Subscribe to our newsletter to receive the same news by email:

Archive of all news

RSS Atom
Stronger together: What we've accomplished since the Tails-Tor merger

Nine months ago Tails and Tor set out to unite forces for Internet Freedom. The goal was to integrate Tails into the organizational structure of the Tor Project to pool resources instead of duplicating them, and deliver a more robust shield against censorship and surveillance. Today we're happy to report that we're already seeing the transformative impact of our united efforts.

Delivering on our promises

The integration of two organizations requires careful planning and collaboration. When we first began our discussions, we made it a point to focus on better serving the shared communities that depend on Tor and Tails. The merger has already delivered on our core commitments in concrete ways:

Countering censorship and surveillance more effectively

Our combined anti-censorship expertise is yielding immediate results. Whenever a new or previously unknown censorship event occurs, we can figure out how best to tackle the issues. China is one such example in action: When obfs4 bridges increasingly became the target of censors, our teams were able to jointly coordinate a strategic response, determining whether to address the issue through improved bridge distribution mechanisms or by adding support for newer pluggable transports in Tails itself. This kind of coordinated response to censorship events was more challenging and time-consuming when we operated separately.

More robust treatment of overlapping threat models

We've ensured that Tails' specific needs are now directly integrated into Arti development, creating a more comprehensive solution for users who need both network and system-level security in high-risk environments. Having both Tor Browser and Tails developers collaborate more closely means that Tails users benefit from smoother, earlier releases that provide user protections faster.

Expanded training and outreach opportunities

Empowering our users through access and digital rights education has been a top priority for both Tails and Tor. Earlier this year, we successfully ran a Tails training in partnership with the Open Culture Foundation the day before RightsCon 2025, reaching activists and journalists who urgently need these tools. By tapping into Tor's Privacy Resilience Grants, we're now supporting more groups in the Global South to run Tails trainings directly in their communities, expanding Tails' reach to new territories and user groups.

Operational resilience to advance our shared mission

The benefits extend far beyond individual projects. Our unified sysadmin team has created a comprehensive 5-year roadmap for merging our digital infrastructures, eliminating redundancies while strengthening both organizations' technological foundations. We've already merged critical services including calendars, GitLab projects, password stores, and documentation systems, with security policies, monitoring systems, and authentication mechanisms currently in progress.

The merger has also clarified roles and responsibilities across teams while providing Tails teams with access to the Tor Project's mature organizational structure and improving system monitoring and management. Our expanded fundraising capacity means we can pursue larger grants and coordinate funding requests that support both tools simultaneously. It allows us to stay resilient in a dynamic fundraising landscape, and maximize the impact of every dollar.

This is a meaningful achievement for every supporter: Your donations now go further toward creating real-world impact rather than duplicating administrative overhead. Our resources are now fully directed toward developing stronger privacy tools and reaching more people who need protection from surveillance and censorship.

Upcoming changes for PayPal donors

Tails, just like Tor, has always been powered by your donations. As part of our organizational merge, we are taking the opportunity to upgrade the way we manage donations, donor records, and communication with you about your donations.

If you have made a donation to Tails through PayPal, your information will be imported into Tor's CiviCRM Customer Relationship Management (CRM) database, which collects only the minimal amount of information and hosts all donor data on Tor infrastructure. Rest assured that Tor will never sell or share your data. Ever. You can read the Tor Project's privacy policy here.

The following information will be imported:

  • Name
  • Email
  • Address, if given
  • Past donation history

All of this data will be merged by June 30, 2025. Once the data is completely merged, all PayPal monthly donations will be terminated. If you have an active monthly donation to Tails through PayPal, please watch out for a message from us about migrating your donation.

What you can do today

Thank you for being defenders of online privacy, anonymity, and censorship circumvention tools. We invite all our supporters to join us as part of the unified Tor community, working together to safeguard the digital human rights of individuals worldwide. Please consider renewing your donation today for the Tor Project and help make privacy possible.


Donate


The Tor Project is a 501(c)(3) nonprofit committed to transparency. The Tor Project has a Four-Star Charity rating from Charity Navigator, and has been awarded Candid's Platinum Seal of Transparency. This demonstrates the Tor Project's commitment to openness and honesty in how the organization manages its finances and uses your investment for a greater impact. Your donation is in good hands and goes a long way.

Tails 6.15.1

This release is an emergency release to fix important security vulnerabilities in Tor Browser.

