summaryrefslogtreecommitdiffstats
path: root/wiki/src/download.html
blob: ef6a674d5f8cf02ebb7b77f98a04fcbc41210e9d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
[[!meta title="Get Tails"]]

<strong>Tails is [[!wikipedia Free_software desc="free software"]], you can
download it, use it and share it without restriction.</strong>

<div id="page-download">

[[!toc levels=2]]

<div id="first_time_user">

	<h1>1. First time user?</h1>

	<ul>
	<li>If you don't know what a metadata or a man-in-the-middle attack
	is.</li>
	<li>If you think no-one can eavesdrop on your communications
	as long as you are using Tor.</li>
	<li>If you have no notion on how Tails works.</li>
	</ul>

	<strong>Then, check first the [[overview|doc/overview]] and
	[[warning|doc/warning]] pages to make sure that Tails is the right tool
	for you and that you understand well its limitations.</strong>

</div>

<div id="download_the_image" class="container">

	<h1>2. Download the ISO image</h1>

<div id="http">

	<h2>Direct download</h2>

	<h3>Latest release</h3>

	<p>
	<a id='http-pool' href=[[!inline pages="inc/stable_i386_iso_url" raw="yes"]]>
	Tails [[!inline pages="inc/stable_i386_version" raw="yes"]]
	</a>
	</p>

	<h3>Release candidates</h3>

	<p>
	  <strong>Warning!</strong> Please try release candidates for
	  testing purposes but do <strong>not</strong> rely on these
	  for anything. No guarantee, blablabla.
	</p>

	<p>
	  <a href='http://dl.amnesia.boum.org/tails/testing/'>
	    Release candidates
	  </a>
	</p>

	<h3>Set up a web mirror</h3>

	<p>If you're running a web server, you're most welcome to help us spread
	Tails by [[setting up a web mirror|contribute/how/mirror]].</p>

</div> <!-- #http -->
	<div id="bittorrent">

		<h2>BitTorrent</h2>

		<h3>Latest release</h3>

		<p>
		[[!map pages="torrents/files/*.torrent"]]
		</p>

		<h3>Cryptographic signatures</h3>

		<p>Here are the OpenPGP signatures for the BitTorrent files
		listed above:</p>

		[[!map pages="torrents/files/*.torrent.asc"]]

		<h3>Seed back!</h3>

		<p>Seeing back the image once you downloaded it is also a nice
		and easy way of helping spread Tails.</p>

	</div> <!-- #bittorrent -->


</div> <!-- #download_the_image .container -->

<div id="verify">

	<h1>3. Verify the ISO image</h1>

	<p>It is important to check the [[!wikipedia Data_integrity
	desc="integrity"]] of the ISO image you downloaded to make sure that the
	download went well.</p>

	<p><strong>Warning: the following techniques don't provide you with a
	strong way of checking the ISO image [[!wikipedia Authentication
	desc="authenticity"]] and making sure you downloaded a genuine
	Tails.</strong></p>

	<p>Those techniques rely on standard HTTPS and [[!wikipedia
	Certificate_authority desc="certificate authorities"]] to make you
	trust the content of this website. But, [[as explained on our warning
	page|doc/warning#index3h1]], you could still be victim of a
	man-in-the-middle attack while using HTTPS. On this website as much as
	on any other of the Internet.</p>

	<p>It is anyway a good thing to check the ISO image integrity first. We
	will propose you after that some more advanced techniques to <a
	href="#authenticity-check">check the authenticity of the ISO
	image</a>.</p>

	<p>All Tails ISO image are cryptographically signed by our OpenPGP key.
	OpenPGP is a standard for data encryption that provides cryptographic
	privacy and authentication through the use of keys owned by its users.
	Checking this signature is the recommended way of checking the ISO image
	integrity.</p>

	<p>Do you want to check the ISO image integrity:</p>
	<ul>
	  <li>
	  [[!toggle id="verify_the_iso_image_using_gnome"
	  text="Using Linux with Gnome: Ubuntu, Debian, Tails, Fedora, etc."]]
	  </li>
	  <li>
	  [[!toggle id="verify_the_iso_image_using_the_command_line"
	  text="Using Linux with the command line"]]
	  </li>
	  <li>
	  [[!toggle id="verify_the_iso_image_using_other_operating_systems"
	  text="Using other operating systems"]]
	  </li>
	</ul>

	[[!toggleable id="verify_the_iso_image_using_gnome" text="""
	<h2>Using Linux with Gnome: Ubuntu, Debian, Tails, Fedora, etc.</h2>

	<p>You need to have the <code>seahorse-plugins</code> package
	installed. If you're not sure or want to install it, under Debian,
	Ubuntu or Tails you can issue the following commands:</p>

