 What's up guys, today I'm going to be teaching you how to use the amnesiac incognito live system or tails. This is a Debian based operating system that is meant to be booted off of a USB stick thus the live system and this live system is set up to be amnesiac meaning anything that you do inside of tails OS is going to be erased whenever you reboot the system. So if an adversary were to steal your laptop or steal the USB stick that you have tails installed to they're not going to be able to get any of your sensitive data off of it or if they forensically analyze it they won't be able to trace what you've been doing. And finally the incognito functionality of tails is provided by the fact that all of the OS's traffic is routed through the Tor network by default and every single tail system looks the same to servers out on the internet so it's very difficult for anyone even a nation state to track you when you're using tails which is probably why it's the favorite operating system for people that spend a lot of time on the dark web and really just for anyone that needs to have top notch anonymity. Now even though tails sounds like a foolproof anonymity toolkit there are still ways that you can screw up with installing tails and using tails that will completely ruin your opsec so make sure that you do thorough research beyond what's covered in this video. Now to get started with installing tails when you click on this install tails tab at the top of their website you'll be brought to this page that takes you to different instructions depending on what operating system you're using but really the only differences between installing tails on windows mac os or linux are the tools that you're going to use for writing to your usb stick writing the tails image to your usb stick and the tool that you're going to use to verify the image now since this is a guide for the ultra paranoid obviously i recommend using linux to download write and verify your tails image because there's a lower chance of any shenanigans taking place since most are all of your software and linux is going to be free and open source but again if you want to use windows or mac os most of this guide is still going to apply just different software for writing to usb and verifying the image now most guides that tell you how to install tails and you know even what they have here on their official site will recommend you download tails from the website directly from you know download tails net directly now there's a couple of reasons why you don't want to do this if you're ultra paranoid okay number one um some of you might have noticed that i'm visiting tails net in the tor browser okay so if you if your adversary is say a nation state or it's somebody that is able to get records from your isp and basically view what type of websites you go to you probably don't want them to know that you know about tails because then they might start watching you a little bit closely you know you might make your way onto a list i mean there's some people out there that think your name will get put on a list just for downloading and using the tor browser if that's true you're definitely on the list if you're using tails okay your name's going to be underlined highlighted and bumped up probably a couple hundred rows if you're using tails um so if you wanted to download it directly from the website do it over tor but what i really recommend doing is downloading it over bit torrent you know with a free and open source bit torrent client like q bit torrent and make sure when you're inside of your torrenting application that you're using a vpn or that you're using public wi-fi somewhere to mask your ip so that way you're able to download the image file without your adversary if it's a nation state knowing that you ever went to tails net and another benefit to downloading tails or really any linux iso over bit torrent is the file is being shared in a distributed manner so it lowers the chances that you're going to end up downloading a backdoor iso because in order to do that through bit torrent what a hacker would have to do is first compromise the tails net website here and they would have to post a corrupted magnet link or you know a hacked torrent image and then they would also have to spin up a bunch of machines in different countries to seed the iso so at the very least creating a fake bit torrent download is going to be more expensive than creating a fake centralized download and it's much harder to man in the middle than a centralized download and since advanced linux users tend to download their isos this way there's probably an increased chance that people are actually verifying these images that are downloaded over bit torrent or that people are going to notice quicker if something happens you know if a hacked image somehow makes it into the bit torrent download now once your files have downloaded we need to do a verification on them to make sure that they didn't get corrupted or modified by your adversary in transit if you downloaded the file with a torrent then this is actually already done for you in a way with the info hash but since this guide is for the ultra paranoid we might as well do some additional verifications with pgp now it is worth mentioning that on the tails net site they have an additional way to verify i think this is also the way that they recommend it since it's got the big green button where you can use javascript that's running from this site to check and make sure that you know what you downloaded was legit but since this is an ultra paranoid guide using javascript is probably not something you're going to want to do so we're going to use open pgp or i'm actually going to use gnu or what is it called gnu privacy assistant i'm pretty sure gpa something like that just for purposes of the video but you could use open pgp and then if you're on mac os or windows there's some other