Tails report for August 2023

Highlights

• We are hiring! We are looking for a Linux generalist to join the Foundations team. We are committed to making the project more diverse, and request your help circulating the opening.

• We published our recommendations for hardware to run Tails.

• We interviewed journalists, activists, and digital security trainers to better understand their communication needs. We want to speak to more such folks, especially if they are working in African and Asian contexts. If you are reading this, or know of anyone who fits, sajolida would love to hear from you. He's at sajolida@pimienta.org.

• And internally too, we are working on better communication and collaboration tools. We are trying to make working on Tails a bit friendlier for those who don't suffer from command line addiction.

Releases

Tails 5.16 was released on August 06 2023.

• You have shiny, upgraded versions of Tor Browser and Thunderbird.

• Some users were experiencing difficulties while unlocking Persistent Storage. In Tails 5.16, we fixed some of these issues and continued working on it for Tails 5.17.

• You will now see the passphrase recommendation for the Persistent Storage only in lower case. Capitalising each word makes for more cumbersome typing, and is not more secure.

Tails 5.16.1 was released on August 15 2023. It fixes a critical vulnerability in the Linux kernel that large, powerful actors could have exploited (but, to the best of our knowledge, haven't).

Metrics

Tails was started more than 761771 times this month. That's a daily average of 24,573 boots.

This release is an emergency release to fix a critical vulnerability in Tor Browser.

We'd like to dedicate this Tails release to Debian developer Abraham Raji who tragically lost his life in an accident on the 13th of September, 2023.

Changes and updates

• Update Tor Browser to 12.5.4 which fixes CVE-2023-4863: Heap buffer overflow in libwebp.

• Update Tor to 0.4.8.5.

For more details, read our changelog.

Known issues

None specific to this release.

See the list of long-standing issues.

Get Tails 5.17.1

To upgrade your Tails USB stick and keep your persistent storage

• Automatic upgrades are available from Tails 5.0 or later to 5.17.1.

  You can reduce the size of the download of future automatic upgrades by doing a manual upgrade to the latest version.

• If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails on a new USB stick

Follow our installation instructions:

• Install from Windows
• Install from macOS
• Install from Linux
• Install from Debian or Ubuntu using the command line and GnuPG

To download only

If you don't need installation or upgrade instructions, you can download Tails 5.17.1 directly:

• For USB sticks (USB image)
• For DVDs and virtual machines (ISO image)

Changes and updates

• Rename Tails Installer as Tails Cloner. (#16907)

• Install more printer drivers and enable all printers automatically. (#18254)

• Update Tor Browser to 12.5.3.

• Update Thunderbird to 102.15.0.

Fixed problems

• Fix some failures while unlocking the Persistent Storage. (#19728)

  Sometimes, upgrading the cryptographic parameters of the Persistent Storage was taking too long and made unlocking the Persistent Storage fail. We allowed the upgrade to take more time before reporting a failure.

  Please keep reporting errors using WhisperBack if you have problems unlocking your Persistent Storage.

For more details, read our changelog.

Known issues

None specific to this release.

See the list of long-standing issues.

Get Tails 5.17

To upgrade your Tails USB stick and keep your persistent storage

• Automatic upgrades are available from Tails 5.0 or later to 5.17.

  You can reduce the size of the download of future automatic upgrades by doing a manual upgrade to the latest version.

• If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails on a new USB stick

Follow our installation instructions:

• Install from Windows
• Install from macOS
• Install from Linux
• Install from Debian or Ubuntu using the command line and GnuPG

To download only

If you don't need installation or upgrade instructions, you can download Tails 5.17 directly:

• For USB sticks (USB image)
• For DVDs and virtual machines (ISO image)

Highlights

• In case you missed it, we have a new home. In July, we completed the migration of the Tails website to a new namespace: tails.net. Welcome!

• 2 more sponsors renewed their support for Tails: freiheitsfoo and Exam Success! We are all very grateful for their continued support and generosity. You, too, could sponsor Tails.

• We have started work on deciding the next big feature for Tails! We are deliberating between adding either VPN functionality or messaging applications. We're sure you have preferences and pointers for us. Let us know.

