 So you finally snapped after watching enough of my videos or reading into just how deep this global surveillance stuff goes for yourself, and you finally decided that you want to start daily driving Tails OS to become a digital nomad with no identity. Well, Tails is a pretty good tool to start doing that. However, there's a few changes that I recommend making to Tails OS as well as to your PC hardware and to your usage habits so that you can really maximize your security and your anonymity when you're browsing the dark web. And if you want to show off how much of a leaked dark web hacker you are, you can purchase my new tie-dye tourtees only available on base.win. And I'm still doing the 10% store-wide discounts when you shop on base.win and you use Monero XMR for your purchase at checkout. The tour shirts are colorful, breathable, comfortable, and they're only going to increase your chances of getting raided by the feds by about 4%, so they're definitely worth getting. Buy one today, and now let's get on to the tutorial. One thing that sets Tails OS aside from Hoonix and Cubes is that Tails is a self-contained portable system. You don't have to necessarily use it on the same laptop every day. You can really use it on any computer with Linux-compatible hardware. However, you should be wary of using Tails on public computers that might have hardware-based keyloggers installed in them because these can sniff your passwords and other sensitive data from Tails OS or really any operating system that you use on them. Now to defend against this, Tails actually ships with the GNOME Screen Keyboard so that you can enter in your passwords without typing. But you still should look out for security cameras, shoulder surfers, and even capture cards that might be connected to these public PCs that'll be able to record your screen. Now let's talk about what you can do to beef up the security of your own hardware because that's a bit more reliable. If you're thinking of getting a dedicated laptop for Tails, which is what I recommend, consider looking at the Cubes OS certified laptops on their site. The main thing that all these laptops and hardware have in common besides the virtualization capabilities which you don't even need for Tails OS is that they all have open-source boot firmware installed to them like Coreboot. So if you can Coreboot your laptop, that's a really good option if it has compatible hardware to do so and you're confident in being able to Coreboot your computer successfully so you can have an open-source BIOS. Now let's talk about some hardware mods that can be done to any Tails OS setup. And this is actually the single most important mod that I'm going to show you first that would have been able to keep the Silk Roads founder, Ross Ulbrich out of prison. It would have kept Alpha Bay's co-founder and so many other hidden marketplace admins out of jail and that is a dead man switch to lock down, shut down or possibly even destroy your Tails OS system in the case of an emergency. Now Tails OS actually comes with a really unique opportunity to create a dead man switch, a very low-tech dead man switch because the entire system just runs off of a USB drive and if this USB drive were to get removed from a computer while it's powered on the computer is going to shut down, it's going to encrypt itself, the USB drive will encrypt itself and the screen is going to go dark and your computer's RAM is also going to get wiped. So going back to the examples of dark web admins that were captured by federal agents collaborating from different countries, if they had a lanyard or some kind of tether physically connecting them like you could wrap this around your wrist and then it physically connects you to the USB stick, this would have come out when the feds tried to grab Ross Ulbricht's laptop or when Alexander Kaza's, the former admin of Alphabet, ran out of his house with his laptop still logged in to investigate a car crash that the feds had orchestrated, he would have brought his USB stick with him. So some kind of emergency shutdown, ideally a very low-tech one like this is basically an old boot string wrapped around your wrist and then the USB stick, this is a necessity as an average dark web enjoyer. Now let's talk about some other accessories to avoid. OK, so you want to avoid all wireless mice, wireless keyboards, headphones and even wireless internet connections. If you can get away with that, you want to go with wired connections because these are a whole lot harder to tap into. They're much harder to intercept. You want to take care to prevent people from tampering with your hardware or at the very least, you want to paint the screws of your laptops that you can tell if someone tried to open it because when they use a screwdriver, that's going to cause some of the paint to chip off of your screws. Now, this next mod is a little bit destructive, but it could be very effective at stopping shoulder surfing. And that is to remove the polarization filter from your laptop's LCD and then make polarized glasses for yourself. That way, anyone that's looking at