1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
|
[[!meta title="Get Tails"]]
<strong>Tails is [[!wikipedia Free_software desc="free software"]], you can
download it, use it and share it without restriction.</strong>
<div id="page-download">
[[!toc levels=2]]
<div id="first_time_user">
<h1>1. First time user?</h1>
<ul>
<li>If you don't know what a metadata or a man-in-the-middle attack
is.</li>
<li>If you think no-one can eavesdrop on your communications
as long as you are using Tor.</li>
<li>If you have no notion on how Tails works.</li>
</ul>
<strong>Then, check first the [[overview|doc/overview]] and
[[warning|doc/warning]] pages to make sure that Tails is the right tool
for you and that you understand well its limitations.</strong>
</div>
<div id="download_the_image" class="container">
<h1>2. Download the ISO image</h1>
<div id="http">
<h2>Direct download</h2>
<h3>Latest release</h3>
<p>
<a id='http-pool' href=[[!inline pages="inc/stable_i386_iso_url" raw="yes"]]>
Tails [[!inline pages="inc/stable_i386_version" raw="yes"]]
</a>
</p>
<h3>Release candidates</h3>
<p>
<strong>Warning!</strong> Please try release candidates for
testing purposes but do <strong>not</strong> rely on these
for anything. No guarantee, blablabla.
</p>
<p>
<a href='http://dl.amnesia.boum.org/tails/testing/'>
Release candidates
</a>
</p>
<h3>Set up a web mirror</h3>
<p>If you're running a web server, you're most welcome to help us spread
Tails by [[setting up a web mirror|contribute/how/mirror]].</p>
</div> <!-- #http -->
<div id="bittorrent">
<h2>BitTorrent</h2>
<h3>Latest release</h3>
<p>
[[!map pages="torrents/files/*.torrent"]]
</p>
<h3>Cryptographic signatures</h3>
<p>Here are the OpenPGP signatures for the BitTorrent files
listed above:</p>
[[!map pages="torrents/files/*.torrent.asc"]]
<h3>Seed back!</h3>
<p>Seeing back the image once you downloaded it is also a nice
and easy way of helping spread Tails.</p>
</div> <!-- #bittorrent -->
</div> <!-- #download_the_image .container -->
<div id="verify">
<h1>3. Verify the ISO image</h1>
<p>It is important to check the [[!wikipedia Data_integrity
desc="integrity"]] of the ISO image you downloaded to make sure that the
download went well.</p>
<p><strong>Warning: the following techniques don't provide you with a
strong way of checking the ISO image [[!wikipedia Authentication
desc="authenticity"]] and making sure you downloaded a genuine
Tails.</strong></p>
<p>Those techniques rely on standard HTTPS and [[!wikipedia
Certificate_authority desc="certificate authorities"]] to make you
trust the content of this website. But, [[as explained on our warning
page|doc/warning#index3h1]], you could still be victim of a
man-in-the-middle attack while using HTTPS. On this website as much as
on any other of the Internet.</p>
<p>It is anyway a good thing to check the ISO image integrity first. We
will propose you after that some more advanced techniques to <a
href="#authenticity-check">check the authenticity of the ISO
image</a>.</p>
<p>All Tails ISO image are cryptographically signed by our OpenPGP key.
OpenPGP is a standard for data encryption that provides cryptographic
privacy and authentication through the use of keys owned by its users.
