Tails OS is a live operating system that routes all internet traffic through Tor, leaves no digital footprint on your computer, and boots entirely from USB. Every time you reboot, Tails starts fresh—no history, no cache, no persistent tracking. It’s designed for journalists, activists, and privacy-conscious individuals who need anonymity and security as a fundamental operating principle. The setup is straightforward, but maximizing privacy and usability requires understanding how Tails works, what it protects against, and how to properly configure persistent storage for files you need to keep.

What Tails OS Actually Does

Tails is a Debian-based Linux distribution with three core features:

1. Forces all traffic through Tor: Every internet connection is automatically routed through the Tor network, anonymizing your traffic even before it leaves your computer.

2. Live operating system: Tails runs entirely from USB and leaves no persistent data on your computer unless you explicitly enable persistent storage. Shutdown the computer, remove the USB, and your computer is unaware Tails existed.

3. Built-in security tools: Tails includes cryptographic tools (GPG for email encryption), anonymous browsing (Tor Browser), encrypted messaging, and disk encryption built-in.

What Tails does NOT do:

• Protect against malware on the computer hosting it (if your computer’s BIOS is infected, Tails can’t protect you)
• Protect your metadata if you misuse it (e.g., uploading files to your personal email account defeats anonymity)
• Provide anonymity if you identify yourself (logging into your real social media account while using Tails defeats anonymity)

Think of Tails as a privacy OS for your network connection, not a solution for physical security or endpoint security on a compromised computer.

Hardware Requirements

Minimum:

• Computer with USB port and ability to boot from USB
• 4GB RAM (8GB+ recommended for comfortable use)
• USB drive 8GB+ (16GB or larger recommended for persistent storage)

Compatibility: Tails works on most laptops and desktops. Older Macs (2012 and earlier) have compatibility issues. Check the official compatibility list before proceeding: https://tails.boum.org/support/requirements/

Why specs matter: Tails with Tor routing can feel slow, especially on older hardware. With 4GB RAM and 2+ year old processor, browsing feels laggy. With 8GB+ RAM and modern processor, it’s acceptable. Performance improves significantly with SSD boot vs. mechanical USB drives.

Creating Tails USB: Step by Step

You need:

1. Computer with USB port (the computer you’ll use to create the USB, not the computer you’ll use Tails on)
2. USB drive 16GB+ (dual-use Tails + persistent storage)
3. Tails ISO downloaded from https://tails.boum.org/

Option 1: Using Tails Installer (Easiest)

On any computer (Windows, Mac, Linux):

1. Download Tails from tails.boum.org (you’ll get a .iso file, ~1.2GB)
2. Download Tails Installer (included on Tails website)
3. Run Tails Installer
4. Select the ISO file
5. Select the USB drive (WARNING: this erases the drive)
6. Click “Install”
7. Wait 10-15 minutes for installation to complete

Verify the download: Before installing, verify the ISO’s digital signature to ensure you downloaded the real Tails, not a compromised version:

On macOS/Linux:

# Download the signature file from tails.boum.org
# Then verify:
gpg --verify tails-amd64-X.X.X.iso.sig tails-amd64-X.X.X.iso

If the signature is valid, you’ll see: Good signature from "Tails developers"

Option 2: Using DD (Command Line, All Operating Systems)

For advanced users, dd is reliable and works everywhere:

# On macOS/Linux
# 1. Insert USB drive
# 2. Find device name:
diskutil list

# 3. Unmount the device (don't eject, unmount):
diskutil unmountDisk /dev/diskN  # Replace N with your device

# 4. Write the ISO:
sudo dd if=~/Downloads/tails-amd64-X.X.X.iso of=/dev/rdiskN bs=4m
# Note: rdiskN (not diskN) is faster
# This takes 10-15 minutes. dd shows no progress; be patient.

# 5. When done (dd prompt returns):
diskutil eject /dev/diskN

Important: Using the wrong device in dd can destroy your entire hard drive. Triple-check the device name before running the command.

Booting Into Tails

1. Insert USB drive into the computer where you want to run Tails
2. Restart the computer
3. Immediately hold the boot key: This varies by computer
   • Mac: Hold Option during startup
   • Lenovo/Thinkpad: F12
   • Dell: F2
   • HP: Esc
   • Generic: Try Esc, F2, F10, F12, Delete (check your computer’s manual)
4. Select the USB drive from boot menu (may be labeled “TAILS USB” or similar)
5. Wait for Tails to boot (~30-60 seconds depending on hardware)

You’ll see the Tails splash screen, then be presented with boot options:

• Default: Standard Tails boot
• Accessibility: If you have vision/hearing accessibility needs
• Troubleshoot: For hardware compatibility issues

Select the appropriate option.

First Time Boot: Greeter

When Tails boots for the first time, you’ll see the Greeter (welcome screen):

1. Language: Select your language
2. Keyboard Layout: Select your keyboard layout
3. Tor Network Connection:
   • Select “Connect to Tor” (automatic connection, usually sufficient)
   • Or “Configure it” if you need bridge relay (for censored networks)
4. Startup Passphrase (Optional):
   • Creates encrypted persistent storage (recommended)
   • You’ll choose the passphrase here
5. Additional Settings: Timezone, etc.

After clicking “Start Tails”, the system boots into the desktop (~30-60 seconds more).

Tor Network Connection

Tails connects to Tor automatically on boot. The connection process:

1. Tor Connection Menu: Check connection status from the top panel (icon shows connected/disconnected)
2. Connection time: Initial connection can take 1-3 minutes depending on network
3. Disconnect/Reconnect: Click the icon to manually disconnect and reconnect (useful if you want a new Tor exit node)

If connection fails:

• Check internet connection (Tails needs access to the regular internet first to bootstrap Tor)
• Try again (sometimes temporary Tor network issues)
• Configure bridges if your network blocks Tor (see “Bridges” section below)

Understanding exit nodes: Every website you visit sees you connecting from a Tor exit node (an IP address that isn’t yours). This IP rotates, and other Tor users share the same exit node. This anonymity is the core of Tor protection.

Persistent Storage: Saving Files

By default, Tails doesn’t save anything. Shutdown and restart, everything is gone. This is by design—it prevents data leaks. However, you often want to keep certain files (GPG keys, documents, bookmarks).

Creating Persistent Storage

First boot (Greeter screen):

1. Check the “Persistent Storage” checkbox if available
2. Set a passphrase (this is your Persistent Storage password, different from login password)
3. Finish booting

After first boot:

1. Open Files > Persistent > Create
2. Select what to store persistently:
   • Personal Data (Documents, Downloads, Pictures)
   • Browsing (Firefox bookmarks, cache)
   • Email (Thunderbird settings)
   • System (Network settings)
   • GPG (Encryption keys - important!)
   • SSH keys
   • Tor Browser Bridges (if using bridges)

Recommended persistent storage:

• GPG keys (if you use GPG regularly)
• SSH keys (if you connect to servers)
• Thunderbird settings (if using email)
• Everything else: NO (keeps system fresh, reduces tracking)

Accessing Persistent Files

When Tails boots, your persistent storage is automatically unlocked. Files in Persistent folder are saved across reboots.

Location: /home/amnesia/Persistent/

Best practice: Store sensitive files only in Persistent, download temporary files to Downloads (which is wiped on shutdown unless you made Downloads persistent).

Common Workflows

Workflow 1: Secure Anonymous Browsing

1. Boot Tails
2. Open Tor Browser (already configured, in applications menu)
3. Browse normally (all traffic goes through Tor)
4. Sites can’t see your real IP address
5. Shutdown (no tracking data left behind)

Tor Browser looks like Firefox because it is Firefox, modified for Tor. It prevents JavaScript tracking, protects against browser fingerprinting, and disables plugins that could leak your IP.

Workflow 2: Secure Email with GPG

First time setup:

1. Boot Tails
2. Applications > Office > Thunderbird (email client)
3. Set up your email account
4. In Thunderbird: Edit > Preferences > OpenPGP
5. Create or import a GPG key (used for encryption)

Sending encrypted email:

1. Compose new email in Thunderbird
2. Click the lock icon (Enable Encryption)
3. Recipient’s public key must be imported (have them send you their key)
4. Send; email is encrypted

Receiving encrypted email:

1. Thunderbird automatically decrypts emails if you have the corresponding private key
2. Look for the lock icon (shows encryption status)

GPG encryption means even the email provider can’t read your email content.

Workflow 3: Securely Transfer Files

Use OnionShare (included in Tails) for anonymous file transfer:

1. Applications > Accessories > OnionShare
2. Select the file you want to share
3. Click “Share”
4. OnionShare creates a .onion address (address only accessible through Tor)
5. Share the address with recipient
6. Recipient visits address in Tor Browser, downloads file

The recipient can’t see your IP address. You can disable sharing immediately after they download. No intermediary server stores the file.

Workflow 4: Securely Delete Files

Delete (shift+delete) only overwrites with zeros once—not secure against forensic recovery.

For secure deletion (used in Tails by default):

1. Files > Preferences > Don’t Keep Files
2. Deletions are immediately wiped with multiple overwrites
3. Even forensic tools can’t recover deleted files

Or manually:

# Securely shred a file (multiple overwrites, then delete)
shred -vfz -n 35 filename.pdf

Bridges: Accessing Tor in Censored Networks

Some networks (China, Iran, corporate) block known Tor entry points. Bridges are relays that hide the fact that you’re connecting to Tor.

Getting Bridge Addresses

1. Visit https://bridges.torproject.org from a browser NOT in Tails
2. Solve CAPTCHA
3. You’ll receive 3 bridge addresses
4. In Tails Greeter: Click “Configure Connection” → “Configure Bridges”
5. Paste the bridge addresses
6. Complete setup

Bridges rotate and change. If one doesn’t work, get new ones.