<pre>
sudo apt-get update
sudo apt-get install seahorse-plugins
</pre>

	<p>First, download [[!tails_website tails-signing.key desc="Tails
	signing key"]].</p>

	<p>Your browser should propose you to open it with "Import Key". Choose
	this action. It will add Tails signing key to your keyring, the
	collection of OpenPGP keys you already imported:</p>

	<p><img src="download/import_key.png" alt="What should Iceweasel do
	with this file? Open with: Import Key (default)"/></p>

	<p>You will get notified will the following message:</p>

	<p><img src="download/keys_imported.png" alt="Keys Imported. Imported
	keys for T <amnesia@boum.org> (A) Amnesia <amnesia@boum.org>"/></p>

	<p>Now, download the cryptographic signature corresponding to the ISO
	image you want to verify:</p>

	<ul>
	  <li><a href=[[!inline pages="inc/stable_i386_sig_url" raw="yes"]]>
	  [[!inline pages="inc/stable_i386_sig_filename" raw="yes"]]</a></li>
	</ul>

	<p>Your browser should propose you to open it with "Verify Signature".
	Choose this action to start the cryptographic verification:</p>

	<p><img src="download/verify_signature.png" alt="What should Iceweasel
	do with this file? Open with: Verify Signature (default)"/></p>

	<p>Browse your files to select the Tails ISO image you want to verify.
	Then, the verification will start. It can take several minutes:</p>

	<p><img src="download/verifying.png" alt="Verifying"/></p>

	<p><strong>If the ISO image is correct</strong> you will get a
	notification telling you that the signature is good:</p>

	<p><img src="download/good_signature.png" alt="Goog Signature"]]/></p>

	<p><strong>If the ISO image is not correct</strong> you will get a
	notification telling you that the signature is bad:</p>

	<p><img src="download/bad_signature.png" alt="Bad Signature: Bad of
	forged signature."]]/></p>
	"""]]

	[[!toggleable id="verify_the_iso_image_using_the_command_line" text="""
	<h2>Using Linux with the command line</h2>

	<p>You need to have GnuPG</code> installed. GnuPG is the common OpenPGP
	implementation for Linux: it is installed by default under Debian,
	Ubuntu, Tails and many other distributions.</p>

	<p>First, download [[!tails_website tails-signing.key desc="Tails
	signing key"]].</p>

	<p>Open a terminal and import Tails signing key with the following
	commands:</p>

<pre>
cd [the directory in which you downloaded the key]
cat tails-signing.key | gpg --import
</pre>

	<p>The output should tell you that the key was imported:</p>

<pre>
gpg: key F93E735F: public key "Amnesia <amnesia@boum.org>" imported
gpg: key BE2CD9C1: public key "T(A)ILS developers (signing key) <amnesia@boum.org>" imported
gpg: Total number processed: 2
gpg:               imported: 2  (RSA: 2)
</pre>

	<p>If you had already imported Tails signing key in the past, the output
	should tell you that the key was not changed:</p>

<pre>
gpg: key F93E735F: "Amnesia <amnesia@boum.org>" not changed
gpg: key BE2CD9C1: "T(A)ILS developers (signing key) <amnesia@boum.org>" not changed
gpg: Total number processed: 2
gpg:              unchanged: 2
</pre>

	<p>Now, download the cryptographic signature corresponding to the ISO
	image you want to verify and save it in the same folder as the ISO
	image:</p>

	<ul>
	  <li><a href=[[!inline pages="inc/stable_i386_sig_url" raw="yes"]]>
	  [[!inline pages="inc/stable_i386_sig_filename" raw="yes"]]</a></li>
	</ul>

	<p>Then start the cryptographic verification, it can take several
	minutes:</p>

<pre>
cd [the ISO image directory]
gpg --verify tails-i386-0.7.1.iso.pgp tails-i386-0.7.1.iso
</pre>

	<p><strong>If the ISO image is correct</strong> the output will tell you
	that the signature is good:</p>

<pre>
gpg: Signature made Sat 30 Apr 2011 10:53:23 AM CEST
gpg:                using RSA key 1202821CBE2CD9C1
gpg: Good signature from "T(A)ILS developers (signing key) <amnesia@boum.org>"
</pre>

	<p><strong>If the ISO image is not correct</strong> the output will tell
	you that the signature is bad:</p>

<pre>
gpg: Signature made Sat 30 Apr 2011 10:53:23 AM CEST
gpg:                using RSA key 1202821CBE2CD9C1
gpg: BAD signature from "T(A)ILS developers (signing key) <amnesia@boum.org>"
</pre>
	"""]]

	[[!toggleable id="verify_the_iso_image_using_other_operating_systems" text="""
	<h2>Using other operating systems</h2>