Checking this signature is the recommended way of checking the ISO image
integrity.</p>
<p>Do you want to check the ISO image integrity:</p>
<ul id="verify-the-iso-options">
<li id="verify-the-iso-option-gnome"><a href="#verify-the-iso-with-gnome">
Using Linux with Gnome: Ubuntu, Debian, Tails, Fedora, etc.</a></li>
<li id="verify-the-iso-option-terminal"><a href="#verify-the-iso-with-terminal">
Using Linux with the command line
</a></li>
<li id="verify-the-iso-option-others"><a href="#verify-the-iso-with-others">
Using other operating systems
</a></li>
</ul>
<div id="verify-the-iso-with-gnome">
<h2><a name="verify-the-iso-with-gnome"></a>Using Linux with Gnome:
Ubuntu, Debian, Tails, Fedora, etc.</h2>
<p>You need to have the <code>seahorse-plugins</code> package
installed. If you're not sure or want to install it, under Debian,
Ubuntu or Tails you can issue the following commands:</p>
<pre>
sudo apt-get update
sudo apt-get install seahorse-plugins
</pre>
<p>First, download [[!tails_website tails-signing.key desc="Tails
signing key"]].</p>
<p>Your browser should propose you to open it with "Import Key". Choose
this action. It will add Tails signing key to your keyring, the
collection of OpenPGP keys you already imported:</p>
<p><img src="download/import_key.png" alt="What should Iceweasel do
with this file? Open with: Import Key (default)"/></p>
<p>You will get notified will the following message:</p>
<p><img src="download/keys_imported.png" alt="Keys Imported. Imported
keys for T <amnesia@boum.org> (A) Amnesia <amnesia@boum.org>"/></p>
<p>Now, download the cryptographic signature corresponding to the ISO
image you want to verify:</p>
<ul>
<li><a href=[[!inline pages="inc/stable_i386_sig_url" raw="yes"]]>
[[!inline pages="inc/stable_i386_sig_filename" raw="yes"]]</a></li>
</ul>
<p>Your browser should propose you to open it with "Verify Signature".
Choose this action to start the cryptographic verification:</p>
<p><img src="download/verify_signature.png" alt="What should Iceweasel
do with this file? Open with: Verify Signature (default)"/></p>
<p>Browse your files to select the Tails ISO image you want to verify.
Then, the verification will start. It can take several minutes:</p>
<p><img src="download/verifying.png" alt="Verifying"/></p>
<p><strong>If the ISO image is correct</strong> you will get a
notification telling you that the signature is good:</p>
<p><img src="download/good_signature.png" alt="Goog Signature"]]/></p>
<p><strong>If the ISO image is not correct</strong> you will get a
notification telling you that the signature is bad:</p>
<p><img src="download/bad_signature.png" alt="Bad Signature: Bad of
forged signature."]]/></p>
</div>
<div id="verify-the-iso-with-terminal">
<h2><a name="verify-the-iso-with-terminal"></a>Using Linux with the
command line</h2>
<p>You need to have GnuPG</code> installed. GnuPG is the common OpenPGP
implementation for Linux: it is installed by default under Debian,
Ubuntu, Tails and many other distributions.</p>
<p>First, download [[!tails_website tails-signing.key desc="Tails
signing key"]].</p>
<p>Open a terminal and import Tails signing key with the following
commands:</p>
<pre>
cd [the directory in which you downloaded the key]
cat tails-signing.key | gpg --import
</pre>
<p>The output should tell you that the key was imported:</p>
<pre>
gpg: key F93E735F: public key "Amnesia <amnesia@boum.org>" imported
gpg: key BE2CD9C1: public key "T(A)ILS developers (signing key) <amnesia@boum.org>" imported
gpg: Total number processed: 2
gpg: imported: 2 (RSA: 2)
</pre>
<p>If you had already imported Tails signing key in the past, the output
should tell you that the key was not changed:</p>
<pre>
gpg: key F93E735F: "Amnesia <amnesia@boum.org>" not changed
gpg: key BE2CD9C1: "T(A)ILS developers (signing key) <amnesia@boum.org>" not changed
gpg: Total number processed: 2
gpg: unchanged: 2
</pre>
<p>Now, download the cryptographic signature corresponding to the ISO
image you want to verify and save it in the same folder as the ISO
image:</p>
<ul>
<li><a href=[[!inline pages="inc/stable_i386_sig_url" raw="yes"]]>
[[!inline pages="inc/stable_i386_sig_filename" raw="yes"]]</a></li>
</ul>
<p>Then start the cryptographic verification, it can take several
minutes:</p>
<pre>
cd [the ISO image directory]
gpg --verify tails-i386-0.7.1.iso.pgp tails-i386-0.7.1.iso
</pre>
<p><strong>If the ISO image is correct</strong> the output will tell you
that the signature is good:</p>
<pre>
gpg: Signature made Sat 30 Apr 2011 10:53:23 AM CEST
gpg: using RSA key 1202821CBE2CD9C1
gpg: Good signature from "T(A)ILS developers (signing key) <amnesia@boum.org>"
</pre>
<p><strong>If the ISO image is not correct</strong> the output will tell
you that the signature is bad:</p>
<pre>
gpg: Signature made Sat 30 Apr 2011 10:53:23 AM CEST
gpg: using RSA key 1202821CBE2CD9C1
gpg: BAD signature from "T(A)ILS developers (signing key) <amnesia@boum.org>"
</pre>
</div>
<div id="verify-the-iso-with-others">
<h2><a name="verify-the-iso-with-others"></a>Using other operating
systems</h2>
<h3>Using Firefox</h3>
<p>This technique is not using the cryptographic signature as the others
do. We propose it because it's especially easy for Windows users.</p>
<p>Install the CheckIt extension for Firefox available <a
href="https://addons.mozilla.org/en-US/firefox/addon/checkit/">here</a>
and restart Firefox.</p>
<p>Here is the checksum (a kind of digital fingerprint) of the ISO
image. Select it with your cursor:</p>
<pre>[[!inline pages="inc/stable_i386_hash" raw="yes"]]</pre>
<p>Right-click on it and choose "Selected hash (SHA256)" from the
contextual menu:</p>
<p><img src="download/selected_hash.png"/></p>
<p>From the dialog box that shows up, open the ISO image. Then wait for
the checksum to compute. This will take several seconds during which
your browser will be unresponsive.</p>
<p><strong>If the ISO image is correct</strong> you will get a
notification saying that the checksums match:</p>
<p><img src="download/checksums_match.png"/></p>
<p><strong>If the ISO image is not correct</strong> you will get a
notification telling you that the checksums do not match:</p>
<p><img src="download/checksums_do_not_match.png"/></p>
<h3>Using the cryptographic signature</h3>
<p>GnuPG, a common free software implementation of OpenPGP has versions
and graphical frontends for both Windows and Mac OS X. This also make it
possible to check the cryptographic signature with those operating
systems:</p>
<ul>
<li>[[Gpg4win|http://www.gpg4win.org/]], for Windows</li>
<li>[[GPGTools|http://www.gpgtools.org/]], for Mac OS X</li>
</ul>
<p>You will find on either of those websites detailed documentation on
how to install and use them.</p>
<h3>For Windows using Gpg4win</h3>
<p>After installing Gpg4win, download [[!tails_website tails-signing.key
desc="Tails signing key"]].</p>
<p>[[Consult the Gpg4win documentation to import
it|http://www.gpg4win.org/doc/en/gpg4win-compendium_15.html]]</p>
<p>Then, download the cryptographic signature corresponding to the ISO
image you want to verify:</p>
<ul>
<li><a href=[[!inline pages="inc/stable_i386_sig_url" raw="yes"]]>
[[!inline pages="inc/stable_i386_sig_filename" raw="yes"]]</a></li>
</ul>
<p>[[Consult the Gpg4win documentation to check the
signature|http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html#id4]]</p>
<h3>For Mac OS X using GPGTools</h3>
<p>After installing GPGTools, you should be able to follow the
instruction <a href="#verify-the-iso-with-terminal">using Linux with the
command line</a>. To open the command line, navigate to your
Applications folder, open Utilities, and double click on Terminal.</p>
</div>
<h2><a name="authenticity-check"></a>So how can I check better the ISO
image authenticity?</h2>
<p>But the Tails signing key that you downloaded from this website could
be a fake one if you were victim of a [[man-in-the-middle
attack|doc/warning#index3h1]].
<p>Finding a way of trusting better Tails signing key would allow you to
authenticate better the ISO image you downloaded. The following section
will give you hints on how to increase the trust you can put in the
Tails signing key you downloaded.</p>
<p>We will present you three techniques from the easiest to the safest.
Again, none of them is a perfect and magic solution. Feel free to
explore them according to your possibilities and technical skills.</p>
<p>Note that since all Tails releases are signed with the same key, you
will not have to verify the key every time and the trust you might
progressively build in it will be built once and for all. Still, you
will have to check the ISO image every time you download a new one!</p>
<h3>Correlates several download of Tails signing key</h3>
<p>A simple technique to increase the trust you can put in Tails signing
key would be to download it several times, from several locations,
several computers, possibly several countries, etc.</p>
<p>For example you could save them every time with a different name in
the same directory on a USB stick. Then run the following command from
a terminal to check whether all the keys are identical:</p>
<pre>
cd [your download directory]
sha256sum tails-signing*.key
</pre>
<p>This command would output something like this:</p>
<pre>
f11c8e27f86e173bc14be342d7d97042d5e4ee6fa0ddfd55b2ec3fabe4e55e43 tails-signing-desktop.key
f11c8e27f86e173bc14be342d7d97042d5e4ee6fa0ddfd55b2ec3fabe4e55e43 tails-signing-laptop.key
f11c8e27f86e173bc14be342d7d97042d5e4ee6fa0ddfd55b2ec3fabe4e55e43 tails-signing-library.key
f11c8e27f86e173bc14be342d7d97042d5e4ee6fa0ddfd55b2ec3fabe4e55e43 tails-signing-seattle.key
</pre>
<p>You would then need to visually check that all the checksums of the
first column are the same, meaning that the keys are identical.</p>
<p>You could also use this technique to compare keys downloaded by your
friends or other people you trust.</p>
<h3>Using the OpenPGP Web of Trust</h3>
<p>If you want to be extra cautious and really authenticate Tails
signing key in a stronger way than what standard HTTPS offers you, you
will need to use the OpenPGP Web of Trust.</p>
<p>One of the inherent problems of standard HTTPS is that the trust we
usually put on a website is defined by certificate authorities: a
hierarchical and closed set of companies and governmental institutions
approved by web browser vendors. This model of trust has long been
criticized and proved several times to be vulnerable to attacks [[as
explained on our warning page|doc/warning#index3h1]].</p>
<p>We believe instead that users should be given the final say when
trusting a website, and that designation of trust should be done on the
basis of human interaction.</p>
<p>The OpenPGP [[!wikipedia Web_of_Trust desc="Web of Trust"]] is a
decentralized trust model based on OpenPGP keys. Let's see that with an
example.</p>
<p><em>You're a friend of Alice and really trust her way of managing
OpenPGP keys. You're trusting Alice's key.</em></p>
<p><em>Furthermore, Alice met Bob, a Tails developer, in a conference,
and signed Bob's key. Alice is trusting Bob's key.</em></p>
<p><em>Bob is a Tails developer who directly owns the Tails signing key.
Bob fully trusts Tails signing key.</em></p>
<p>This scenario creates a trust path from you to Tails signing key
that could allow you to trust it without having to depend on
certificate authorities.</p>
<p>This trust model is not perfect either and requires both caution and
intelligent supervision by users. The technical details of creating,
managing and trusting OpenPGP keys is outside of the scope of this
document.</p>
<p>We also acknowledge that not everybody might be able to create good
trust path to Tails signing key since it based on a network of direct
human relationships and the knowledge of quite complex tools such as
OpenPGP.</p>
<h3>Check Tails signing key against the Debian keyring</h3>
<p>Following the previous scenario, when Alice met Bob, a Tails
developer, she could make a new signature on Tails signing key with her
own key to certify this trust relationship and make it public. Tails
signing key would now come along with a signature made by Alice.</p>
<p>Tails signing key is actually already signed by the keys of several
official developers of Debian, the operating system on which Tails is
based. Debian makes an extensive use of OpenPGP and you can download the
keys of all Debian developers by installing the
<code>debian-keyring</code> package. You can then verify the signatures
those developers made with their own key on Tails signing key.</p>
<p>To download the Debian keyring you can do:</p>
<pre>sudo apt-get install debian-keyring</pre>
<p>To get a list of the signatures made by other people on Tails signing
key you can do:</p>
<pre>gpg --keyid-format long --list-sigs 1202821CBE2CD9C1</pre>
<p>You will get something like this:</p>
<pre>
pub 4096R/1202821CBE2CD9C1 2010-10-07 [expires: 2012-10-06]
uid T(A)ILS developers (signing key) <amnesia@boum.org>
sig 3 1202821CBE2CD9C1 2010-10-07 T(A)ILS developers (signing key) <amnesia@boum.org>
sig BACE15D2A57498FF 2010-10-07 [User ID not found]
sig 8CBF9A322861A790 2010-12-24 [User ID not found]
sig 7EF27D76B2177E1F 2010-12-27 [User ID not found]
sig CCD2ED94D21739E9 2010-12-29 [User ID not found]
</pre>
<p>The lines ending with '[User ID not found]' are signatures made by
keys you still don't have in your keyring. You could try to search for
them in the Debian keyring by their key ID: the 16 digit code between
the 'sig' tag and the date. You could for example do:</p>
<pre>gpg --keyid-format long --keyring=/usr/share/keyrings/debian-keyring.gpg --list-key CCD2ED94D21739E9</pre>
<p>If this signature corresponds to a key in the Debian keyring you
will get something like this:</p>
<pre>
pub 4096R/CCD2ED94D21739E9 2007-06-02 [expires: 2012-05-31]
uid Daniel Kahn Gillmor <dkg@fifthhorseman.net>
uid Daniel Kahn Gillmor <dkg@openflows.com>
uid [jpeg image of size 3515]
uid Daniel Kahn Gillmor <dkg@debian.org>
sub 4096R/C61BD3EC21484CFF 2007-06-02 [expires: 2012-05-31]
sub 2048R/125868EA4BFA08E4 2008-06-19 [expires: 2011-05-31]
</pre>
<p>You can then import it in your own keyring by doing:</p>
<pre>gpg --keyring=/usr/share/keyrings/debian-keyring.gpg --export CCD2ED94D21739E9 | gpg --import</pre>
<p>Now you can try to verify the signature made by this new key on Tails
signing key by doing:</p>
<pre>gpg --keyid-format long --check-sigs 1202821CBE2CD9C1</pre>
<p>On the output, The status of the verification is indicated by a flag
directly following the "sig" tag. A "!" indicates that the signature has
been successfully verified, a "-" denotes a bad signature and a "%" is
used if an error occurred while checking the signature (e.g. a non
supported algorithm). For example, in the following output the signature
of Daniel Kahn Gillmor on Tails signing key has been successfully
verified:</p>
<pre>
pub 4096R/1202821CBE2CD9C1 2010-10-07 [expires: 2012-10-06]
uid T(A)ILS developers (signing key) <amnesia@boum.org>
sig!3 1202821CBE2CD9C1 2010-10-07 T(A)ILS developers (signing key) <amnesia@boum.org>
sig! CCD2ED94D21739E9 2010-12-29 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 signatures not checked due to missing keys
</pre>
<h3>Get into the Web of Trust!</h3>
<p>Since the Web of Trust is actually based on human relationships and
real-life interactions the best would be to start establishing contacts
with people knowledgeable about OpenPGP, start using it yourself and
build trust relationships in order to find your own trust path to Tails
signing key.</p>
<p>You could start by contacting a local [[!wikipedia Linux_User_Group
desc="%s"]] or other Tails enthusiasts near you and exchange about
their OpenPGP practices.</p>
<h3>Further reading on OpenPGP</h3>
<ul>
<li>[[!wikipedia GnuPG desc="Wikipedia: %s"]], a free OpenPGP
software</li>
<li><a href="http://www.apache.org/dev/openpgp.html">Apache: How To
OpenPGP</a></li>
<li><a href="http://www.debian.org/events/keysigning">Debian:
Keysigning</a>, a tutorial on sign keys of other people</li>
<li><a href="http://www.rubin.ch/pgp/weboftrust.en.html">rubin.ch:
Explanation of the web of trust of PGP</a></li>
</ul>
<h2>FIXME: What to do if the image is bad?</h2>
</div> <!-- #verify -->
<div id="support">
<h1>4. Burn a CD or install onto a USB stick</h1>
<p>Every ISO image we ship can be either burn on a CD or installed onto a USB stick.</p>
<h2>Burning a CD</h2>
<ul>
<li>CDs are read-only so your Tails can't be altered by a virus or an
attacker.</li>
<li>CDs are cheap but you will need to burn a new CD each time you
will update your Tails version (hint: CD-RW).</li>
</ul>
<p>For detailed instructions on how to burn an ISO image under Linux,
Windows or Mac OS X you can consult <a
href="https://help.ubuntu.com/community/BurningIsoHowto">the
corresponding Ubuntu documentation</a>: just replace the Ubuntu ISO
image by the Tails ISO image you downloaded and ignore the part on
verifying the data integrity since you've already done that.</p>
<h2>Installing onto a USB stick</h2>
<p><strong>The content of the USB stick will be lost in the
operation.</strong></p>
<ul>
<li>An attacker with physical access to your USB stick or through a
virus could alter your Tails.</li>
<li>USB sticks can be reused across Tails versions.</li>
<li>USB sticks are smaller to fit in your pocket.</li>
<li>Older computers might not be able to start from a USB stick.</li>
<li>This technique also works for [[!wikipedia SD_card desc="SD
cards"]]. Some SD cards have a read-only switch that can prevent your
Tails from being altered.</li>
</ul>
<ul>
<li>[[Instructions for Linux|doc/installing_onto_a_usb_stick/linux]]</li>
<li>[[Instructions for Windows|doc/installing_onto_a_usb_stick/windows]]</li>
</ul>
<p><strong>FIXME:</strong> mention Intel-based Mac users
sometimes need to upgrade their firmware to get the keyboard
working in the syslinux boot menu.</p>
</div> <!-- #support -->
<div id="stay_tuned">
<h1>5. Stay tuned</h1>
<p>
<strong>It's very important to keep your Tails version up-to-date, otherwise
your system will be vulnerable to numerous security holes.</strong> The
development team is doing its best to release new versions fixing known
security holes on a regular basis.
</p>
<p>New versions are announced on:</p>
<ul>
<li>our <a href='https://boum.org/mailman/listinfo/amnesia-news'>news
mailing-list</a></li>
<li>our <a href='torrents/rss/index.rss'>RSS</a> and <a
href='/torrents/rss/index.atom'>Atom</a> feeds that announces new
available BitTorrent files.</li>
</ul>
<p>Refer to our [[security announcements|/security]] feed for more
detailed information about the security holes affecting Tails.
Furthermore you will be automatically notified of the security holes
affecting the version you are using at the startup of a new Tails
session.</p>
<p>Since Tails is based on Debian, it takes advantages of the all of the
work done by the Debian security team. As quoted from <a
href="http://security.debian.org/">(http://security.debian.org/)</a>:</p>
<blockquote>Debian takes security very seriously. We handle all
security problems brought to our attention and ensure that they are
corrected within a reasonable timeframe. Many advisories are coordinated
with other free software vendors and are published the same day a
vulnerability is made public and we also have a Security Audit team that
reviews the archive looking for new or unfixed security bugs.
</blockquote>
<blockquote>Experience has shown that "security through obscurity" does
not work. Public disclosure allows for more rapid and better solutions
to security problems. In that vein, this page addresses Debian's status
with respect to various known security holes, which could potentially
affect Debian.</blockquote>
</div> <!-- #stay_tuned-->
<div id="boot">
<h1>6. Starting Tails!</h1>
<p>Now that you have a Tails CD or USB stick you can shutdown your
computer and start using Tails without altering your existing operating
system.</p>
<p><strong>If you're using a CD:</strong> Put the Tails CD into the
CD/DVD-drive and restart the computer. You should see a welcome screen
prompting you to choose your language.</p>
<p>If you don't get this menu, you can consult the Ubuntu documentation
about <a href="https://help.ubuntu.com/community/BootFromCD">booting
from the CD</a> for more information, especially the part on the <a
href="https://help.ubuntu.com/community/BootFromCD#BIOS%20is%20not%20set%20to%20boot%20from%20CD%20or%20DVD%20drive">
BIOS settings</a>.</p>
<p><strong>If you're using a USB stick:</strong> Shutdown the computer,
plug in your USB stick and start the computer. You should see a welcome
screen prompting you to choose your language.</p>
<p>If your computer does not automatically do so, you might need to edit
the BIOS settings. Restart your computer, and watch for a message
telling you which key to press to enter the BIOS setup. It will usually
be one of F1, F2, DEL, ESC or F10. Press this key while your computer is
booting to edit your BIOS settings. You need to edit the Boot Order.
Depending on your computer you should see an entry for 'removable drive'
or 'USB media'. Move this to the top of the list to force the computer
to attempt to boot from USB before booting from the hard disk. Save your
changes and continue.</p>
<p>For more detailed instruction on how to boot from USB you can read <a
href="http://pcsupport.about.com/od/tipstricks/ht/bootusbflash.htm">About.com:
How To Boot your Computer from a Bootable USB Device</a></p>
<p>If you have problems accessing the BIOS, try to read <a
href="http://www.pendrivelinux.com/how-to-access-bios/">pendrivelinux.com:
How to Access BIOS</a></p>
</div><!-- #boot" -->
</div> <!-- #download -->
|