Changes and updates

Fixed problems

  • Fix the Unsafe Browser appearing in the window list with the Tor Browser icon. (#20934)

  • Make reporting an error using WhisperBack more robust. (#20921)

  • Fix USB tethering. (#20940)

For more details, read our changelog.

Get Tails 6.15.1

To upgrade your Tails USB stick and keep your Persistent Storage

  • Automatic upgrades are available from Tails 6.0 or later to 6.15.1.

  • If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails 6.15.1 on a new USB stick

Follow our installation instructions:

The Persistent Storage on the USB stick will be lost if you install instead of upgrading.

To download only

If you don't need installation or upgrade instructions, you can download Tails 6.15.1 directly:

Security audit of automatic upgrades and recent changes

Late 2024, Radically Open Security conducted another security audit of critical parts of Tails.

To better protect our users, we addressed the security vulnerabilities as soon as they were discovered and reported to us, without waiting for the audit to be complete and public.

We can now share with you the final report.

The auditors concluded that:

The Tails operating system leaves a strong security impression, addressing most anonymity-related concerns. We did not find any remote code execution vulnerabilities, and all identified issues required a compromised low-privileged amnesia user – the default user in Tails.

Looking back at the previous audit, we can see the Tails developers have made significant progress, demonstrating expertise and a serious commitment to security.

Findings

The auditors did not identify any vulnerability in:

  • The creation of the Persistent Storage with LUKS2, introduced in Tails 5.14 (June 2023)

  • Our security improvements to Thunderbird

  • The random seed feature, introduced in Tails 6.4 (June 2024)

The auditors found 4 issues in:

  • The automatic upgrade mechanism

  • Other important changes since Tails 5.8 (November 2023)

IDImpactDescriptionIssueStatusRelease
OTF-001HighLocal privilege escalation in Tails Upgrader#20701Fixed6.11
OTF-002HighArbitrary code execution in Python scripts#20702Fixed6.11
#20744Fixed6.12
OTF-003ModerateArgument injection in privileged GNOME scripts#20709Fixed6.11
#20710Fixed6.11
OTF-004LowUntrusted search path in Tor Browser launcher#20733Fixed6.12

Postmortem

Our team went further than simply fixing these issues. We conducted a postmortem to understand how we introduced these vulnerabilities in our releases and what we could do to avoid similar vulnerabilities in the future. This analysis led to technical, policy, and culture changes.

This analysis was useful and we'll definitely consider doing postmortems again after future audits. It might also be useful for other projects to understand how we worked on these long-lasting improvements.

Technical improvements

  • Postmortem of OTF-001

    While preparing a major Tails release based on a new version of Debian, for example, Tails 7.0, we will look for Perl code included in Tails that modifies @INC in a dangerous way. (#19627)

    Furthermore, we now automatically check for potentially vulnerable Mite code and fail the build if we find any.

  • Postmortem of OTF-002 (#20719 and !1911)

    Our CI now ensures that all our custom Python software runs in isolated mode.

  • Postmortem of OTF-003 (#20711 and !1979)

    Our sudo configuration is now generated from a higher-level description, which has safer defaults and demands explanations when diverging from them.

  • Postmortem of OTF-004 (#20817 and !2040)

    Our CI now ensures that we don't write software that does unsafe .desktop file lookup.

    We will also periodically audit the configuration of onion-grater, our firewall for the Tor control port. (#20821)

Policy and culture improvements

  • During the audit, we noticed that we lacked a policy about when we should make confidential security issues public.

    This was problematic because:

    • We have sometimes been too secretive.

      As a temporary measure, this protected our users by erring on the safe side. But, without a disclosure process, we were not meeting our own standards for transparency and openness to third-party reviews.

    • Different team members were working with different assumptions, which caused communication issues.

    To have better guidelines for confidentiality and disclosure, we created our security issue response policy, based on the policy of the Tor Project's Network Team.

  • We will be more intentional about when it's worth the effort and risk to do large code refactoring.

    While refactoring is necessary for a healthy software development process, this postmortem showed that large refactoring can also introduce security vulnerabilities.

  • When changing security-sensitive code, such as our sudo configuration or any code that elevates privileges, we now require an extra review focused on security.

  • We will communicate about security issues more broadly within our team when we discover them so that every team member can learn along the way.

Fighting against a nuclear project in France

Stop sign in front of a nuclear power plant

Robin is an activist in struggle against a nuclear project in France. He has been using Tails as his default operating system for all his activism since 5 years, creating a clear separation between his activism (using Tails) and personal life (using encrypted Debian).

At his place, many nomadic activists use Tails USB sticks instead of having personal computers, allowing them to maintain privacy while using shared devices.

After facing repression, encrypting all their data became a baseline practice in his group. He prefers training others on Tails because it's easier to implement than teaching full computer encryption.

Because Tails is easy to share, even people with low technical abilities are able to use it. For the security of a group, what matters is the lowest security level within that group.

Read our full interview with Robin.

Tails 6.15

Changes and updates

  • Update Tor Browser to 14.5.1.

  • Update the Linux kernel to 6.1.135.

Fixed problems

  • Make sure Tails cannot store data in UEFI variables or ACPI tables when crashing. (#20813)

  • Fix the appearance of the GRUB Boot Loader with Secure Boot. (#20899)

For more details, read our changelog.

Known issues

  • Remove firmware for the Wi-Fi interfaces based on the BCM4301 and BCM4306 chips. (#20887)

    We believe that these interfaces are only available on computers that are too old to start Tails. Please let us know if your Wi-Fi stopped working in Tails 6.15.

  • The Unsafe Browser appears in the window list bar with the Tor Browser icon. (#20934)

  • Additional software may initially fail to install the first time you start Tails after upgrading. This should be fixed shortly after you connect to Tor.

  • Connecting to the Internet with USB tethering is broken with some phones. (#20940)

Get Tails 6.15

To upgrade your Tails USB stick and keep your Persistent Storage

  • Automatic upgrades are available from Tails 6.0 or later to 6.15.

  • If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails 6.15 on a new USB stick

Follow our installation instructions:

The Persistent Storage on the USB stick will be lost if you install instead of upgrading.

To download only

If you don't need installation or upgrade instructions, you can download Tails 6.15 directly:

Tails 6.14.2

This release is an emergency release to fix security vulnerabilities in the Linux kernel and the implementation of the Perl programming language.

Changes and updates

For more details, read our changelog.

Get Tails 6.14.2

To upgrade your Tails USB stick and keep your Persistent Storage

  • Automatic upgrades are available from Tails 6.0 or later to 6.14.2.

  • If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails 6.14.2 on a new USB stick

Follow our installation instructions:

The Persistent Storage on the USB stick will be lost if you install instead of upgrading.

To download only

If you don't need installation or upgrade instructions, you can download Tails 6.14.2 directly:

Tails 6.14.1

Today, we are releasing 6.14.1 instead of 6.14 because we discovered an important issue while testing 6.14 on Tuesday and had to start the release process again to fix it.

New features

More flexible confinement of Tor Browser

We improved the confinement technology that we use to protect your files from possible security vulnerabilities in Tor Browser.

Until now, Tor Browser could only save downloads to and read files from a limited number of folders.

With Tails 6.14.1, you can safely access any folder in your Home folder or Persistent Storage from Tor Browser.

This new integration also solves other usability and accessibility issues:

  • The Large Text accessibility feature works in Tor Browser. (#19266)

  • The Cursor Size accessibility feature works in Tor Browser. (#19572)

  • The minimize and maximize buttons are available again in the title bar. (#19328)

These improvements rely on 2 security technologies: the flexibility of the new XDG Desktop Portals of Flatpak allowed us to relax the AppArmor confinement, improving usability without compromising on security.

Changes and updates

  • Update Tor Browser to 14.0.9.

  • Update the Tor client to 0.4.8.16.

Fixed problems

  • Fix the Welcome Screen freezing after unlocking the Persistent Storage. (#20783)

  • Add a clearer border to the Kleopatra window when on white background. (#20861)

  • Fix the error when closing the check for upgrades from About Tails. (#20861)

For more details, read our changelog.

Get Tails 6.14.1

To upgrade your Tails USB stick and keep your Persistent Storage

  • Automatic upgrades are available from Tails 6.0 or later to 6.14.1.

  • If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails 6.14.1 on a new USB stick

Follow our installation instructions:

The Persistent Storage on the USB stick will be lost if you install instead of upgrading.

To download only

If you don't need installation or upgrade instructions, you can download Tails 6.14.1 directly:

Tails 6.13

New features

Detection of problems with Wi-Fi hardware

Problems with Wi-Fi are unfortunately quite common in Tails and Linux in general.

To help troubleshoot hardware compatibility issues with Wi-Fi interfaces, the Tor Connection assistant now reports when no Wi-Fi hardware is detected.