your screen without polarized glasses, like if they're looking over your shoulder, they're just going to see a big white screen from any angle and you're going to be able to see what's actually on the screen. Now, let's talk about some usage behaviors to practice with Tails OS. OK, so all of the typical Opset recommendations that you're going to find in the dark web Opset Bible and similar guides are still going to apply, obviously, but there are some limitations that are specific to Tails OS that we can mitigate. So a fairly subtle one that's in the vein of shoulder surfing is the fact that Tails does not clear your video ram when you shut down or reboot your PC. This means that whatever is on the screen in Tails OS at the time of shutdown could briefly be present when you power that computer back on. Even if you or the adversary are booting into another operating system besides Tails OS, so they don't have to capture your USB for this. That last screen from your tail session can flash up really quickly and it is usually scrambled, but there could still be some important private details that are leaked from that scrambled screen. Things like a username when you're locked into a marketplace or a logo for a specific site. So I recommend before you lock or power off your tail session to first minimize all of your open windows and also hide your task bars, anything like that. So only your desktop is visible and also make sure that you don't have extra application shortcuts on your desktop and keep the default Tails OS all paper. Don't change it to a picture of your favorite waifu so that there aren't any additional data points that can be used to track you on Tails OS. Now let's talk about some of the mods that you should make inside of the Tails OS system to become a full time anonymous citizen of the dark web. For the most part, Tails is an all inclusive system for dark web activity with the exception of a Monero wallet and a modern chat app. So if you're going to daily drive Tails for dark web activity, you should enable persistence after installing it and then go ahead with installing a Monero wallet. I recommend running a full Monero node yourself for maximum privacy and because that also helps the Monero network. But if you can't store the entire Monero blockchain or you can't store a pruned blockchain or a prune node, then consider using one of the remote dot onion nodes that are listed on xmrguide.org. Now, as far as chatting on Tails OS goes, Tails does come with Pigeon for communication with XMPP clients. However, there's another FOS XMPP program called Gajum that is compatible with a newer encryption protocol called OMEMO that's better than Pigeon's OTR because OMEMO protocol offers many to many encrypted chats, offline message queuing, forward secrecy and file transfers as well as verifiability and deniability at the cost of a slightly larger message size overhead. So guides for installing these programs are going to be linked below in the video description, but it's pretty straightforward to install both of these apps. Gajum and its OMEMO plugin can actually just be installed through the synaptic package manager in Tails OS after you enable an administrator password. So very straightforward. Now, some other security considerations to keep in mind when using Tails or any other distro is to be on the lookout for post quantum encryption algorithms becoming available as plugins for your crypto programs like GNU Privacy Guard. I've actually seen a number of GPG-like programs that are offering PQ algorithms as well as PQ WireGuard implementations. But these projects are still in their experimental phases. So be very careful with them. But something you could do today to actually enhance your quantum resistance with much more time tested tech is to start using one time pads wherever possible as a secondary authentication method. Now, let's talk about how to mitigate one of the glaring flaws of Tails OS that, in my opinion, really makes it much weaker than Cubes OS and Hoonix. And that is the lack of built-in malware mitigations. Tails is basically just a hardened live Linux system that routes all of its traffic through Tor. Hacking Tails is not impossible. And don't get me wrong, hacking Hoonix or Cubes isn't impossible either since those are also hardened Linux but to de-anonymize a Hoonix or Cubes user and get their real IP, you would also have to escape a hypervisor which is generally much more difficult to do than just getting root on a Linux box. So if malware is able to get installed or able to get executed on your Tails OS machine, there is a serious risk of you getting de-anonymized until you're able to reboot, which is then gonna remove that malware and anything else that wasn't able to get written to your persistence partition. And de-anonymizing a Tails user has been done before. So there's this guy named Buster Hernandez. He was a really bad guy. He was using Tails to stalk and harass underage girls on Facebook. He would blackmail them to get them to make these explicit photos and videos for him. He would threaten to hurt them and their family if they didn't do it. Really horrible stuff. But anyway, Facebook actually joined forces with the FBI to try and catch this guy because Facebook is the primary platform that he was hunting for victims on although I think he used Twitter and a couple other things. And this was around 2017 when making fake Facebook profiles and like sock accounts on Facebook was a lot easier. So the way that he got caught was the FBI had one of his victims upload a file to Dropbox that contained malware. And this wasn't the old double file extension, you know, .mp4.exe trick. It was a regular video of the girl without any explicit images, according to court documents that contained code embedded in the file that would give the FBI agent some kind of remote code execution on the machine that the file was played on. Now, in order for that to work, the FBI had to know what video player Buster was using. So here's how I think the whole hack against Buster went down. So Facebook knows that he's using TailsOS. They can figure this out through fingerprinting pretty easily. And Facebook goes and tells the FBI this, they start pen testing Tails or maybe they already had known about a flaw in the Tails video player called Totem that could then give them RCE. So the FBI coordinates with the victim to get a video that Buster is interested in put into his Dropbox folder. The FBI adds their malware to that video file and then they upload it to Dropbox. And then that automated malware is gonna run on Buster's system and probably become root or become the clear net user in Tails. And then it can do a DNS request to an FBI server that they control giving them Buster's real IP. And then once they have that real IP they can really easily get the physical address from his ISP, do some surveillance for a little while and then finally do a raid once they've confirmed that they've got their guy. So let's talk about what he could have done or others could have done to prevent this kind of de-anonymization in Tails. Using a different video player for one might have helped. I mean, I haven't even heard of the Totem video player until I started doing research for this video when I heard about the Buster Hernandez case. Apparently it's the default player with Nome and so that's why it's included with Tails OS because they just use Nome apps. Personally, I would recommend a more popular open source video player like VLC or MPV because there's more people that are using these video players, they're both open source and so more people are looking at the source code and the odds of there being a critical bug that allows RCE in them is also probably a lot lower. Applications written in Rust might also be a good idea to use on an average dark web enjoyer system since they're gonna have memory safety built into them which is one of the main things that can prevent the majority of exploits that lead to RCE. And another option is to just disconnect Tails OS completely from the internet, unplug your ethernet cable. Remember, we're not using wifi whenever opening untrusted files which as we know, can also include media files not just executables. So if the feds had rooted Buster's box or gotten to the clear net user without an internet connection they wouldn't have been able to get his real IP and if he rebooted before reconnecting to the internet then the malware would be gone. Another option to prevent de-anonymization through malware is to create a separate system either through virtualization or have a separate physical system to run files on and then have that other system act as your tour gateway. And this is basically the same kind of system that Hoonix uses and on Tails it is actually possible to install virtual box and run virtual machines inside of Tails including a Hoonix workstation machine although I don't really recommend doing this since it requires enabling DKMS modules in Tails that can increase your attack surface and also virtual box isn't a very performant or secure hypervisor compared to Zen or KVM in the first place and if you've got a machine that's powerful enough to run VMs you might as well just install cubesOS instead which is gonna give you much better security than TailsOS in my opinion. So now that leaves the physical device separation. This could be achieved by connecting your Tails device first to another computer instead of to your router and then have that computer act as a gateway that routes all of your traffic through tour kind of like a Hoonix gateway and Hoonix workstation setup but without virtualization. This also mitigates the problem of getting hacked because if Tails gets rooted or if your adversary switches to the clearnet user to try to ping some server somewhere they won't be able to get your real IP without also compromising that other computer that acts as your tour gateway. So that concludes this guide for enhancing your security in TailsOS, if you found it useful please like and share this video with others so that they can also benefit from it. Comment below in order to hack the algorithm and follow my channel on odyssey.com. Have a great rest of your day.