kind of software you're going to use for verifying pgp signatures so what you're going to need is the signing key so we'll go ahead and download that and the signature should actually be um in the torrent if you downloaded it that way but you're also going to need yeah this is the signature right here so if you just downloaded the file through tor in your browser or you didn't download it through a torrent then you're gonna also need to get that uh signature okay so we're gonna go into gnu privacy assistant now if you don't know anything about pgp i just suggest looking up another guide real quick um because that's something people get tripped on tripped up on a bit but you need to have a key that you've created for yourself already so i've got that and um the next thing we're going to do is import that key that i downloaded and let me see it's going to be in here browser downloads tail signing key okay so now that key is imported into gnu privacy assistant or you can also do it in open pgp um i'm just using this because it's probably better for a tutorial probably look better on video um as you can see the validity and the trust of this key is currently unknown now this is just a key file that we downloaded from this tails dot nut website and if we're ultra paranoid we're not just going to trust the file downloaded from here because if somebody hacked tails dot net and they gave us a corrupted file or they corrupted the bit torn or whatever it's very trivial for them to also put a corrupted signing key that when you run it through verifications it's going to look legit so we want to now go to a third party pgp key server that has the tails developer key on it as well and make sure that the key on this third party server matches the key that we just downloaded from here okay so what we're going to want to do is and this is um pgp dot mit dot edu it's one of the older or maybe oldest running key servers still in existence and it's a very very simple one um it doesn't pretty sure it doesn't even require javascript because it's just html so why don't we just go ahead and do that since you know we're ultra paranoid and um you see verify that it's just yeah so it's just loading some html very basic website so anyway what we're going to want to do now is search for this key and we should be able to just do tails developer for now copy that put that into the search string and do the search oh we also want to show pgp fingerprints for keys now this is going to return multiple results um but that's fine i'll show you guys how to deal with that and it's going to take a while since we're using tor but that's the cost of being ultra paranoid okay so like i said we got multiple results but the one that we're really looking for here is the offline long term identity key sure enough if we bring up a new privacy assistant we'll see same thing here in the username tails developer offline long term identity key and we can copy this fingerprint which is basically like a summary it's a unique sort of signature for this key and we can see that it matches so we don't actually have to download and import this like just checking the fingerprint should be good enough and so we can now be fairly certain that this key here is good because it's very unlikely that our adversary would be able to compromise both tails dot net and pgp dot mit dot edu and you can also check this against additional key servers as well generally people who develop software that's really popular will upload their keys to multiple key servers so that you can triple quadruple quintuple check however much you want to do to make yourself feel comfortable that what you've got is legit okay so now since we believe that this key is good we're going to go ahead and sign it with our key we'll hit yes and then we're going to have to put in the password for your private key all right for some reason the video file got corrupted at this point but whatever i'll just record it again so after you've signed the tails developers key the validity should say fully valid and now we can use this validated key to verify the signature of the image files so to do that click on open the file manager and click the file folder icon to select a file and you're going to want the img dot sig file from the torrent or if you downloaded it directly from the browser you can grab that file from the same area where you got the signature file or where you got the signing key rather so import that and we want to select check signatures of selected file all right and it's going to say valid as long as everything's good so now you can be certain that that tails os image file that you're going to write to your um usb is valid it hasn't been modified at all down to the byte level so for writing to your usb if you're on linux i recommend using dd because it's already going to be installed on your system uh but you could use gnome disk or of course if you're on mac os or windows then you're going to end up using uh something else entirely different but anyway the command for linux is dd if equals uh and this is going to be the name of the file that's and that you downloaded the image file and you also need to know the device name for your usb so we'll run lsblk to get that real quick and looks like sde is the name for my flash drive now so you want to make sure you get the right one there so you don't accidentally delete any data and command is going to be dd i'll just clear my screen real quick dd if equals tails image file o f equals dev sde pretty sure that's what it said right yep sde and we'll put bs equals 16 m o flag equals direct status equals progress and of course we have to do this as root and this should only take a few seconds to copy the data over boom and now our tails usb is written and if you wanted to boot into tails on the same computer you can just reboot and then select it from the boot menu or you can remove the usb stick and then put it in a different laptop to boot from tails like i'm about to do so let's go do that all right hopefully there's enough lighting for this to look good so as you can see i've got an old thinkpad here a x301 look at that windows vista sticker my my this is an old laptop but perfect candidate for running tails os so i've got my tails us flash drive here which is actually kind of cool it's got both usb and usb c but we're going to be using usb because this old girl she don't know nothing about that usb c so we're going to go ahead and put our usb drive in and power her on i've just done some basic cleaning to this laptop but i haven't really done much testing to it other than that all right so it looks like we were set to boot from usb by default so we'll just go ahead and go right into tails if it doesn't do that you know if it if you've got a laptop with another os already on it you have to just go into your bio settings and change that but yeah i'm not even going to bother showing that because it's different depending on your manufacturer and while this is booting up i might as well mention i'm installing this off of a flash drive but it is possible to use different kinds of removable media like say if you wanted tails to run a little bit faster you could install it to an external ssd um like you know one that you plug in via usb or actually i have one sitting around here somewhere um like this right so you could probably run tails off of this samsung usb and get uh slightly better i o um you could also run it off of things like a cd um because this does have a cd drive or you could also run it off of an sd card that might be handy if of course you've got a laptop that can take sd cards i don't think this one can but if your laptop can accept especially a micro sd card uh if it can boot from micro sd that's really small really easy to conceal and might be handy for uh people that are using tails well that's not a good sound although if that's the hard drive failing it really doesn't matter for this uh tails os video it's just gonna be a little bit noisy but everything's running off the usb so no problems there it almost sounds like there might be a cd in there the tray is not opening so that might be something to look into later but anyway we're on our tails welcome screen so there's this additional settings might as well just show you guys this where you can set an administrator password um that's probably one of the only things that you would need to change in here everything else is already pretty much set for optimal anonymity and you can change your keyboard here and your layouts too if you need to your languages but anyway we'll go ahead and start tails and this might take a couple of minutes on your computer definitely a couple of minutes on this computer here so now we've got our desktop loaded i believe this is gnome um yeah so it's using gnome and it's using wayland okay interesting i did not know that tails had switched to wayland um so you can also see here in my system overview that this is just a core 2 duo uh 1.4 gigahertz and it's only got four gigs of ram so this is obviously a very low spec system but it is able to run tails and honestly as far as um very private secure and anonymous systems go tails are probably the only one you can really run on a computer like this um i don't think you would have a good time running uh hoonix kvm since that's going to require you to run a host os and then also hoonix workstation and the hoonix gateway if you're running cubes os on this then you'd be running um dom zero hoonix workstation hoonix gateway network vm and a firewall vm so yeah you'd you'd have um a pretty bad time you know this is not going to be able to run multiple virtual machines at once but again it can run tails just fine so that's kind of one benefit of tails over everybody else um so let me go ahead and connect this to wi-fi real quick and show you guys a couple other things okay let's see here's wi-fi okay so now i'm connected to wi-fi and this tour connection comes up so um this is another thing that you might diverge from depending on your um your requirements you know if you're like it tells you right here if you're in a country um where a lot of people use tour to circumvent censorship and it's not really going to make you stick out then you can just connect to tour automatically um and then you also have the option to configure a bridge here if you want or you can just hide to your network that you're connecting to tour and it's going to try to obfuscate the fact that you're even using tour at all so you know this might be what you'd want to use if you're ultra paranoid but i'm just going to use this for now and um there's only a couple other things i'm going to show you within the os because uh obviously depending on what you're doing there's going to be a lot more research that you're going to need to do outside of this video for how to remain anonymous online uh some things that i recommend of course this is going to have you using the tour browser and we're going to see if it already has a very secure connection it might just take a little while for this old girl to start up a browser i think i should definitely give her some more ram because uh let's see system monitor yeah some of those or some of those one of those cpu cores getting hit kind of hard um okay so like this is an example here of um um some things that you'd want to change so uh you would of course have to change this each time you start tails because that's how the os is it's amnesiac although there are some there is a way to create persistent storage on your tails usb stick uh but i'm not going to do that for now um okay so for onion services we want to always use an onion site if we've got it available and we want to have the safest setting so that's going to get you pretty good um pretty good privacy like just browsing the web from here on um now another thing you may or may not want to change i mean there's probably some debate on this whether or not you should leave you block origin enabled because on regular tour browsers which that's what the majority of people out there are going to be using you know people using tour just going to use the tour browser in probably windows but if um you have you block origin enabled it's going to make your browser fingerprint look a little bit different so that might be a way that an adversary could tell that you're using tours or using uh not tours tails or i can't remember whether tour in the hoonix workstation has you block origin or not if it doesn't then that really is going to make you stick out a little bit so that's kind of the case for disabling it and the case for leaving it on is um it's going to block ads although if you're using the safest setting in um in tour and if you're mainly browsing to dark websites and stuff like that then i don't think it'll really make too much of a difference blocking ads with you block origin um that might actually be an interesting thing to test whether all those weird like uh i guess css or like those weird gifts and stuff that pop up on some of the tour search engines if those can be blocked with you block origin so yeah this is your browser and there's a couple other really good utilities installed on tails by default so this is where you would set up your persistent storage if i was going to do that and it basically creates a pretty sure it's a lux encrypted um persistent storage so it is encrypted like if somebody stole your tails usb it's not like if you have persistent storage they're gonna automatically be able to get that stuff they're just going to see an encrypted container on there and then they have to try to decrypt it as long as you have a good password then uh they're not going to be able to get into it we've got thunderbird so this is a pretty good email client to use and you can also configure pgp keys with that too now that you have a pgp key um keypass xc this is of course the my recommended offline password manager and most other people recommend it as well that's why it's included with tails and we can start going through some of these other um so this is a way to back up your persistent storage because since it's encrypted you could back this up into well you still might want to avoid google drive and dropbox depending on your um security plan but because it's encrypted it doesn't even necessarily matter too much what cloud storage you put it in as long as people don't have the keys and then this way when you're using different tail systems you can kind of recover all of your documents or whatever you were using uh download it over tour down onto this system and then continue working if say you have to pull a mr robot and you feel like you've got to destroy your laptop and microwave your usb and stuff like that i mean hey this is a guy for the ultra paranoid so wouldn't be surprised if some people out there want to do that stuff um electrum bitcoin wallet so that's going to give you probably some of the best privacy you can have with bitcoin although having privacy anonymity with bitcoin would really warrant a video in and of itself so this onion circuits should just show yeah onion circuits built for various connections so different ones are going to be built through um i believe different sites in tour and like definitely if you're like curling because anything you do over uh tails i mean i know i've said that already but everything is over tour so if i i do this to try to get my ip address it gives me a random one and uh let's see yeah so you see it builds different circuits for like different curl commands or different uh connections to various things out there on the internet and let's see um so you've got image viewer i i also believe there's a thing on here to remove um metadata yeah here we go metadata cleaner so this is an important thing to use if you're going to be sending files or especially videos or images to people because if you just take a picture with your cell phone there's going to be metadata associated with that possibly even your geolocation and if you send that it doesn't matter if you're using tails if your adversary intercepts that they're going to have your real location so this is definitely a program that you might end up using depending on what you're dealing with in tails um libre office so that's a good free and open source office suite um there's a tool for unlocking veracrypt containers and oh onion share so i've did a whole video about this this is a i believe it's a bundled um yeah chat room or well you can share files receive files publish a website and i believe there's a chat room functionality too maybe they don't have that anymore um so yeah this this can let you i mean this can literally let you set up your own hidden service like your own tour site and host it from this laptop or from whatever you want to run tails off of me and if you're we're gonna be hosting a real serious hidden service you probably want it on a server instead of a laptop but hey it's possible to do this and let's see let's maybe talk about one more application um i don't think i saw on a manero wallet yet huh seems like there isn't a manero wallet that comes with uh tails well that's something that you might want to install so maybe we'll save that for another video additional software to install after you've installed tails but you pretty much get the basics here i mean now you see how to browse the web you see how you can send and receive files and how to remove metadata from those files so that should have you covered for most applications within tails and like i said i'll just make more videos about tails if you guys are interested but for now be sure to like and comment to hack the algorithm follow me on odyssey and have a great rest of your day