Security Considerations and Limitations

What Tails Protects Against

• ISP tracking: ISP can’t see sites you visit (encrypted Tor traffic)
• Website tracking: Websites can’t see your IP address (Tor exit node used)
• Network surveillance: Eavesdropping on your network connection (encrypted)
• Data recovery: Files don’t persist (wiped on shutdown)

What Tails Does NOT Protect Against

Physical access to computer: If someone has physical access while Tails is running, they can:

• Extract RAM (Tails uses RAM for key data; physical attack can recover keys)
• Observe screen (obviously)
• Install malware to the host computer

Malware on host computer: If your computer has BIOS-level malware, Tails can’t protect you. Tails is software-level; it can’t protect against compromised hardware.

Behavioral correlation: If you use Tails to access your real identity (logging into your Facebook account, emailing from your real address), you’ve linked yourself to the Tor traffic. Anonymity is defeated.

Endpoint attacks: Malware specifically targeting Tails could deanonymize you. Tails mitigates this through:

• Automatic updates
• Conservative software choices
• Minimalist design (less code = fewer bugs)

But no system is unhackable.

Best Practices

1. Don’t open attachments: Even in Tails, malware can execute. Avoid opening unknown attachments.
2. Don’t maximize browser window: Maximized windows reveal your screen resolution, which combined with other data can identify you. Tails Browser is sized to a standard resolution for this reason.
3. Keep Tails updated: Tails auto-updates on boot. Let it update before using for sensitive work.
4. Don’t install extra software: Tails comes with carefully-selected secure software. Installing random packages increases vulnerability.
5. Don’t browse visibly: If someone can see your screen, Tor can’t protect you. Use privacy screen for laptop.
6. Use VPN before Tor (rarely): VPN → Tor improves anonymity against ISP/network eavesdropping, but your VPN provider can see Tor traffic. Only use trusted VPNs.

Troubleshooting Common Issues

Issue: Tails doesn’t boot

Cause: Computer not set to boot from USB first Fix: Enter boot menu (Esc, F2, F12, etc.) and select USB drive

Issue: Tor connection hangs or fails

Cause: Network blocking Tor, or Tor bridge issues Fix:

• Wait 3-5 minutes (Tor can be slow to connect)
• Configure bridges
• Try different network (some networks block Tor)

Issue: Very slow performance

Cause: Older hardware, mechanical USB drive Fix:

• Use newer/faster USB drive
• Boot from SSD external drive if possible
• Close unnecessary applications

Issue: Persistent storage not working

Cause: Passphrase not set, or persistent storage not enabled Fix:

• Boot into Greeter, check “Persistent Storage”
• Make sure you set a passphrase
• Unlock on next boot (you’ll be prompted)

Issue: Can’t access persistent files

Cause: Persistent storage locked Fix:

• Click Files > Persistent
• Enter your persistent storage passphrase
• Files now accessible

Practical Use Cases

For journalists:

• Research sensitive sources anonymously
• Receive encrypted communications
• Publish without revealing location

For activists:

• Communicate with local/international organizations
• Avoid surveillance in oppressive countries
• Publish information safely

For privacy advocates:

• Learn how privacy tools work
• Experiment with encryption without affecting main computer
• Keep sensitive work isolated from tracking

For security researchers:

• Test exploits in isolated environment
• Communicate with security community anonymously
• Research malware in sandboxed Tails

Getting Help and Updates

• Official site: https://tails.boum.org/
• Support: https://tails.boum.org/support/
• Security advisories: Check official site for updates
• Community: https://tails.boum.org/about/contact/

Getting Started: The Checklist

1. Download Tails ISO from official website
2. Verify the digital signature
3. Create Tails USB using Tails Installer or dd
4. Insert USB and reboot
5. Boot from USB (press appropriate key during startup)
6. Complete Greeter setup (language, keyboard, Tor connection)
7. Set up persistent storage with a strong passphrase
8. Enable GPG, SSH keys, or other tools you need
9. Test Tor connection (Tor Browser should open)
10. Test persistent storage (create a file, shutdown, reboot, verify file persists)

Tails OS is designed for users who need maximum privacy and anonymity. The setup is straightforward, but the security model requires understanding what Tails protects against and what it doesn’t. Use it appropriately, keep it updated, and don’t defeat the privacy through behavioral mistakes (like logging into identifying accounts).

Related Articles

• How to Use Tails OS for Maximum Anonymity
• Tails Persistent Storage Setup Guide What To Save And What S
• Air Gapped Computer Setup For Maximum Security Practical Gui
• How to Use Tails Operating System for Extreme Privacy Daily
• How to Self-Host Bitwarden Vaultwarden: Complete Setup Guide

Built by theluckystrike — More at zovo.one