Warning in Tor Connection: No Wi-Fi hardware detected

Changes and updates

  • Update Tor Browser to 14.0.7.

  • Update the Tor client to 0.4.8.14.

Fixed problems

  • Detect partitioning errors also when Tails is started for the first time. (#20797)

    This solves some failures when creating the Persistent Storage on a new Tails USB stick.

  • Fix the Configure and Show Log buttons in the notification when installing additional software fails. (#20781)

    Notification: The installation of your additional software failed

For more details, read our changelog.

Get Tails 6.13

To upgrade your Tails USB stick and keep your Persistent Storage

  • Automatic upgrades are available from Tails 6.0 or later to 6.13.

  • If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails 6.13 on a new USB stick

Follow our installation instructions:

The Persistent Storage on the USB stick will be lost if you install instead of upgrading.

To download only

If you don't need installation or upgrade instructions, you can download Tails 6.13 directly:

Replacing balenaEtcher with Rufus as installer for Windows

We replaced balenaEtcher with Rufus in our installation instructions for Windows to solve privacy concerns with balenaEtcher.

Since January 2019, we had been recommending balenaEtcher to install Tails from Windows and macOS. We loved the simplicity of balenaEtcher, which was really easier to use and worked on macOS as well.

Shortly after, balenaEtcher started displaying ads. Although we didn't like that, we initially didn't view it as a significant privacy risk and had no better alternative at the time.

However, in 2024, the situation changed: balenaEtcher started sharing the file name of the image and the model of the USB stick with the Balena company and possibly with third parties. While we have not experienced or heard of any attacks against Tails users stemming from this change, we believe it introduces potential for abuse. To eliminate that risk altogether, we started looking again for alternatives.

After evaluating 7 other tools, we finally chose Rufus. We had tested Rufus many years ago, even before recommending balenaEtcher, but it was much harder to use and modified the Tails image in ways that were risky.

Congratulations to Akeo Consulting, the company behind Rufus, for really improving the usability and reliability of their tool!

We have not yet replaced balenaEtcher in our installation instructions for macOS because Rufus doesn't work on macOS. Also, as Tails doesn't work on Apple M1 and M2 processors, people who install Tails from macOS represent less than 10% of installations nowadays.

Still, we recommend 2 alternatives for macOS: installing Tails using dd on the command line or using Raspberry Pi Imager.

Tails 6.12

Important security fixes

The vulnerabilities described below were identified during an external security audit by Radically Open Security and disclosed responsibly to our team. We are not aware of these attacks being used against Tails users until now.

These vulnerabilities can only be exploited by a powerful attacker who has already exploited another vulnerability to take control of an application in Tails.

  • Prevent an attacker from monitoring Tor circuits. (#20733 and #20744)

    In Tails 6.11 or earlier, an attacker who has already taken control of an application in Tails could then exploit vulnerabilities in Onion Circuits and our Tor Browser wrapper that might lead to deanonymization.

  • Prevent an attacker from changing the Persistent Storage settings. (#20745)

Changes and updates

  • Add a button to check for upgrades from the About Tails utility.

  • Add the keyboard shortcut Ctrl+Alt+T to open a Terminal.

  • Update Tor Browser to 14.0.5.

  • Update Thunderbird to 128.6.0esr.

Fixed problems

  • Ensure all our Python code keeps running in isolated mode. (#20719)

  • Simplify the troubleshooting instructions when an automatic upgrade fails. (#20466)

  • Avoid freezing the Welcome Screen while activating the Persistent Storage. (#20635)

  • Made time synchronization more reliable when restarting Tor. (#20530)

  • Display an error message when upgrading the encryption of the Persistent Storage to LUKS2 fails. (#20634)

For more details, read our changelog.

Known issues

  • When installing additional software from your Persistent Storage fails, the Configure and Show Log buttons in the notification don't work.

    Notification: The installation of your additional software failed

    • To configure your additional software, choose Applications ▸ Persistent Storage and click on the button of the Additional Software feature.

    • To show the log, execute the following command in a Terminal.

      cat /run/live-additional-software/log

Get Tails 6.12

To upgrade your Tails USB stick and keep your Persistent Storage

  • Automatic upgrades are available from Tails 6.0 or later to 6.12.

  • If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails 6.12 on a new USB stick

Follow our installation instructions:

The Persistent Storage on the USB stick will be lost if you install instead of upgrading.

To download only

If you don't need installation or upgrade instructions, you can download Tails 6.12 directly: