresses for each transaction. Electrum automatically generates new addresses for use. Note: Electrum uses mBTC as the base block by default. 1 mBTC = 0.001 BTC. To change this setting, select Tools → Preference and open the Appearance tab.
Caution: Do not blindly trust the bitcoin balance that Electrum shows as unconfirmed. Wait for the transactions to be confirmed.
Your wallet can be completely rebuilt from its seed: a string of words generated by Electrum when the wallet is created. But if you lose seed, you lose your entire wallet.
Activate the persistent storage feature and save Bitcoin Client in it to save your Bitcoin wallet and settings after restarting your computer.
Back up the seed outside of Tails. For example, you can write it down on a piece of paper and keep it with you.
If Electrum won’t start or stays minimized, your Electrum folder may be corrupted. To restore your seed wallet:
Make sure Electrum is closed.
Open your home folder.
Select → Show Hidden Files.
Open the .electrum folder.
Delete the wallets folder.
When creating a new wallet, select I already have a seed and specify the seed of your wallet.
If you have set an administrator password, the screen will automatically lock after a period of inactivity. To disable this behavior, run the following command:
In Tails, you can connect to FTP and SFTP servers using Nautilus. To open the file manager, tap Places → Home folder. Then in the file manager, click +Other locations. In the “Connect to server” field, enter the FTP or SFTP address along with the ftp protocol.
An on-screen keyboard can be useful, for example, if you are concerned that the computer you are working on has a built-in keystroke interceptor (hardware keylogger). To open the on-screen keyboard in Tails, in special features, move the slider opposite On-screen keyboard:
The on-screen keyboard will appear in applications that are waiting for text input: