Home » Articles » In-depth Guide to Tails + Persistence
Click Here To Hide Tor

In-depth Guide to Tails + Persistence

Here’s an easy to follow noobs guide to Tails. Tails is by no means just a noobs OS, it does a lot of the hard work for you and makes connecting to and browsing the .onion.top network easy as hell. Edward Snowden used it to help stay anonymous during the initial NSA spying leaks. We’ll go over verifying the ISO, installing to USB, setting up persistence, and setting up the environment. For this guide we’ll be using Linux Mint as our operating system. Most steps will be the same across operating systems.

#What we’ll need

  • Flash drive, minimum of 4GB
  • Host OS (your computer)
  • Guest OS (Tails .iso file)
  • Virtualbox and Virtualbox Extensions
  • PGP knowledge

Part 1 – Installing Virtualbox and Extensions

Unlike the other methods this one only requires one flash drive. We’ll be booting the live Tails system on Virtualbox, and installing it to the USB stick from there. The interface in the pictures may look a little different from what you see, but all of the options are in the same places.

#Virtualbox

Virtualbox allows you to run other operating systems on top of your current one, kind of like an emulator. This is what we’ll be using to boot Tails so we wont have to reboot during the install. Head over to the download page and select the download appropriate for your current OS.

tails002

After downloading, install it like you would any other program. Open it up and you should see the following screen.

tails003

#Virtualbox Extensions

This is what will allow the USB stick to communicate with our guest OS, which will allow us to install the live system without needing to reboot. Go to the download page, and download the extension pack for the most recent version. When it’s finished downloading, double click it to open it with Virtualbox.

tails004

The above should appear. Click install, follow through with the install process. If successful you should see the following window appear.

tails005

We’re done with Virtualbox for now. We’ll come back to it later when setting up the virtual machine.

Part 2 – Downloading and verifying Tails

We need to download the Tails .iso file, and verify that it’s authentic. Tails, or The Amnesic Incognito Live System, is a GNU/Linux distro with a focus on anonymity and privacy. It does this by routing all traffic through the Tor network, deletes all files on shutdown unless explicitly asked not to (persistence storage), and comes with all the other tools you need. Persistant storage will be needed for saving our wallet and keypairs.

If you want to know more check out the ‘About’ page, and it would also be a good idea to read over the ‘Warning’ page to get a better idea about what Tails can and cannot do.

#Downloading

tails006Visit the official Tails website and click the download button on the right side. Scroll down a bit on the download page to ‘Download the ISO image’. Click on the ‘ISO image’ button and the ‘signature’ button to download the .iso and the signature. Save these two files in the same location.

Next you’re going to want to download the ‘signing key’ from this link. Import the key into your PGP program of choice. We’ll be verifying the .iso by checking the PGP signature. If you don’t know how to use PGP, check out the guides we have for GNU/Linux, OS X, and Windows.

#Verifying

Verifying the ISO is an important step. We want to make sure what we’re getting is actually from the Tails project. Like the intro said, we’ll be using the command line in Linux Mint . If you’re using Windows or OS X check out this link for instructions.

First we need to import the Tails signing key. Change into the directory where you saved it, then import the key into GPG. Once it’s imported, the output from gpg should reflect that. Take a look at the below picture to make sure you did this step right. If you get an error saying “gpg: no ultimately trusted keys found” this means that you haven’t created your own keypair yet. This is fine just for verifying the .iso file, you can ignore it.

tails009Now we’re going to verify the .iso with the signature we downloaded earlier. Change into the directory where you saved the .iso and signature, and use gpg to verify it with their key. This could take several minutes so be patient. If the .iso image is genuine, you’ll see the output saying that the signature is good. If you see “gpg: This key is not certified with a trusted signature!”, the .iso is still genuine according to the imported key, you just haven’t signed the Tails key with your own. See this link for more details on how to trust the Tails signature key. If you did things correctly, your CLI of choice should look similar to the picture below.

tails010If the .iso isn’t valid you’ll get an error saying “gpg: BAD signature from “Tails developers (signing key) <[email protected]>”. This will most likely be due to a corrupted download, so try downloading the .iso again if this happens.

Part 3 – Booting the .iso

Now that we’ve confirmed the .iso is genuine we can install it on the USB stick.

#Creating the virtual machine

Open up VirtualBox and plug in your USB stick. The first thing you’re going to do is click where it says ‘New’ in the top left corner, which should open a window titled ‘Create Virtual Machine’. Create a name, select ‘Linux’ as type, and version as ‘Linux 2.6 / 3.x (32 bit). See picture for an example.

tails011VirtualBox will now ask how much memory you want to give to Tails. It will default to 256MB, but change it to 1024MB to make sure we don’t run into any issues. If you have less than 2GB of RAM in your computer you can set it to 512MB and everything should be fine. Click ‘Next’.

The next screen will ask if you want to reate a virtual hard drive. Since we’ll be booting the .iso directly, there’s no need to create a hard drive. So click ‘Do not add virtual hard drive’, then click ‘Create’.

tails012It will give you a warning about not having a hard drive, that’s fine. Just click ‘Continue’. You should now see our newly created virtual machine listed.

tails013#Preparing the virtual machine

In order for Tails to boot properly and recognize the USB stick we need to edit some settings. Click on the virtual machine, then click ‘Settings’ up at the top. The following window should appear.

tails014First we need to make sure it’ll boot the Tails .iso file. On the left click ‘Storage’. You’ll now see the Storage tree, with ‘Controller: IDE’ being empty and ‘Controller: SATA’ having nothing listed. Click where it says ‘Empty’, and there will be some new options on the right side. Under ‘Attributes’ you’ll want to check the box that says ‘Live CD/DVD’, then click the CD/DVD symbol to the right of ‘CD/DVD Drive’ and browse to where you saved the .iso file. If done correctly your window should now look like below.

tails015Next select the ‘USB’ option in the left sidebar. You’ll want to check off the boxes that say ‘Enable USB Controller’ and ‘Enable USB 2.0 (EHCI) Controller. On the right, click the USB icon that has the green “+” symbol on it, and select the USB device you want to install Tails on. Your window should look like below.

tails016Now our VM is prepped to install Tails. Click ‘Ok’ at the bottom right, click your Tails virtual machine, then click Start. The virtual machine will boot the Tails live image, and give you two selections. With your arrow keys highlight ‘Live’ then hit ‘enter’ on your keyboard. It will take a minute or so to load. You’ll then see the below picture, leave ‘No’ selected then ‘Login’.

tails017Ignore the message about it being on a virtual machine, we’re not using it for anything other than installing the .iso to USB. Welcome to Tails!

tails018

Part 4 – Tails on USB

#Installing

I hope you aren’t bored yet, we’re almost done. Click on ‘Applications’, then ‘Tails’, then ‘Tails Installer’. You’ll see the following window. Click on ‘Clone & Install’, and you should see something like the second picture.

tails019tails020

Your USB drive should already be selected for the ‘Target Device’, if not do so. Then click ‘Install Tails’. It will confirm that you want to install Tails on the USB drive. Do so, then click ‘Yes’. This will take several minutes, and you’ll be able to see what part the installer is at during the process. Once finished, a pop up will appear reflecting such. Click ‘OK’ to close the installer.

Tails is now installed on the USB drive. The last thing we need to do is configure it.

#Configuring

In order to do this you’ll need to boot your computer from USB. Close the virtual machine, and reboot your computer. You’ll need to change the boot order of the connected devices, the key that needs to be pressed on boot will be different across manufacturers. It’s usually listed on the BIOS splash screen on reboot. If not, consult your computers manual or do a search for which key needs to be pressed on boot. You may also need to disable Secure Boot if you’re using Win8, 8.1, or 10. Check out this link for more info on that.

Follow the same steps as above. Select ‘Live System’, then keep ‘No’ highlighted and click ‘Login’. You’ll now be at the Tails desktop.

The first thing we’ll do is set up persistent storage. This will take up the rest of the free space on your USB drive. Go to ‘Applications’, ‘Tails’, then click ‘Configure persistent volume’. The following window should appear. You’ll want to create a strong password, confirm it, then click ‘Create’. This will take several minutes.

tails021Once that’s finished, it will ask what kind of files you want to store on the persistent volume. What you select is up to you, but for the purposes of this guide we’ll be selecting ‘Personal Data’, ‘GnuPG’, ‘GNOME Keyring’, ‘Network Connections’, ‘Browser Bookmarks’, and ‘Electrum Wallet’. Once that’s done click save. It will now ask you to reboot your computer for the settings to take effect.

tails022After you have rebooted, you’ll see a new option on the start up screen. It will ask if you want to use the persistent storage. Click ‘Yes’, then enter the password you’ve used. Make sure ‘Read-only’ is unchecked.

tails023At the top right you should see an icon that looks like two computer monitors. This is how you’ll connect to your network. Click it, select the network, enter your password if any, and it will begin connecting to the Tor network. Once it’s connected you’ll see the Onion icon in the system tray.

tails024#Browsing

To access the internet through the Tor network, just click on the green globe icon on the left of the system tray. You will also want to disable scripts globally, which you can do by clicking on the NoScript icon to the left of the URL bar. There is also a so-called ‘Unsafe Web Browser’ which you can use if you need to get on a website that doesn’t allow Tor connections. You can find that by going to ‘Applications’ then ‘Internet’.

#Bitcoin Wallet

Tails uses Electrum as the default wallet, this can be found under ‘Internet’ in the ‘Applications’ menu. When creating the wallet make sure to back up your seed in a safe place, this is the only way you can recover a lost wallet. Writing it down on a piece of paper is a good idea.

#PGP

Tails uses GnuPG for PGP, and Seahorse as a graphical front-end. This can be found by going to ‘Applications’, ‘System Tools’, ‘Preferences’, then ‘Passwords and Keys’. It will also work just fine from the command line.

Part 5 – Conclusion

Congratulations! If you’ve followed this guide you now have an anonymous and secure operating system for browsing the dark web. There are a few more things to Tails such as Pidgin+OTR messaging, Claws Mail, and a metadata anonymization toolkit, but those are beyond the basics. If you want to learn more check out the documentation at https://tails.boum.org/doc/index.en.html.

Thanks to our skilled tutorials master @MLP_is_my_OPSEC :)

21 comments

  1. I’m getting this error when trying to install. Any advice?

    USB drive found
    Partitioning device /dev/sda
    Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
    LiveUSB creation failed!

  2. I am stuck on installing. I followed your steps exactly, twice and still after I click “Clone & Install” at the next screen it says “Unable to find any USB device.” This would indicate something with the USB settings, right? But I’m doing just what you say. I am using OSX, btw

    • SalviaGoddess

      cancel that. for some reason it only recognizes one of my two USB ports

    • Instead of using VM, you can try the 2 USB method. Use Rufus (my choice) to write the ISO to the first USB. Change boot settings to USB first and boot from the Rufus created USB. Follow the instructions and simply plug in the second USB when at home screen and follow the tutorials instructions for creating the final install of tails. Hope this helps.

      Cheers

  3. JerimiahBullfrog

    Fantastic guide.

  4. I’m running tails onto USB, and boot up when in a box execute “netstat -pnta” looking a perl app listening at port 7150, it is ok?

    Regards.

  5. hi, can i install and run an .exe program into tails?
    thanks!

  6. Can i use TAILS with KALI as dual OS on a USB drive with persistence i was able to achieve persistence with KALI_LINUX but didn’t work with TAILS.

  7. Weird when i try to boot into persistence it keeps saying i entered the wrong passphrase, tried it 2 times now.

  8. i keep getting conflicting info. wish there was one compilation of steps. Reddit’s wiki says ” You should not be running Tails on a virtual machine! It is far less secure on a VM.” I’m going to trust Reddit because they don’t have so many typos..

  9. PLEASE HELP

    I stuck in installing tails on usb- After ‘install by cloning’

    I get the following error:


    Partitioning device /dev/sda
    GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface
    ‘org.freedesktop.Udisks2.Partition’ on object at path /org/freedesktop/UDisks2/block_devices/sda1
    Tails installation failed!

  10. got through with pretty much everything but after setting up the persistance storage and rebooting the monitor symbol wont show up

  11. Hi, i’m into part 2 –> verifying tails with gpg/pgp.
    I’ve just take part to gpg/pgp 2 days ago.

    My problem: can’t import the tailspk with the command line, but i did graphically (with sudo gpa). That’s the error message:
    gpg: can’t open /home/omega3/.gnupg/pubring.gpg'
    gpg: keydb_get_keyblock failed: eof
    gpg: no writable keyring found: eof
    gpg: error reading
    tails-signing.key’: general error
    gpg: import from `tails-signing.key’ failed: general error
    gpg: Total number processed: 0

    So i can’t interact with gpg/pgp through the command line, except to gen key. Hence i can’t verify the iso…

  12. Hi, i’m to the part of verifying the tailspk with gpg/pgp onto ubuntu.
    I know it’s accessory, but this is my problem.
    Graphically i can import the signing key. But from the command line, i can only gen key; when i try to import or verify the tailspk, don’t work.
    I had thought the only way is because the command onto ubuntu is different.
    And i want to deal nice with that for the future, gpg/pgp is very important to master.

    Here the point:
    [email protected]:~/Documents/tails$ gpg –keyid-format long –verify tails-i386-2.3.iso.sig tails-i386-2.3.iso
    gpg: Signature made lun. 25 avril 2016 19:02:56 CEST
    gpg: using RSA key 98FEC6BC752A3DB6
    gpg: can’t open `/home/omega3/.gnupg/pubring.gpg’
    gpg: keydb_search failed: file open error
    gpg: Can’t check signature: public key not found

  13. Is it possible for anyone to open encrypted persistence files without the password? Is it something that requires a lot of computing power?

  14. is this the same thing

    https://www.amazon.co.uk/Linux-Tails-Secure-Browsing-Bootable/dp/B017HXL718/

    or do I need to add more to it?

  15. Snowden is now pushing QubesOS, but probably uses TAILS as well.

  16. Sorry to take your time. I’m having trouble connecting to, what i believe
    is a wpa enterprise wifi connection as it is a backpacker lodge.
    I cant get to where i should be entering the username and password which
    comes up a browser splash page with the windows system.
    I tried configuring with settings that have gotten me onto it before…
    A bit lost with it.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *