Tor at the Heart: Tails
During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Tails is a complete operating system designed to be used from a DVD, USB stick, or SD card independently of the computer's original operating system. It is free software and based on Debian GNU/Linux. Tails comes with several built-in applications pre-configured with security in mind: a web browser, an instant messaging client, an email client, an office suite, an image and sound editor, etc.
Tails aims at preserving privacy and anonymity online and allows users to:
- Use the Internet anonymously to circumvent censorship; all connections to the Internet are forced to go through the Tor network. If an application tries to connect to the Internet directly, the connection is automatically blocked for security.
- Leave no trace on the computer by default.
- Use state-of-the-art cryptographic tools to encrypt files, emails and instant messaging.
Tails is configured with special care to not use the computer's hard-disks, even if there is some swap space on them. The only storage space used by Tails is in RAM, which is automatically erased when the computer shuts down. So you won't leave any trace on the computer either of the Tails system itself or what you used it for. This allows you to work with sensitive documents on any computer and protects you from data recovery after shutdown. Of course, you can still explicitly save specific documents to another USB stick or external hard-disk and take them away for future use.
Tails also comes with a selection of tools to protect your data using strong encryption:
- Encrypt your USB sticks or external hard-disks using LUKS.
- Automatically use HTTPS to encrypt all your communications to many major websites using HTTPS Everywhere.
- Encrypt and sign your emails and documents using OpenPGP.
- Protect your instant messaging conversations using OTR.
- Securely delete your files and clean your diskspace using Nautilus Wipe.
Tails provides a secure platform that improves endpoint security by making it comparatively easier to use the right tools in the right way, protecting even less tech-savvy users from the most likely and highest impact risks.
Proper physical destruction is the only guaranteed method of securely erasing flash memory, an SSD, or an HDD. Erasure of flash memory is complicated by wear-leveling and latient capacitance, and HDDs also by sector relocation and off-track writes among other issues. Some of the issues are especially problematic when overrwiting with zeros instead of pseudorandom data, because an adversary can "subtract" the canonical "zero signal" from the signal they're actually getting from a particular bit, yielding the original data in some cases. The ATA Secure Internal Erase command can help with some of these problems on SSDs and HDDs, but it is difficult to use and may brick the drive, and isn't always effective. These are expensive techniques and usually only considered when you're up against a very resourceful adversary, but it's worth knowing the risks.
I don't recommend attempting to securely erase individual files from a filesystem at all. There are too many opportunities for leakage at numerous levels. If there is any risk of data recovery, copy files you want to keep and erase the whole partition or drive.
The best way to securely erase media is to use strong encryption on it in the first place. For example, Tails's "Disk Utility" (or "Disks") has an option to format a partition or drive with dm-crypt ("Encrypt the underlying filesystem"), which I strongly recommend.
Here are some starting points: