summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTails developers <amnesia@boum.org>2014-03-04 18:05:41 +0000
committerTails developers <amnesia@boum.org>2014-03-04 18:05:41 +0000
commitdee4bd6a6de605ad66917c413bc894c675442f6a (patch)
tree69341a96ff00d8299e5c8cfc51cda705926bb8c6
parent8d1695d4f7845dc588974d63a4286005108fb613 (diff)
parent35c83e498c4248e74dd5a76664a34cc1b92b690e (diff)
Merge branch 'devel' into bugfix/6592-fix-races-with-check-for-upgrades
Conflicts: features/torified_browsing.feature
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tails-restricted-network-detector5
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tails-spoof-mac8
-rw-r--r--features/apt.feature4
-rw-r--r--features/checks.feature9
-rw-r--r--features/erase_memory.feature36
-rw-r--r--features/firewall_leaks.feature4
-rw-r--r--features/images/GnomeStartButton.pngbin0 -> 805 bytes
-rw-r--r--features/images/GnomeTorIsReady.pngbin0 -> 1843 bytes
-rw-r--r--features/images/IceweaselRunning.pngbin1861 -> 1882 bytes
-rw-r--r--features/images/TailsBootSplashPostReset.pngbin0 -> 33822 bytes
-rw-r--r--features/images/WinXPTorIsReady.pngbin0 -> 1601 bytes
-rw-r--r--features/step_definitions/common_steps.rb39
-rw-r--r--features/step_definitions/erase_memory.rb56
-rw-r--r--features/support/helpers/net_helper.rb6
-rw-r--r--features/support/helpers/sikuli_helper.rb13
-rw-r--r--features/support/helpers/vm_helper.rb15
-rw-r--r--features/time_syncing.feature20
-rw-r--r--features/torified_browsing.feature14
-rw-r--r--features/torified_gnupg.feature4
-rw-r--r--features/unsafe_browser.feature4
-rw-r--r--features/winxp.feature5
-rw-r--r--wiki/src/contribute/design.mdwn3
-rw-r--r--wiki/src/contribute/release_process/test/automated_tests.mdwn7
-rw-r--r--wiki/src/doc/advanced_topics.index.mdwn1
-rw-r--r--wiki/src/doc/advanced_topics/mac_changer.mdwn90
-rw-r--r--wiki/src/doc/first_steps.index.mdwn3
-rw-r--r--wiki/src/doc/first_steps/persistence/configure.de.po2
-rw-r--r--wiki/src/doc/first_steps/persistence/configure.fr.po4
-rw-r--r--wiki/src/doc/first_steps/persistence/configure.mdwn2
-rw-r--r--wiki/src/doc/first_steps/persistence/configure.pt.po2
-rw-r--r--wiki/src/doc/first_steps/startup_options.mdwn5
-rw-r--r--wiki/src/doc/first_steps/startup_options/administration_password.de.po4
-rw-r--r--wiki/src/doc/first_steps/startup_options/administration_password.fr.po8
-rw-r--r--wiki/src/doc/first_steps/startup_options/administration_password.mdwn26
-rw-r--r--wiki/src/doc/first_steps/startup_options/administration_password.pt.po8
-rw-r--r--wiki/src/doc/first_steps/startup_options/mac_spoofing.de.po (renamed from wiki/src/doc/advanced_topics/mac_changer.de.po)0
-rw-r--r--wiki/src/doc/first_steps/startup_options/mac_spoofing.fr.po (renamed from wiki/src/doc/advanced_topics/mac_changer.fr.po)0
-rw-r--r--wiki/src/doc/first_steps/startup_options/mac_spoofing.mdwn133
-rw-r--r--wiki/src/doc/first_steps/startup_options/mac_spoofing.pt.po (renamed from wiki/src/doc/advanced_topics/mac_changer.pt.po)0
-rw-r--r--wiki/src/doc/first_steps/startup_options/windows_camouflage.de.po2
-rw-r--r--wiki/src/doc/first_steps/startup_options/windows_camouflage.fr.po4
-rw-r--r--wiki/src/doc/first_steps/startup_options/windows_camouflage.mdwn20
-rw-r--r--wiki/src/doc/first_steps/startup_options/windows_camouflage.pt.po4
-rw-r--r--wiki/src/local.css4
44 files changed, 346 insertions, 228 deletions
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-restricted-network-detector b/config/chroot_local-includes/usr/local/sbin/tails-restricted-network-detector
index 874b60e..9dc0f18 100755
--- a/config/chroot_local-includes/usr/local/sbin/tails-restricted-network-detector
+++ b/config/chroot_local-includes/usr/local/sbin/tails-restricted-network-detector
@@ -39,8 +39,9 @@ sub notify_maybe_blocked {
my $body = $encoding->decode(gettext(
'It looks like you are blocked from the network. This may be ' .
'related to the MAC spoofing feature. For more information, see the ' .
- '<a href=\"file:///usr/share/doc/tails/website/doc/advanced_topics/' .
- 'mac_changer.en.html#blocked\">MAC spoofing documentation</a>.'));
+ '<a href=\"file:///usr/share/doc/tails/website/doc/first_steps/' .
+ 'startup_options/mac_spoofing.en.html#blocked\">MAC spoofing ' .
+ 'documentation</a>.'));
# We can't use Desktop::Notify since this script is supposed to be run
# as root (for access to syslog), started in an env without DESKTOP etc,
# which also causes issues with opening links in the text body.
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-spoof-mac b/config/chroot_local-includes/usr/local/sbin/tails-spoof-mac
index a96b9d1..df354a8 100755
--- a/config/chroot_local-includes/usr/local/sbin/tails-spoof-mac
+++ b/config/chroot_local-includes/usr/local/sbin/tails-spoof-mac
@@ -26,7 +26,9 @@ notify_panic_success() {
local nic_name
nic="${1}"
nic_name="${2}"
- show_notification "`gettext \"MAC spoofing failure!\"`" "`eval_gettext \"MAC spoofing failed for network device '\\\${nic_name}' (\\\${nic}). The device has been disabled to prevent it from leaking your geographical location. For more information, see the <a href='file:///usr/share/doc/tails/website/doc/advanced_topics/mac_changer.en.html'>documentation</a>.\"`"
+ show_notification "`gettext \"Network card \\\${nic} disabled\"`" \
+"`eval_gettext \"MAC spoofing failed for network card \\\${nic_name} (\\\${nic}) so it is temporarily disabled.
+You might prefer to restart Tails and disable MAC spoofing. See the <a href='file:///usr/share/doc/tails/website/doc/first_steps/startup_options/mac_spoofing.en.html'>documentation</a>.\"`"
}
notify_panic_failure() {
@@ -34,7 +36,9 @@ notify_panic_failure() {
local nic_name
nic="${1}"
nic_name="${2}"
- show_notification "`gettext \"MAC spoofing failure!\"`" "`eval_gettext \"MAC spoofing failed for network device '\\\${nic_name}' (\\\${nic}). Because of failures when trying to disable the device, networking has been completely disabled instead. For more information, see the <a href='file:///usr/share/doc/tails/website/doc/advanced_topics/mac_changer.en.html'>documentation</a>.\"`"
+ show_notification "`gettext \"All networking disabled\"`" \
+"`eval_gettext \"MAC spoofing failed for network card \\\${nic_name} (\\\${nic}). The error recovery also failed so all networking is disabled.
+You might prefer to restart Tails and disable MAC spoofing. See the <a href='file:///usr/share/doc/first_steps/startup_options/mac_spoofing.en.html'>documentation</a>.\"`"
}
mac_spoof_panic() {
diff --git a/features/apt.feature b/features/apt.feature
index ef28429..1b3b63b 100644
--- a/features/apt.feature
+++ b/features/apt.feature
@@ -14,9 +14,7 @@ Feature: Installing packages through APT
And I set sudo password "asdf"
And I log in to a new session
And GNOME has started
- And I have a network connection
- And Tor has built a circuit
- And the time has synced
+ And Tor is ready
And I have closed all annoying notifications
And available upgrades have been checked
And I save the state so the background can be restored next scenario
diff --git a/features/checks.feature b/features/checks.feature
index 85c5af0..8de0851 100644
--- a/features/checks.feature
+++ b/features/checks.feature
@@ -18,7 +18,8 @@ Feature: Various checks
Scenario: The shipped Tails signing key is up-to-date
Given the network is plugged
- And Tor has built a circuit
+ And Tor is ready
+ And I have closed all annoying notifications
Then the shipped Tails signing key is not outdated
Scenario: The live user is setup correctly
@@ -29,14 +30,14 @@ Feature: Various checks
Scenario: No initial network
Given I wait between 30 and 60 seconds
When the network is plugged
- Then I have a network connection
- And Tor has built a circuit
+ And Tor is ready
+ And I have closed all annoying notifications
And process "vidalia" is running
And the time has synced
Scenario: No unexpected network services
When the network is plugged
- And I have a network connection
+ And Tor is ready
Then no unexpected services are listening for network connections
# We ditch the background snapshot for this scenario since we cannot
diff --git a/features/erase_memory.feature b/features/erase_memory.feature
index 3503582..d2ed600 100644
--- a/features/erase_memory.feature
+++ b/features/erase_memory.feature
@@ -4,7 +4,23 @@ Feature: System memory erasure on shutdown
when I shutdown Tails
I want the system memory to be free from sensitive data.
- Scenario: A modern computer
+ Scenario: Anti-test: no memory erasure on a modern computer
+ Given a computer
+ And the computer is a modern 64-bit system
+ And the computer has 8 GiB of RAM
+ And I set Tails to boot with options "debug=wipemem"
+ And the network is unplugged
+ And I start the computer
+ And the computer boots Tails
+ And the PAE kernel is running
+ And at least 8 GiB of RAM was detected
+ And process "memlockd" is running
+ And process "udev-watchdog" is running
+ When I fill the guest's memory with a known pattern without verifying
+ And I reboot without wiping the memory
+ Then I find many patterns in the guest's memory
+
+ Scenario: Memory erasure on a modern computer
Given a computer
And the computer is a modern 64-bit system
And the computer has 8 GiB of RAM
@@ -20,7 +36,23 @@ Feature: System memory erasure on shutdown
And I shutdown and wait for Tails to finish wiping the memory
Then I find very few patterns in the guest's memory
- Scenario: An old computer
+ Scenario: Anti-test: no memory erasure on an old computer
+ Given a computer
+ And the computer is an old pentium without the PAE extension
+ And the computer has 8 GiB of RAM
+ And I set Tails to boot with options "debug=wipemem"
+ And the network is unplugged
+ And I start the computer
+ And the computer boots Tails
+ And the non-PAE kernel is running
+ And at least 3500 MiB of RAM was detected
+ And process "memlockd" is running
+ And process "udev-watchdog" is running
+ When I fill the guest's memory with a known pattern without verifying
+ And I reboot without wiping the memory
+ Then I find many patterns in the guest's memory
+
+ Scenario: Memory erasure on an old computer
Given a computer
And the computer is an old pentium without the PAE extension
And the computer has 8 GiB of RAM
diff --git a/features/firewall_leaks.feature b/features/firewall_leaks.feature
index 2ebfa55..f28beed 100644
--- a/features/firewall_leaks.feature
+++ b/features/firewall_leaks.feature
@@ -9,9 +9,7 @@ Feature:
And I start the computer
And the computer boots Tails
And I log in to a new session
- And I have a network connection
- And Tor has built a circuit
- And the time has synced
+ And Tor is ready
And I have closed all annoying notifications
And available upgrades have been checked
And all Internet traffic has only flowed through Tor
diff --git a/features/images/GnomeStartButton.png b/features/images/GnomeStartButton.png
new file mode 100644
index 0000000..4a3ce1c
--- /dev/null
+++ b/features/images/GnomeStartButton.png
Binary files differ
diff --git a/features/images/GnomeTorIsReady.png b/features/images/GnomeTorIsReady.png
new file mode 100644
index 0000000..f962113
--- /dev/null
+++ b/features/images/GnomeTorIsReady.png
Binary files differ
diff --git a/features/images/IceweaselRunning.png b/features/images/IceweaselRunning.png
index 22d6764..0dbd7ab 100644
--- a/features/images/IceweaselRunning.png
+++ b/features/images/IceweaselRunning.png
Binary files differ
diff --git a/features/images/TailsBootSplashPostReset.png b/features/images/TailsBootSplashPostReset.png
new file mode 100644
index 0000000..6d794dd
--- /dev/null
+++ b/features/images/TailsBootSplashPostReset.png
Binary files differ
diff --git a/features/images/WinXPTorIsReady.png b/features/images/WinXPTorIsReady.png
new file mode 100644
index 0000000..cc023dd
--- /dev/null
+++ b/features/images/WinXPTorIsReady.png
Binary files differ
diff --git a/features/step_definitions/common_steps.rb b/features/step_definitions/common_steps.rb
index 7d2ce22..bfedc37 100644
--- a/features/step_definitions/common_steps.rb
+++ b/features/step_definitions/common_steps.rb
@@ -123,7 +123,7 @@ Given /^I capture all network traffic$/ do
# Note: We don't want skip this particular stpe if
# @skip_steps_while_restoring_background is set since it starts
# something external to the VM state.
- @sniffer = Sniffer.new("TestSniffer", @vm.net.bridge_name, @vm.mac)
+ @sniffer = Sniffer.new("TestSniffer", @vm.net.bridge_name)
@sniffer.capture
end
@@ -218,9 +218,25 @@ Then /^Tails seems to have booted normally$/ do
step "GNOME has started"
end
-Given /^I have a network connection$/ do
+Given /^Tor is ready$/ do
next if @skip_steps_while_restoring_background
- try_for(120) { @vm.has_network? }
+
+ # First, we wait for the notification to be displayed:
+ # it disappears after a timeout, so if we wait for other events first,
+ # we sometimes cannot find the notification picture on screen later.
+ case @theme
+ when "winxp"
+ notification_picture = "WinXPTorIsReady.png"
+ else
+ notification_picture = "GnomeTorIsReady.png"
+ end
+ @screen.wait(notification_picture, 300)
+
+ # Having seen the "Tor is ready" notification implies that Tor has
+ # built a circuit, but let's check it directly to be on the safe side.
+ step "Tor has built a circuit"
+
+ step "the time has synced"
end
Given /^Tor has built a circuit$/ do
@@ -277,10 +293,16 @@ Given /^I have closed all annoying notifications$/ do
begin
# note that we cannot use find_all as the resulting matches will
- # have the positions from before we start closing notificatios,
+ # have the positions from before we start closing notifications,
# but closing them will change the positions.
+
+ # Move the mouse pointer out of the way, so that the cross to close
+ # the first notification is not highlighted and can be found.
+ @screen.hide_cursor
while match = @screen.find(notification_picture)
@screen.click(match)
+ # ... same for the next notification:
+ @screen.hide_cursor
end
rescue FindFailed
# noop
@@ -356,13 +378,8 @@ When /^I run "([^"]*)"$/ do |program|
next if @skip_steps_while_restoring_background
step "I open the GNOME run dialog"
@screen.type(program)
- begin
- while @screen.find(run_dialog_picture)
- @screen.type(Sikuli::Key.ENTER)
- end
- rescue FindFailed
- # noop
- end
+ sleep 0.5
+ @screen.type(Sikuli::Key.ENTER)
end
Given /^I enter the sudo password in the gksu prompt$/ do
diff --git a/features/step_definitions/erase_memory.rb b/features/step_definitions/erase_memory.rb
index 3ba202e..9d3a4c0 100644
--- a/features/step_definitions/erase_memory.rb
+++ b/features/step_definitions/erase_memory.rb
@@ -48,8 +48,8 @@ Given /^at least (\d+) ([[:alpha:]]+) of RAM was detected$/ do |min_ram, unit|
next if @skip_steps_while_restoring_background
puts "Detected #{@detected_ram_b} bytes of RAM"
min_ram_b = convert_to_bytes(min_ram.to_i, unit)
- # All RAM will not be reported by `free`, so we allow a 128 MB gap
- gap = convert_to_bytes(128, "MiB")
+ # All RAM will not be reported by `free`, so we allow a 196 MB gap
+ gap = convert_to_bytes(196, "MiB")
assert(@detected_ram_b + gap >= min_ram_b, "Didn't detect enough RAM")
end
@@ -75,7 +75,8 @@ def pattern_coverage_in_guest_ram
return coverage
end
-Given /^I fill the guest's memory with a known pattern$/ do
+Given /^I fill the guest's memory with a known pattern(| without verifying)$/ do |dont_verify|
+ verify = dont_verify.empty?
next if @skip_steps_while_restoring_background
# Free some more memory by dropping the caches etc.
@@ -96,10 +97,7 @@ Given /^I fill the guest's memory with a known pattern$/ do
# The remote shell is sometimes OOM killed when we fill the memory,
# and since we depend on it after the memory fill we try to prevent
# that from happening.
- # pgrep detects itself for mysterious reasons
- pids1 = @vm.execute("pgrep -f autotest_remote_shell.py").stdout.chomp.split
- pids2 = @vm.execute("pgrep -f autotest_remote_shell.py").stdout.chomp.split
- pid = (pids1 & pids2)[0]
+ pid = @vm.pidof("autotest_remote_shell.py")[0]
@vm.execute("echo -17 > /proc/#{pid}/oom_adj")
used_mem_before_fill = used_ram_in_bytes
@@ -113,39 +111,57 @@ Given /^I fill the guest's memory with a known pattern$/ do
instances.times { @vm.spawn('/usr/local/sbin/fillram; killall fillram') }
# We make sure that the filling has started...
try_for(10, { :msg => "fillram didn't start" }) {
- @vm.execute("pgrep fillram").success?
+ @vm.has_process?("fillram")
}
STDERR.print "Memory fill progress: "
ram_usage = ""
+ remove_chars = 0
# ... and that it finishes
try_for(instances*2*60, { :msg => "fillram didn't complete, probably the VM crashed" }) do
used_ram = used_ram_in_bytes
remove_chars = ram_usage.size
ram_usage = "%3d%% " % ((used_ram.to_f/@detected_ram_b)*100)
STDERR.print "\b"*remove_chars + ram_usage
- ! @vm.execute("pgrep fillram").success?
+ ! @vm.has_process?("fillram")
+ end
+ STDERR.print "\b"*remove_chars + "finished.\n"
+ if verify
+ coverage = pattern_coverage_in_guest_ram()
+ # Let's aim for having the pattern cover at least 80% of the free RAM.
+ # More would be good, but it seems like OOM kill strikes around 90%,
+ # and we don't want this test to fail all the time.
+ min_coverage = ((@detected_ram_b - used_mem_before_fill).to_f /
+ @detected_ram_b.to_f)*0.8
+ assert(coverage > min_coverage,
+ "#{"%.3f" % (coverage*100)}% of the memory is filled with the " +
+ "pattern, but more than #{"%.3f" % (min_coverage*100)}% was expected")
end
- STDERR.print "\b"*ram_usage.size + "100%\n"
- coverage = pattern_coverage_in_guest_ram()
- # Let's aim for having the pattern cover at least 80% of the free RAM.
- # More would be good, but it seems like OOM kill strikes around 90%,
- # and we don't want this test to fail all the time.
- min_coverage = ((@detected_ram_b - used_mem_before_fill).to_f /
- @detected_ram_b.to_f)*0.8
- assert(coverage > min_coverage,
- "#{"%.3f" % (coverage*100)}% of the memory is filled with the " +
- "pattern, but more than #{"%.3f" % (min_coverage*100)}% was expected")
end
Then /^I find very few patterns in the guest's memory$/ do
next if @skip_steps_while_restoring_background
coverage = pattern_coverage_in_guest_ram()
- max_coverage = 0.001
+ max_coverage = 0.0025
assert(coverage < max_coverage,
"#{"%.3f" % (coverage*100)}% of the memory is filled with the " +
"pattern, but less than #{"%.3f" % (max_coverage*100)}% was expected")
end
+Then /^I find many patterns in the guest's memory$/ do
+ next if @skip_steps_while_restoring_background
+ coverage = pattern_coverage_in_guest_ram()
+ min_coverage = 0.7
+ assert(coverage > min_coverage,
+ "#{"%.3f" % (coverage*100)}% of the memory is filled with the " +
+ "pattern, but more than #{"%.3f" % (min_coverage*100)}% was expected")
+end
+
+When /^I reboot without wiping the memory$/ do
+ next if @skip_steps_while_restoring_background
+ @vm.reset
+ @screen.wait('TailsBootSplashPostReset.png', 30)
+end
+
When /^I shutdown and wait for Tails to finish wiping the memory$/ do
next if @skip_steps_while_restoring_background
@vm.execute("halt")
diff --git a/features/support/helpers/net_helper.rb b/features/support/helpers/net_helper.rb
index bf256fa..2911919 100644
--- a/features/support/helpers/net_helper.rb
+++ b/features/support/helpers/net_helper.rb
@@ -14,14 +14,14 @@ class Sniffer
attr_reader :name, :pcap_file, :pid
- def initialize(name, bridge_name, mac)
+ def initialize(name, bridge_name)
@name = name
@bridge_name = bridge_name
- @mac = mac
+ @bridge_mac = File.open("/sys/class/net/#{@bridge_name}/address", "rb").read.chomp
@pcap_file = "#{$tmp_dir}/#{name}.pcap"
end
- def capture(filter="ether src host #{@mac} and not ether proto \\arp and not ether proto \\rarp")
+ def capture(filter="not ether src host #{@bridge_mac} and not ether proto \\arp and not ether proto \\rarp")
job = IO.popen("/usr/sbin/tcpdump -n -i #{@bridge_name} -w #{@pcap_file} -U '#{filter}' >/dev/null 2>&1")
@pid = job.pid
end
diff --git a/features/support/helpers/sikuli_helper.rb b/features/support/helpers/sikuli_helper.rb
index 9286e35..4ceb618 100644
--- a/features/support/helpers/sikuli_helper.rb
+++ b/features/support/helpers/sikuli_helper.rb
@@ -40,6 +40,13 @@ end
# Ruby class (it's just an instance of Rjb_JavaProxy) we can't
# monkey patch any class, so additional methods must be added
# to each Screen object.
+#
+# All Java classes' methods are immediately available in the proxied
+# Ruby classes, but care has to be given to match their type. For a
+# list of methods, see: <http://doc.sikuli.org/javadoc/index.html>.
+# The type "PRSML" is a union of Pattern, Region, Screen, Match and
+# Location.
+#
# Also, due to limitations in Ruby's syntax we can't do:
# def Sikuli::Screen.new
# so we work around it with the following vairable.
@@ -51,12 +58,16 @@ def sikuli_script_proxy.new(*args)
self.click(Sikuli::Location.new(x, y))
end
+ def s.hover_point(x, y)
+ self.hover(Sikuli::Location.new(x, y))
+ end
+
def s.wait_and_click(pic, time)
self.click(self.wait(pic, time))
end
def s.hide_cursor
- self.hover(Sikuli::Location.new(self.w, self.h/2))
+ self.hover_point(self.w, self.h/2)
end
s
diff --git a/features/support/helpers/vm_helper.rb b/features/support/helpers/vm_helper.rb
index 1961327..9f1529f 100644
--- a/features/support/helpers/vm_helper.rb
+++ b/features/support/helpers/vm_helper.rb
@@ -20,7 +20,7 @@ class VM
return @@storage
end
- attr_reader :domain, :display, :ip, :mac, :net
+ attr_reader :domain, :display, :ip, :net
def initialize(xml_path, x_display)
@@virt ||= Libvirt::open("qemu:///system")
@@ -53,7 +53,6 @@ class VM
net_xml = REXML::Document.new(xml)
@net_name = net_xml.elements['network/name'].text
@ip = net_xml.elements['network/ip/dhcp/host/'].attributes['ip']
- @mac = net_xml.elements['network/ip/dhcp/host/'].attributes['mac']
clean_up_net
@net = @@virt.define_network_xml(xml)
@net.create
@@ -334,7 +333,11 @@ EOF
end
def has_process?(process)
- return execute("pidof -o '%PPID' " + process).success?
+ return execute("pidof -x -o '%PPID' " + process).success?
+ end
+
+ def pidof(process)
+ return execute("pidof -x -o '%PPID' " + process).stdout.chomp.split
end
def save_snapshot(path)
@@ -356,6 +359,12 @@ EOF
@display.start
end
+ def reset
+ # ruby-libvirt 0.4 does not support the reset method.
+ # XXX: Once we use Jessie, use @domain.reset instead.
+ system("virsh -c qemu:///system reset " + @domain_name) if is_running?
+ end
+
def power_off
@domain.destroy if is_running?
@display.stop
diff --git a/features/time_syncing.feature b/features/time_syncing.feature
index b11deca..64a2d75 100644
--- a/features/time_syncing.feature
+++ b/features/time_syncing.feature
@@ -15,41 +15,31 @@ Feature: Time syncing
Scenario: Clock with host's time
When the network is plugged
- And I have a network connection
- And Tor has built a circuit
- And the time has synced
+ And Tor is ready
Then Tails clock is less than 5 minutes incorrect
Scenario: Clock is one day in the past
When I bump the system time with "-1 day"
And the network is plugged
- And I have a network connection
- And Tor has built a circuit
- And the time has synced
+ And Tor is ready
Then Tails clock is less than 5 minutes incorrect
Scenario: Clock way in the past
When I set the system time to "01 Jan 2000 12:34:56"
And the network is plugged
- And I have a network connection
- And Tor has built a circuit
- And the time has synced
+ And Tor is ready
Then Tails clock is less than 5 minutes incorrect
Scenario: Clock is one day in the future
When I bump the system time with "+1 day"
And the network is plugged
- And I have a network connection
- And Tor has built a circuit
- And the time has synced
+ And Tor is ready
Then Tails clock is less than 5 minutes incorrect
Scenario: Clock way in the future
When I set the system time to "01 Jan 2020 12:34:56"
And the network is plugged
- And I have a network connection
- And Tor has built a circuit
- And the time has synced
+ And Tor is ready
Then Tails clock is less than 5 minutes incorrect
# Scenario: Clock vs Tor consensus' valid-{after,until} etc.
diff --git a/features/torified_browsing.feature b/features/torified_browsing.feature
index ed81522..5eb4010 100644
--- a/features/torified_browsing.feature
+++ b/features/torified_browsing.feature
@@ -11,20 +11,20 @@ Feature: Browsing the web using Iceweasel
And the computer boots Tails
And I log in to a new session
And GNOME has started
- And I have a network connection
- And Tor has built a circuit
- And the time has synced
+ And Tor is ready
And available upgrades have been checked
- And I run "iceweasel"
- And Iceweasel has started and is not loading a web page
And I have closed all annoying notifications
And I save the state so the background can be restored next scenario
Scenario: Opening check.torproject.org in Iceweasel shows the green onion and the congratulations message
- When I open the address "https://check.torproject.org" in Iceweasel
+ When I run "iceweasel"
+ And Iceweasel has started and is not loading a web page
+ And I open the address "https://check.torproject.org" in Iceweasel
Then I see "IceweaselTorCheck.png" after at most 180 seconds
And all Internet traffic has only flowed through Tor
Scenario: Iceweasel should not have any plugins enabled
- When I open the address "about:plugins" in Iceweasel
+ When I run "iceweasel"
+ And Iceweasel has started and is not loading a web page
+ And I open the address "about:plugins" in Iceweasel
Then I see "IceweaselNoPlugins.png" after at most 60 seconds
diff --git a/features/torified_gnupg.feature b/features/torified_gnupg.feature
index fa46efd..bc3573b 100644
--- a/features/torified_gnupg.feature
+++ b/features/torified_gnupg.feature
@@ -12,9 +12,7 @@ Feature: Keyserver interaction with GnuPG
And the computer boots Tails
And I log in to a new session
And GNOME has started
- And I have a network connection
- And Tor has built a circuit
- And the time has synced
+ And Tor is ready
And I have closed all annoying notifications
And available upgrades have been checked
And the "10CC5BC7" OpenPGP key is not in the live user's public keyring
diff --git a/features/unsafe_browser.feature b/features/unsafe_browser.feature
index 3056f5c..62a9211 100644
--- a/features/unsafe_browser.feature
+++ b/features/unsafe_browser.feature
@@ -10,9 +10,7 @@ Feature: Browsing the web using the Unsafe Browser
And the computer boots Tails
And I log in to a new session
And GNOME has started
- And I have a network connection
- And Tor has built a circuit
- And the time has synced
+ And Tor is ready
And I have closed all annoying notifications
And available upgrades have been checked
And I save the state so the background can be restored next scenario
diff --git a/features/winxp.feature b/features/winxp.feature
index 0ff5824..341b8f0 100644
--- a/features/winxp.feature
+++ b/features/winxp.feature
@@ -24,14 +24,11 @@ Feature: Microsoft Windows XP Camouflage
Scenario: Windows should appear like those in Microsoft Windows XP
When the network is plugged
- And I have a network connection
- And Tor has built a circuit
- And the time has synced
+ And Tor is ready
And I have closed all annoying notifications
And available upgrades have been checked
And I run "iceweasel"
Then I see "WinXPIceweaselWindow.png" after at most 120 seconds
- # FIXME: #6536
And I see "WinXPIceweaselTaskBar.png" after at most 10 seconds
And I see "WinXPWindowButtons.png" after at most 10 seconds
diff --git a/wiki/src/contribute/design.mdwn b/wiki/src/contribute/design.mdwn
index 155e5fd..16797e8 100644
--- a/wiki/src/contribute/design.mdwn
+++ b/wiki/src/contribute/design.mdwn
@@ -879,8 +879,7 @@ configured for completeness.
### 3.6.7 MAC address spoofing
-The MAC address of network interfaces is spoofed. See the related
-[[design document|design/MAC_address]].
+See [[the dedicated design document|design/MAC_address]].
### 3.6.8 Host system swap
diff --git a/wiki/src/contribute/release_process/test/automated_tests.mdwn b/wiki/src/contribute/release_process/test/automated_tests.mdwn
index ab669fa..60dadd6 100644
--- a/wiki/src/contribute/release_process/test/automated_tests.mdwn
+++ b/wiki/src/contribute/release_process/test/automated_tests.mdwn
@@ -200,17 +200,12 @@ administrative password have access to it.
And I log in to a new session
And GNOME has started
And I have a network connection
- And Tor has built a circuit
+ And Tor is ready
All these should be pretty obvious. It could be mentioned that the
last two steps, like many others, depend on the remote shell to
be working.
- And the time has synced
-
-If we want to use hidden services, we must make sure we have a
-reasonably correct clock.
-
And I have closed all annoying notifications
The notifications can block GUI elements that we're looking for later
diff --git a/wiki/src/doc/advanced_topics.index.mdwn b/wiki/src/doc/advanced_topics.index.mdwn
index 07617aa..3b86c51 100644
--- a/wiki/src/doc/advanced_topics.index.mdwn
+++ b/wiki/src/doc/advanced_topics.index.mdwn
@@ -1,4 +1,3 @@
- [[!traillink Protection_against_cold_boot_attacks|advanced_topics/cold_boot_attacks]]
- [[!traillink Virtualization|advanced_topics/virtualization]]
- [[!traillink Enable_a_wireless_device|advanced_topics/wireless_devices]]
- - [[!traillink Enable_MAC_Changer|advanced_topics/mac_changer]]
diff --git a/wiki/src/doc/advanced_topics/mac_changer.mdwn b/wiki/src/doc/advanced_topics/mac_changer.mdwn
deleted file mode 100644
index 67a526d..0000000
--- a/wiki/src/doc/advanced_topics/mac_changer.mdwn
+++ /dev/null
@@ -1,90 +0,0 @@
-[[!meta title="MAC address spoofing"]]
-
-# Background
-
-Every network device (wired, Wi-Fi/wireless, 3G/mobile) has a so
-called [[!wikipedia MAC address]], which is a unique identifier used
-to address them on the local network. Broadcasting a unique identifier
-in this manner introduces a couple of potential privacy issues for
-Tails users. Geographical location tracking is the main one;
-observing a MAC address at a particular location and time ties the
-corresponding device to the same location and time. If the real
-identity of the device's owner is known, his or her movements can be
-determined. To prevent this one can temporarily change the MAC address
-to something random at each boot, which is referred to as "MAC address
-spoofing".
-
-As mentioned above, MAC addresses are normally only used on the
-*local* network, and are not supposed to ever reach the Internet.
-However, [[!wikipedia captive portals]] may send MAC addresses of
-users accessing its services to authentication servers. In any case it
-should be noted that the location tracking issue we are talking about
-here ha no effect on Internet anonymity, like Tails' web-browser.
-
-# When to keep MAC address spoofing enabled
-
-Tails spoofs the MAC addresses of all network devices **by default**.
-It can be disabled by unchecking the corresponding option in Tails
-Greeter but in general it is beneficial (or of little or no
-consequence) to keep it enabled even if one doesn't care about hiding
-one's geographical location.
-
-Here are a few examples of when you may want to leave this option
-enabled in order to hide you geographical movement while using Tails:
-
-* **Running Tails on your computer on an *open* public network**. With
- an "open" public network we mean a network that doesn't require any
- kind of registration (with you real identity) in order to access.
-
-* **Running Tails on your computer at a friend's place**. This rule
- also applies to "workplace", "school/university" or other locations
- you have a strong relationship with. The relationship ties you to
- the location any way but sometimes one may want to not be associated
- to the place at a *particular* *time*, which makes keeping this
- option enabled worthwhile.
-
-# When to disable MAC address spoofing
-
-In some situations MAC address spoofing won't add any benefits but
-instead only cause suspicious network activity or connection
-issues. Therefore, in the following situations we recommend disabling
-this option:
-
-* **Running Tails at home**. The deep association to the location
- makes this essentially meaningless, and may cause connection issues
- (some ISP-provided modems or routers restrict access based on MAC
- addresses).
-
-* **Running Tails on a public computer**, like a library
- computer. Since it's not your device, it's not associated to you
- directly, so spoofing its MAC address is pointless. Not only that,
- it can cause connection issues, or worse, attract suspicion from the
- network administrators, so it should really be avoided.
-
-* **Running Tails on your computer using a *restricted* public
- network**. As opposed to an "open" public network, with "restricted"
- we mean that real identity registration is required.
-
-* **When you experience network issues** due to MAC address
- restrictions on the network, or problems with your network devices
- (or its driver). In this case MAC address spoofing simply isn't
- available, so disabling it is the only way to get a working network
- connect. However, disabling it brings back location tracking, so if
- that is of importance the only option may be to either use a
- different network device, or move to a location without MAC address
- restrictions, depending on which of them that caused the issue.
-
-# Other considerations
-
-* We urge users to disable [[!wikipedia Intel AMT]] since it may leak
- the *real* MAC address before Tails starts and is able to do
- anything about it.
-
-* If you have MAC address spoofing enabled and then reboot your
- computer to another operating system (like Windows or Mac OS X) you
- will give away your geographical location any way.
-
-* Otherwise "open" public networks should perhaps be considered as
- "restricted" in case heavy video surveillance (or similar) is
- employed. Note that you may want to consider the memory of employees
- or other regulars at the place as surveillance.
diff --git a/wiki/src/doc/first_steps.index.mdwn b/wiki/src/doc/first_steps.index.mdwn
index 046ab09..41bb87a 100644
--- a/wiki/src/doc/first_steps.index.mdwn
+++ b/wiki/src/doc/first_steps.index.mdwn
@@ -10,8 +10,9 @@
- [[!traillink Start_Tails|first_steps/start_tails]]
- [[!traillink Startup_options|first_steps/startup_options]]
- [[!traillink Administration_password|first_steps/startup_options/administration_password]]
- - [[!traillink Tor_bridge_mode|first_steps/startup_options/bridge_mode]]
- [[!traillink Windows_camouflage|first_steps/startup_options/windows_camouflage]]
+ - [[!traillink MAC_address_spoofing|first_steps/startup_options/mac_spoofing]]
+ - [[!traillink Tor_bridge_mode|first_steps/startup_options/bridge_mode]]
- [[!traillink Introduction_to_GNOME_and_the_Tails_desktop|first_steps/introduction_to_gnome_and_the_tails_desktop]]
- [[!traillink Accessibility|first_steps/accessibility]]
- [[!traillink Persistence|first_steps/persistence]]
diff --git a/wiki/src/doc/first_steps/persistence/configure.de.po b/wiki/src/doc/first_steps/persistence/configure.de.po
index 798f257..7162d3b 100644
--- a/wiki/src/doc/first_steps/persistence/configure.de.po
+++ b/wiki/src/doc/first_steps/persistence/configure.de.po
@@ -56,7 +56,7 @@ msgstr ""
msgid ""
"The error message <span class=\"emphasis\">Error, Persistence partition is not\n"
"unlocked.</span> means that the persistent volume was not enabled from\n"
-"<span class=\"application\">Tails greeter</span>. So you can not configure it\n"
+"<span class=\"application\">Tails Greeter</span>. So you can not configure it\n"
"but you can delete it and create a new one.\n"
msgstr ""
diff --git a/wiki/src/doc/first_steps/persistence/configure.fr.po b/wiki/src/doc/first_steps/persistence/configure.fr.po
index 2597e6a..c864ed8 100644
--- a/wiki/src/doc/first_steps/persistence/configure.fr.po
+++ b/wiki/src/doc/first_steps/persistence/configure.fr.po
@@ -61,12 +61,12 @@ msgstr ""
msgid ""
"The error message <span class=\"emphasis\">Error, Persistence partition is not\n"
"unlocked.</span> means that the persistent volume was not enabled from\n"
-"<span class=\"application\">Tails greeter</span>. So you can not configure it\n"
+"<span class=\"application\">Tails Greeter</span>. So you can not configure it\n"
"but you can delete it and create a new one.\n"
msgstr ""
"Le message d'erreur <span class=\"emphasis\">Le volume persistant est\n"
"verrouillé.</span> signifie que le volume persistant n'a pas été rendu accessible via\n"
-"<span class=\"application\">Tails greeter</span>. Vous ne pouvez donc pas le\n"
+"<span class=\"application\">Tails Greeter</span>. Vous ne pouvez donc pas le\n"
"configurer, mais vous pouvez le supprimer et en créer un nouveau.\n"
#. type: Plain text
diff --git a/wiki/src/doc/first_steps/persistence/configure.mdwn b/wiki/src/doc/first_steps/persistence/configure.mdwn
index f4f5445..061d4c8 100644
--- a/wiki/src/doc/first_steps/persistence/configure.mdwn
+++ b/wiki/src/doc/first_steps/persistence/configure.mdwn
@@ -17,7 +17,7 @@ To start the persistent volume assistant, choose
The error message <span class="emphasis">Error, Persistence partition is not
unlocked.</span> means that the persistent volume was not enabled from
-<span class="application">Tails greeter</span>. So you can not configure it
+<span class="application">Tails Greeter</span>. So you can not configure it
but you can delete it and create a new one.
</div>
diff --git a/wiki/src/doc/first_steps/persistence/configure.pt.po b/wiki/src/doc/first_steps/persistence/configure.pt.po
index 3987207..c1364e5 100644
--- a/wiki/src/doc/first_steps/persistence/configure.pt.po
+++ b/wiki/src/doc/first_steps/persistence/configure.pt.po
@@ -60,7 +60,7 @@ msgstr ""
msgid ""
"The error message <span class=\"emphasis\">Error, Persistence partition is not\n"
"unlocked.</span> means that the persistent volume was not enabled from\n"
-"<span class=\"application\">Tails greeter</span>. So you can not configure it\n"
+"<span class=\"application\">Tails Greeter</span>. So you can not configure it\n"
"but you can delete it and create a new one.\n"
msgstr ""
diff --git a/wiki/src/doc/first_steps/startup_options.mdwn b/wiki/src/doc/first_steps/startup_options.mdwn
index 5f4d41b..d1ff6d2 100644
--- a/wiki/src/doc/first_steps/startup_options.mdwn
+++ b/wiki/src/doc/first_steps/startup_options.mdwn
@@ -70,5 +70,6 @@ Then click on the <span class="button">Forward</span> button.
Here is a list of options that you can set using <span class="application">Tails
Greeter</span>:
- - [[Set an administration password|administration_password]]
- - [[Activate Windows camouflage|windows_camouflage]]
+ - [[Administration password|administration_password]]
+ - [[Windows camouflage|windows_camouflage]]
+ - [[MAC address spoofing|mac_spoofing]]
diff --git a/wiki/src/doc/first_steps/startup_options/administration_password.de.po b/wiki/src/doc/first_steps/startup_options/administration_password.de.po
index 28a4f9e..1df38b8 100644
--- a/wiki/src/doc/first_steps/startup_options/administration_password.de.po
+++ b/wiki/src/doc/first_steps/startup_options/administration_password.de.po
@@ -55,13 +55,13 @@ msgstr ""
msgid ""
"In order to perform administration tasks, you need to set up an administration\n"
"password when starting Tails, using [[<span class=\"application\">Tails\n"
-"greeter</span>|startup_options#tails_greeter]].\n"
+"Greeter</span>|startup_options#tails_greeter]].\n"
msgstr ""
#. type: Plain text
#, no-wrap
msgid ""
-"1. When <span class=\"application\">Tails greeter</span> appears, in the\n"
+"1. When <span class=\"application\">Tails Greeter</span> appears, in the\n"
"<span class=\"guilabel\">Welcome to Tails</span> window, click on the\n"
"<span class=\"button\">Yes</span> button. Then click on the\n"
"<span class=\"button\">Forward</span> button to switch to the\n"
diff --git a/wiki/src/doc/first_steps/startup_options/administration_password.fr.po b/wiki/src/doc/first_steps/startup_options/administration_password.fr.po
index a42b570..4a24991 100644
--- a/wiki/src/doc/first_steps/startup_options/administration_password.fr.po
+++ b/wiki/src/doc/first_steps/startup_options/administration_password.fr.po
@@ -57,22 +57,22 @@ msgstr ""
msgid ""
"In order to perform administration tasks, you need to set up an administration\n"
"password when starting Tails, using [[<span class=\"application\">Tails\n"
-"greeter</span>|startup_options#tails_greeter]].\n"
+"Greeter</span>|startup_options#tails_greeter]].\n"
msgstr ""
"Afin d'effectuer des tâches d'administration, vous devez choisir un mot\n"
"de passe d'administration lors du démarrage de Tails, en utilisant [[<span class=\"application\">Tails\n"
-"greeter</span>|startup_options#tails_greeter]].\n"
+"Greeter</span>|startup_options#tails_greeter]].\n"
#. type: Plain text
#, no-wrap
msgid ""
-"1. When <span class=\"application\">Tails greeter</span> appears, in the\n"
+"1. When <span class=\"application\">Tails Greeter</span> appears, in the\n"
"<span class=\"guilabel\">Welcome to Tails</span> window, click on the\n"
"<span class=\"button\">Yes</span> button. Then click on the\n"
"<span class=\"button\">Forward</span> button to switch to the\n"
"<span class=\"guilabel\">Administration password</span> window.\n"
msgstr ""
-"1. Lorsque <span class=\"application\">Tails greeter</span> apparaît, dans\n"
+"1. Lorsque <span class=\"application\">Tails Greeter</span> apparaît, dans\n"
"la fenêtre <span class=\"guilabel\">Bienvenue dans Tails</span>, cliquez sur le\n"
"bouton <span class=\"button\">Oui</span>. Puis cliquez sur le bouton\n"
"<span class=\"button\">Forward</span> pour passer à la fenêtre\n"
diff --git a/wiki/src/doc/first_steps/startup_options/administration_password.mdwn b/wiki/src/doc/first_steps/startup_options/administration_password.mdwn
index 74ed418..42f0983 100644
--- a/wiki/src/doc/first_steps/startup_options/administration_password.mdwn
+++ b/wiki/src/doc/first_steps/startup_options/administration_password.mdwn
@@ -1,4 +1,4 @@
-[[!meta title="Setting an administration password"]]
+[[!meta title="Administration password"]]
In Tails, an administration password is required to perform system
administration tasks.<br/>
@@ -13,28 +13,28 @@ This can prevent an attacker with physical or remote access to your Tails system
to gain administration privileges and perform administration tasks
against your will.
+Set up an administration password
+=================================
+
In order to perform administration tasks, you need to set up an administration
password when starting Tails, using [[<span class="application">Tails
-greeter</span>|startup_options#tails_greeter]].
+Greeter</span>|startup_options#tails_greeter]].
-1. When <span class="application">Tails greeter</span> appears, in the
-<span class="guilabel">Welcome to Tails</span> window, click on the
-<span class="button">Yes</span> button. Then click on the
-<span class="button">Forward</span> button to switch to the
-<span class="guilabel">Administration password</span> window.
+1. When <span class="application">Tails Greeter</span> appears, in the
+ <span class="guilabel">Welcome to Tails</span> window, click on the
+ <span class="button">Yes</span> button. Then click on the
+ <span class="button">Forward</span> button.
-2. In the <span class="guilabel">Administration password</span> window, specify
-a password of your choice in both the <span class="guilabel">Password</span> and
-<span class="guilabel">Verify Password</span> text boxes. Then click on the
-<span class="button">Login</span> button to start the
-<span class="application">GNOME Desktop</span>.
+2. In the <span class="guilabel">Administration password</span> section, specify
+ a password of your choice in both the <span class="guilabel">Password</span>
+ and <span class="guilabel">Verify Password</span> text boxes.
<a id="open_root_terminal"></a>
How to open a root terminal
===========================
-To open a root terminal, you can do any of the following:
+To open a root terminal during your working session, you can do any of the following:
- Choose
<span class="menuchoice">
diff --git a/wiki/src/doc/first_steps/startup_options/administration_password.pt.po b/wiki/src/doc/first_steps/startup_options/administration_password.pt.po
index f54a766..a4271c3 100644
--- a/wiki/src/doc/first_steps/startup_options/administration_password.pt.po
+++ b/wiki/src/doc/first_steps/startup_options/administration_password.pt.po
@@ -70,22 +70,22 @@ msgstr ""
msgid ""
"In order to perform administration tasks, you need to set up an administration\n"
"password when starting Tails, using [[<span class=\"application\">Tails\n"
-"greeter</span>|startup_options#tails_greeter]].\n"
+"Greeter</span>|startup_options#tails_greeter]].\n"
msgstr ""
"Para poder realizar tarefas de administração, você precisa configurar uma senha\n"
"de administração ao iniciar o Tails, usando o [[<span class=\"application\">Tails\n"
-"greeter</span>|startup_options#tails_greeter]].\n"
+"Greeter</span>|startup_options#tails_greeter]].\n"
#. type: Plain text
#, no-wrap
msgid ""
-"1. When <span class=\"application\">Tails greeter</span> appears, in the\n"
+"1. When <span class=\"application\">Tails Greeter</span> appears, in the\n"
"<span class=\"guilabel\">Welcome to Tails</span> window, click on the\n"
"<span class=\"button\">Yes</span> button. Then click on the\n"
"<span class=\"button\">Forward</span> button to switch to the\n"
"<span class=\"guilabel\">Administration password</span> window.\n"
msgstr ""
-"1. Quando o <span class=\"application\">Tails greeter</span> aparecer, na janela\n"
+"1. Quando o <span class=\"application\">Tails Greeter</span> aparecer, na janela\n"
"<span class=\"guilabel\">Bem vindo/a ao Tails</span>, clique no botão\n"
"<span class=\"button\">Sim</span>. Em seguida clique no botão\n"
"<span class=\"button\">Próximo</span> para acessar a janela de\n"
diff --git a/wiki/src/doc/advanced_topics/mac_changer.de.po b/wiki/src/doc/first_steps/startup_options/mac_spoofing.de.po
index 74fbfe6..74fbfe6 100644
--- a/wiki/src/doc/advanced_topics/mac_changer.de.po
+++ b/wiki/src/doc/first_steps/startup_options/mac_spoofing.de.po
diff --git a/wiki/src/doc/advanced_topics/mac_changer.fr.po b/wiki/src/doc/first_steps/startup_options/mac_spoofing.fr.po
index ba4de68..ba4de68 100644
--- a/wiki/src/doc/advanced_topics/mac_changer.fr.po
+++ b/wiki/src/doc/first_steps/startup_options/mac_spoofing.fr.po
diff --git a/wiki/src/doc/first_steps/startup_options/mac_spoofing.mdwn b/wiki/src/doc/first_steps/startup_options/mac_spoofing.mdwn
new file mode 100644
index 0000000..4b8f158
--- /dev/null
+++ b/wiki/src/doc/first_steps/startup_options/mac_spoofing.mdwn
@@ -0,0 +1,133 @@
+[[!meta title="MAC address spoofing"]]
+
+[[!toc]]
+
+What is a MAC address?
+======================
+
+Every network interface — wired or Wi-Fi — has a [[!wikipedia MAC address]] which is
+a serial number defined for each interface from factory by its vendor. MAC addresses
+are used on the local network to identify the communications of each network
+interface.
+
+While your IP address identifies where you are on the Internet, your MAC address
+identifies which device you are using on the local network. MAC addresses are
+only useful on the local network and are not sent over the Internet.
+
+Having such a unique identifier used on the local network can harm your privacy.
+Here are two examples:
+
+1. If you use your laptop to connect to several Wi-Fi networks, the
+same MAC address of your Wi-Fi interface is used on all those local networks. Someone
+observing those networks can recognize your MAC address and **track your
+geographical location**.
+
+2. As explained in our documentation on [[network
+fingerprint|about/fingerprint]], someone observing the traffic coming out of
+your computer on the local network can probably see that you are using Tails. In
+that case, your MAC address can **identify you as a Tails user**.
+
+What is MAC address spoofing?
+=============================
+
+Tails can temporarily change the MAC address of your network interfaces to random
+values for the time of a working session. This is what we call "MAC address
+spoofing". MAC address spoofing hides the serial number of your network interface,
+and so to some extend, who you are, to the local network.
+
+MAC address spoofing is enabled by default in Tails because it is usually
+beneficial. But in some situations it might also lead to connectivity problems
+or make your network activity look suspicious. This documentation explains
+whether to use MAC spoofing or not, depending on your situation.
+
+When to keep MAC address spoofing enabled
+=========================================
+
+**MAC address spoofing is enabled by default for all network interfaces.** This is
+usually beneficial, even if you don't want to hide your geographical location.
+
+Here are a few examples:
+
+* **Using your own computer on an public network without registration**, for
+ example a free Wi-Fi service in a restaurant where you don't need to register with your
+ identity. In this case, MAC address spoofing hides the fact that your computer
+ is connected to this network.
+
+* **Using your own computer on a network that you use frequently**, for example
+ at a friend's place, at work, at university, etc. You already have a strong
+ relationship with this place but MAC address spoofing hides the fact that your
+ computer is connected to this network *at a particular time*. It also hides
+ the fact that you are running Tails on this network.
+
+When to disable MAC address spoofing
+====================================
+
+In some situations MAC address spoofing is not useful but can instead be
+problematic. In such cases, you might want to [[disable MAC address
+spoofing|mac_spoofing#disable]].
+
+Note that even if MAC spoofing is disabled, your anonymity on the Internet is
+preserved:
+
+ - An adversary on the local network can only see encrypted connections to the
+ Tor network.
+ - Your MAC address is not sent over the Internet to the websites that you are
+ visiting.
+
+However, disabling MAC address spoofing makes it possible again for the local
+network to track your geographical location. If this is problematic, consider
+using a different network device or moving to another network.
+
+Here are a few examples:
+
+- **Using a public computer**, for example in an Internet café or a library.
+ This computer is regularly used on this local network, and its MAC address is
+ not associated with your identity. In this case, MAC address spoofing can make
+ it impossible to connect. It can even **look suspicious** to the network
+ administrators to see an unknown MAC address being used on that network.
+
+- On some network interfaces, **MAC address spoofing is impossible** due to
+ limitations in the hardware or in Linux. Tails temporarily disables such
+ network interfaces. You might disable MAC address spoofing to be able to use them.
+
+- Some networks **only allow connections from a list of authorized MAC
+ addresses**. In this case, MAC address spoofing makes it impossible to connect
+ to such networks. If you were granted access to such network in the past, then
+ MAC address spoofing might prevent you from connecting.
+
+- **Using your own computer at home**. Your identity and the MAC address of your
+ computer are already associated to this local network, so MAC address spoofing
+ is probably useless. But if access to your local network is restricted based
+ on MAC addresses it might be impossible to connect with a spoofed MAC address.
+
+<a id="disable"></a>
+
+Disable MAC address spoofing
+============================
+
+You can disable MAC address spoofing from [[<span class="application">Tails
+Greeter</span>|startup_options#tails_greeter]]:
+
+1. When <span class="application">Tails Greeter</span> appears, in the
+ <span class="guilabel">Welcome to Tails</span> window, click on the
+ <span class="button">Yes</span> button. Then click on the
+ <span class="button">Forward</span> button.
+
+2. In the <span class="guilabel">MAC address spoofing</span> section, deselect
+ the <span class="guilabel">Spoof all MAC addresses</span> option.
+
+Other considerations
+====================
+
+- **Other means of surveillance** can reveal your geographical location: video
+ surveillance, mobile phone activity, credit card transactions, social
+ interactions, etc.
+
+- When using **mobile phone connectivity**, such as 3G or GSM, the identifier of
+ your SIM card (IMSI) and the serial number of your phone (IMEI) are always
+ revealed to the mobile phone operator.
+
+- Some [[!wikipedia captive portals]] might send your MAC address over the
+ Internet to their authentication servers. This should not affect your decision
+ regarding MAC address spoofing. If you decide to disable MAC address spoofing
+ your computer can already be identified by your ISP.
diff --git a/wiki/src/doc/advanced_topics/mac_changer.pt.po b/wiki/src/doc/first_steps/startup_options/mac_spoofing.pt.po
index 74fbfe6..74fbfe6 100644
--- a/wiki/src/doc/advanced_topics/mac_changer.pt.po
+++ b/wiki/src/doc/first_steps/startup_options/mac_spoofing.pt.po
diff --git a/wiki/src/doc/first_steps/startup_options/windows_camouflage.de.po b/wiki/src/doc/first_steps/startup_options/windows_camouflage.de.po
index db38f3c..c17031a 100644
--- a/wiki/src/doc/first_steps/startup_options/windows_camouflage.de.po
+++ b/wiki/src/doc/first_steps/startup_options/windows_camouflage.de.po
@@ -36,7 +36,7 @@ msgstr ""
#, no-wrap
msgid ""
"When Tails is starting up the Windows camouflage can be activated in\n"
-"[[<span class=\"application\">Tails greeter</span>|startup_options#tails_greeter]]\n"
+"[[<span class=\"application\">Tails Greeter</span>|startup_options#tails_greeter]]\n"
"by choosing <span class=\"button\">Yes</span> to <span\n"
"class=\"button\">More options?</span> and then enabling the checkbox\n"
"labelled <span class=\"button\">Activate Microsoft Windows XP\n"
diff --git a/wiki/src/doc/first_steps/startup_options/windows_camouflage.fr.po b/wiki/src/doc/first_steps/startup_options/windows_camouflage.fr.po
index 2c52551..52efae1 100644
--- a/wiki/src/doc/first_steps/startup_options/windows_camouflage.fr.po
+++ b/wiki/src/doc/first_steps/startup_options/windows_camouflage.fr.po
@@ -35,14 +35,14 @@ msgstr ""
#, no-wrap
msgid ""
"When Tails is starting up the Windows camouflage can be activated in\n"
-"[[<span class=\"application\">Tails greeter</span>|startup_options#tails_greeter]]\n"
+"[[<span class=\"application\">Tails Greeter</span>|startup_options#tails_greeter]]\n"
"by choosing <span class=\"button\">Yes</span> to <span\n"
"class=\"button\">More options?</span> and then enabling the checkbox\n"
"labelled <span class=\"button\">Activate Microsoft Windows XP\n"
"Camouflage</span>.\n"
msgstr ""
"Lorsque Tails démarre, le camouflage Windows peut être activé via\n"
-"[[<span class=\"application\">Tails greeter</span>|startup_options#tails_greeter]]\n"
+"[[<span class=\"application\">Tails Greeter</span>|startup_options#tails_greeter]]\n"
"en choisissant <span class=\"button\">Oui</span> à la question\n"
"<span class=\"button\">Plus d'options ?</span> puis en cochant\n"
"<span class=\"button\">Activate Microsoft Windows XP\n"
diff --git a/wiki/src/doc/first_steps/startup_options/windows_camouflage.mdwn b/wiki/src/doc/first_steps/startup_options/windows_camouflage.mdwn
index b40dea8..0fbee31 100644
--- a/wiki/src/doc/first_steps/startup_options/windows_camouflage.mdwn
+++ b/wiki/src/doc/first_steps/startup_options/windows_camouflage.mdwn
@@ -4,12 +4,20 @@ If you are using a computer in public you may want to avoid attracting
unwanted attention by changing the way Tails looks into something that
resembles Microsoft Windows XP.
-When Tails is starting up the Windows camouflage can be activated in
-[[<span class="application">Tails greeter</span>|startup_options#tails_greeter]]
-by choosing <span class="button">Yes</span> to <span
-class="button">More options?</span> and then enabling the checkbox
-labelled <span class="button">Activate Microsoft Windows XP
-Camouflage</span>.
+Activate the Windows camouflage
+===============================
+
+The Windows camouflage can be activated from [[<span class="application">Tails
+Greeter</span>|startup_options#tails_greeter]]:
+
+1. When <span class="application">Tails Greeter</span> appears, in the
+ <span class="guilabel">Welcome to Tails</span> window, click on the
+ <span class="button">Yes</span> button. Then click on the
+ <span class="button">Forward</span> button.
+
+2. In the <span class="guilabel">Windows camouflage</span> section, select the
+ <span class="guilabel">Activate Microsoft Windows XP Camouflage</span>
+ option.
This is how your Tails desktop will look like:
diff --git a/wiki/src/doc/first_steps/startup_options/windows_camouflage.pt.po b/wiki/src/doc/first_steps/startup_options/windows_camouflage.pt.po
index 89b472c..3681af7 100644
--- a/wiki/src/doc/first_steps/startup_options/windows_camouflage.pt.po
+++ b/wiki/src/doc/first_steps/startup_options/windows_camouflage.pt.po
@@ -28,14 +28,14 @@ msgstr "Se você está usando um computador em público, você pode querer evita
#, no-wrap
msgid ""
"When Tails is starting up the Windows camouflage can be activated in\n"
-"[[<span class=\"application\">Tails greeter</span>|startup_options#tails_greeter]]\n"
+"[[<span class=\"application\">Tails Greeter</span>|startup_options#tails_greeter]]\n"
"by choosing <span class=\"button\">Yes</span> to <span\n"
"class=\"button\">More options?</span> and then enabling the checkbox\n"
"labelled <span class=\"button\">Activate Microsoft Windows XP\n"
"Camouflage</span>.\n"
msgstr ""
"Quando Tails estiver iniciando, a Camuflagem Windows pode ser ativada no\n"
-"[[<span class=\"application\">Tails greeter</span>|startup_options#tails_greeter]]\n"
+"[[<span class=\"application\">Tails Greeter</span>|startup_options#tails_greeter]]\n"
"escolhendo <span class=\"button\">Sim</span> para<span\n"
"class=\"button\">Mais opções?</span> e então habilitando o botão\n"
"<span class=\"button\">Activate Microsoft Windows XP\n"
diff --git a/wiki/src/local.css b/wiki/src/local.css
index 7c6bf81..a6cc098 100644
--- a/wiki/src/local.css
+++ b/wiki/src/local.css
@@ -266,7 +266,7 @@ parentlinks {
margin-right: 2em;
}
-/* sidebar */
+/* Sidebar */
.sidebar {
position: relative;
@@ -376,6 +376,8 @@ parentlinks {
border-rigth: none;
}
+/* Links */
+
a {
color: #888;
text-decoration: none;