Releases

Tails 5.15.1 was released on July 11 2023.

• From Tails 5.14 - the previous Tails release - your Persistent Storage automatically uses LUKS2 encryption with Argon2id. On some systems, the upgrade was facing issues with reliability (#19734, #19728). Tails 5.15.1 fixes these reliability issues. If you are still experiencing issues, WhisperBack! 

• Tor browser in Tails now supports authenticated onion services in a consistent manner.

Metrics

Tails was started more than 751,383 times this month. That's a daily average of over 24,238 boots.

This release is an emergency release to fix a critical vulnerability in the Linux kernel.

Changes and updates

• Update the Linux kernel to 6.1.38.

  This updates fixes:

  • Downfall on Intel processors (CVE-2022-40982)
  • Inception on AMD processors (CVE-2023-20569)

  These vulnerability could allow a malicious application running in Tails to access and steal data from another application in Tails, for example passwords stored in KeePassXC or private keys stored in Electrum.

  This attack is unlikely, but could be performed by a strong attacker, such as a government or a hacking firm. We are not aware of this attack being used in the wild.

Fixed problems

For more details, read our changelog.

Known issues

None specific to this release.

See the list of long-standing issues.

Get Tails 5.16.1

To upgrade your Tails USB stick and keep your persistent storage

• Automatic upgrades are available from Tails 5.0 or later to 5.16.1.

  You can reduce the size of the download of future automatic upgrades by doing a manual upgrade to the latest version.

• If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails on a new USB stick

Follow our installation instructions:

• Install from Windows
• Install from macOS
• Install from Linux
• Install from Debian or Ubuntu using the command line and GnuPG

To download only

If you don't need installation or upgrade instructions, you can download Tails 5.16.1 directly:

• For USB sticks (USB image)
• For DVDs and virtual machines (ISO image)

Changes and updates

• Update Tor Browser to 12.5.2.

• Update Thunderbird to 102.14.0.

• Display the passphrase recommendation for the Persistent Storage in small caps only.

  Capitalizing each word is more cumbersom and not more secure.

Fixed problems

• Fix some failures while unlocking the Persistent Storage. (#19728)

  Sometimes, upgrading the cryptographic parameters of the Persistent Storage was taking too long and made unlocking the Persistent Storage fail. We allowed the upgrade to take more time before reporting a failure.

  Please keep reporting errors using WhisperBack if you have problems unlocking your Persistent Storage.

• Fix the circuit view of Tor Browser that was sometimes not displayed. (#19897)

For more details, read our changelog.

Known issues

See the list of long-standing issues.

Get Tails 5.16

To upgrade your Tails USB stick and keep your persistent storage

• Automatic upgrades are available from Tails 5.0 or later to 5.16.

  You can reduce the size of the download of future automatic upgrades by doing a manual upgrade to the latest version.

• If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails on a new USB stick

Follow our installation instructions:

• Install from Windows
• Install from macOS
• Install from Linux
• Install from Debian or Ubuntu using the command line and GnuPG

To download only

If you don't need installation or upgrade instructions, you can download Tails 5.16 directly:

• For USB sticks (USB image)
• For DVDs and virtual machines (ISO image)

Today, we finished migrating our website to a new domain: tails.net.

After 14 years using a subdomain of boum.org, we finally found a new home that will be easier for everybody to remember and type. Tails will become easier to find by the people who need it the most.

The new domain also provides us more autonomy and possibilities for some technical work.

The former tails.boum.org domain will continue working until further notice, to avoid breaking upgrades and security notifications on older versions of Tails and external links on the Internet.

Please make sure to update any important pointers you might have or know about.

We want to thank boum.org for supporting the project for all these years. Their support was and continues to be very valuable! :)

Highlights

• 2 more sponsors renewed their support for Tails! Look to the Right and Nym Technologies. We are all so grateful for their generosity.

• Tails now uses LUKS2 with Argon2id by default for all new Persistent Storage and LUKS encrypted volumes. Until Tails 5.12, Tails created LUKS devices version 1 (LUKS1) with PBKDF2 to derive cryptographic keys. But, PBKDF2 no longer offers adequate protection against brute force attacks. We published an extensive security advisory for this migration.

• We also published the entire Puppet codebase that manages the Tails infrastructure. Have a look under the hood!

Releases

Tails 5.14 was released on 16 June 2023.

• Tails 5.14 automatically converts your Persistent Storage to use LUKS2 encryption with Argon2id. 

• Persistent Storage is not only more secure, but also more usable now. We've brought back descriptions of some of the Persistent Storage features, and the button on the welcome page that creates Persistent Storage is now a switch instead of a button.

• Many people use Tails to secure their Bitcoin wallet. All Electrum users on Tails can now donate to Tails through Electrum itself. Tails runs on your donations!

Metrics

Tails was started more than 750,346 times this month. That's a daily average of over 25,012 boots.

Changements et mises à jour

• Update Tor Browser to 12.5.

  Le Navigateur Tor 12.5 a une nouvelle vue du circuit et de meilleures informations sur les services onion.

  

• Support onion service authentication in Tor Browser.

  Par exemple, l'authentification des services onion est utilisée par OnionShare en dehors de Tails.

  

• Display the version of Tails in the Boot Loader

  

Problèmes corrigés

• Fix the search of some languages and keyboard layouts. (#19200)

  

• Make the upgrade of the Persistent Storage more reliable:

  • Sur certains systèmes, le message « Mettre à jour le stockage persistant » est affiché à chaque fois dans Tails 5.14 lorsque Tails échoue dans la mise à jour de l'un des paramètres cryptographiques. (#19734)

  • On some USB sticks, upgrading the Persistent Storage was too slow and failed with the error message "Upgrade of persistent storage failed". (#19728)

• Fix opening documentation links from Tails Installer. (#19870)

• Prevent Tor Browser to access information about other Tor circuits. (#19740)

• Make the error when scanning the QR code of a bridge more consistent. (#19737)

Pour plus de détails, lisez notre liste des changements.

Problèmes connus

#19728 was affecting 5.14, and it might still be present. If you encounter this bug, please send us a WhisperBack report.

Voir la liste des problèmes connus de longue date.

Obtenir Tails 5.15.1

Pour mettre à jour votre clé USB Tails et conserver votre stockage persistant

• Automatic upgrades are available from Tails 5.0 or later to 5.15.1.

  Vous pouvez réduire la taille du téléchargement des futures mises à jours automatiques en effectuant une mise à jour manuelle vers la dernière version.

• Si vous ne pouvez pas faire une mise à jour automatique ou si le démarrage de Tails échoue après une mise à jour automatique, merci d'essayer de faire une mise à jour manuelle.

Pour installer Tails sur une nouvelle clé USB

Suivez nos instructions d'installation :

• Installer depuis Windows
• Installer depuis macOS
• Installer depuis Linux
• Installer depuis Debian ou Ubuntu en utilisant la ligne de commande et GnuPG

Pour seulement télécharger

Si vous n'avez pas besoin d'instructions d'installation ou de mise à jour, vous pouvez télécharger directement Tails 5.15.1 :

• Pour clés USB (image USB)
• Pour DVD et machines virtuelles (image ISO)

Highlights

• We started serving the Tails website under the tails.net domain. Until now, we have been redirecting totails.boum.org. The full migration will still take some time.

• We have 2 new sponsors for this year! ThinkPenguin renewed their support, and another individual came on-board, but prefers to remain anoynomous. 

• Between 2021 and 2023 we partnered with Tor, and the Guardian Project to organise training and usability tests in Ecuador, Mexico, and Brazil. Drawing this work to a close, we organised an online workshop for digital security trainers at the request of Sursiendo. We shared experiences about the training, and discussed past and future updates to Tails.

Releases

Tails 5.13 was released on May 16

• Tails now uses LUKS2 by default for all new Persistent Storage and LUKS encrypted volumes. LUKS2 provide stronger cryptography by default. A migration plan from LUKS1 to LUKS2 for the existing Persistent Storage is in Tails 5.14.

• You can now download files from the command-line interface using curl. curl's versatility can be useful for online investigations as an alternative to wget.

Metrics

Tails has been started more than 765,853 times this month. That's over 24,705 boots a day on average.