	<h3>Using Firefox</h3>

	<p>This technique is not using the cryptographic signature as the others
	do. We propose it because it's especially easy for Windows users.</p>

	<p>Install the CheckIt extension for Firefox available <a
	href="https://addons.mozilla.org/en-US/firefox/addon/checkit/">here</a>
	and restart Firefox.</p>

	<p>Here is the checksum (a kind of digital fingerprint) of the ISO
	image. Select it with your cursor:</p>

	<pre>[[!inline pages="inc/stable_i386_hash" raw="yes"]]</pre>

	<p>Right-click on it and choose "Selected hash (SHA256)" from the
	contextual menu:</p>

	<p><img src="download/selected_hash.png"/></p>

	<p>From the dialog box that shows up, open the ISO image. Then wait for
	the checksum to compute. This will take several seconds during which
	your browser will be unresponsive.</p>

	<p><strong>If the ISO image is correct</strong> you will get a
	notification saying that the checksums match:</p>

	<p><img src="download/checksums_match.png"/></p>

	<p><strong>If the ISO image is not correct</strong> you will get a
	notification telling you that the checksums do not match:</p>

	<p><img src="download/checksums_do_not_match.png"/></p>

	<h3>Using the cryptographic signature</h3>

	<p>GnuPG, a common free software implementation of OpenPGP has versions
	and graphical frontends for both Windows and Mac OS X. This also make it
	possible to check the cryptographic signature with those operating
	systems:</p>

	<ul>
	  <li>[[Gpg4win|http://www.gpg4win.org/]], for Windows</li>
	  <li>[[GPGTools|http://www.gpgtools.org/]], for Mac OS X</li>
	</ul>

	<p>You will find on either of those websites detailed documentation on
	how to install and use them.</p>

	<h3>For Windows using Gpg4win</h3>

	<p>After installing Gpg4win, download [[!tails_website tails-signing.key
	desc="Tails signing key"]].</p>

	<p>[[Consult the Gpg4win documentation to import
	it|http://www.gpg4win.org/doc/en/gpg4win-compendium_15.html]]</p>

	<p>Then, download the cryptographic signature corresponding to the ISO
	image you want to verify:</p>

	<ul>
	  <li><a href=[[!inline pages="inc/stable_i386_sig_url" raw="yes"]]>
	  [[!inline pages="inc/stable_i386_sig_filename" raw="yes"]]</a></li>
	</ul>

	<p>[[Consult the Gpg4win documentation to check the
	signature|http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html#id4]]</p>

	<h3>For Mac OS X using GPGTools</h3>

	<p>After installing GPGTools, you should be able to follow the
	instruction <a href="#verify-the-iso-with-terminal">using Linux with the
	command line</a>. To open the command line, navigate to your
	Applications folder, open Utilities, and double click on Terminal.</p>
	"""]]

	<h2><a name="authenticity-check"></a>So how can I check better the ISO
	image authenticity?</h2>

	<p>But the Tails signing key that you downloaded from this website could
	be a fake one if you were victim of a [[man-in-the-middle
	attack|doc/warning#index3h1]].

	<p>Finding a way of trusting better Tails signing key would allow you to
	authenticate better the ISO image you downloaded. The following section
	will give you hints on how to increase the trust you can put in the
	Tails signing key you downloaded.</p>

	<p>We will present you three techniques from the easiest to the safest.
	Again, none of them is a perfect and magic solution. Feel free to
	explore them according to your possibilities and technical skills.</p>

	<p>Note that since all Tails releases are signed with the same key, you
	will not have to verify the key every time and the trust you might
	progressively build in it will be built once and for all. Still, you
	will have to check the ISO image every time you download a new one!</p>

	<h3>Correlates several download of Tails signing key</h3>

	<p>A simple technique to increase the trust you can put in Tails signing
	key would be to download it several times, from several locations,
	several computers, possibly several countries, etc.</p>

	<p>For example you could save them every time with a different name in
	the same directory on a USB stick. Then run the following command from
	a terminal to check whether all the keys are identical:</p>

<pre>
cd [your download directory]
sha256sum tails-signing*.key
</pre>

	<p>This command would output something like this:</p>

<pre>
f11c8e27f86e173bc14be342d7d97042d5e4ee6fa0ddfd55b2ec3fabe4e55e43  tails-signing-desktop.key
f11c8e27f86e173bc14be342d7d97042d5e4ee6fa0ddfd55b2ec3fabe4e55e43  tails-signing-laptop.key
f11c8e27f86e173bc14be342d7d97042d5e4ee6fa0ddfd55b2ec3fabe4e55e43  tails-signing-library.key
f11c8e27f86e173bc14be342d7d97042d5e4ee6fa0ddfd55b2ec3fabe4e55e43  tails-signing-seattle.key
</pre>

	<p>You would then need to visually check that all the checksums of the
	first column are the same, meaning that the keys are identical.</p>

	<p>You could also use this technique to compare keys downloaded by your
	friends or other people you trust.</p>

	<h3>Using the OpenPGP Web of Trust</h3>

	<p>If you want to be extra cautious and really authenticate Tails
	signing key in a stronger way than what standard HTTPS offers you, you
	will need to use the OpenPGP Web of Trust.</p>

	<p>One of the inherent problems of standard HTTPS is that the trust we
	usually put on a website is defined by certificate authorities: a
	hierarchical and closed set of companies and governmental institutions
	approved by web browser vendors. This model of trust has long been
	criticized and proved several times to be vulnerable to attacks [[as
	explained on our warning page|doc/warning#index3h1]].</p>

	<p>We believe instead that users should be given the final say when
	trusting a website, and that designation of trust should be done on the
	basis of human interaction.</p>

	<p>The OpenPGP [[!wikipedia Web_of_Trust desc="Web of Trust"]] is a
	decentralized trust model based on OpenPGP keys. Let's see that with an
	example.</p>

	<p><em>You're a friend of Alice and really trust her way of managing
	OpenPGP keys. You're trusting Alice's key.</em></p>

	<p><em>Furthermore, Alice met Bob, a Tails developer, in a conference,
	and signed Bob's key. Alice is trusting Bob's key.</em></p>

	<p><em>Bob is a Tails developer who directly owns the Tails signing key.
	Bob fully trusts Tails signing key.</em></p>

	<p>This scenario creates a trust path from you to Tails signing key
	that could allow you to trust it without having to depend on
	certificate authorities.</p>

	<p>This trust model is not perfect either and requires both caution and
	intelligent supervision by users. The technical details of creating,
	managing and trusting OpenPGP keys is outside of the scope of this
	document.</p>

	<p>We also acknowledge that not everybody might be able to create good
	trust path to Tails signing key since it based on a network of direct
	human relationships and the knowledge of quite complex tools such as
	OpenPGP.</p>

	<h3>Check Tails signing key against the Debian keyring</h3>

	<p>Following the previous scenario, when Alice met Bob, a Tails
	developer, she could make a new signature on Tails signing key with her
	own key to certify this trust relationship and make it public. Tails
	signing key would now come along with a signature made by Alice.</p>

	<p>Tails signing key is actually already signed by the keys of several
	official developers of Debian, the operating system on which Tails is
	based. Debian makes an extensive use of OpenPGP and you can download the
	keys of all Debian developers by installing the
	<code>debian-keyring</code> package. You can then verify the signatures
	those developers made with their own key on Tails signing key.</p>

	<p>To download the Debian keyring you can do:</p>

	<pre>sudo apt-get install debian-keyring</pre>

	<p>To get a list of the signatures made by other people on Tails signing
	key you can do:</p>

	<pre>gpg --keyid-format long --list-sigs 1202821CBE2CD9C1</pre>

	<p>You will get something like this:</p>

<pre>
pub   4096R/1202821CBE2CD9C1 2010-10-07 [expires: 2012-10-06]
uid                          T(A)ILS developers (signing key) <amnesia@boum.org>
sig 3        1202821CBE2CD9C1 2010-10-07  T(A)ILS developers (signing key) <amnesia@boum.org>
sig          BACE15D2A57498FF 2010-10-07  [User ID not found]
sig          8CBF9A322861A790 2010-12-24  [User ID not found]
sig          7EF27D76B2177E1F 2010-12-27  [User ID not found]
sig          CCD2ED94D21739E9 2010-12-29  [User ID not found]
</pre>

	<p>The lines ending with '[User ID not found]' are signatures made by
	keys you still don't have in your keyring. You could try to search for
	them in the Debian keyring by their key ID: the 16 digit code between
	the 'sig' tag and the date. You could for example do:</p>

	<pre>gpg --keyid-format long --keyring=/usr/share/keyrings/debian-keyring.gpg --list-key CCD2ED94D21739E9</pre>

	<p>If this signature corresponds to a key in the Debian keyring you
	will get something like this:</p>

<pre>
pub   4096R/CCD2ED94D21739E9 2007-06-02 [expires: 2012-05-31]
uid                          Daniel Kahn Gillmor <dkg@fifthhorseman.net>
uid                          Daniel Kahn Gillmor <dkg@openflows.com>
uid                          [jpeg image of size 3515]
uid                          Daniel Kahn Gillmor <dkg@debian.org>
sub   4096R/C61BD3EC21484CFF 2007-06-02 [expires: 2012-05-31]
sub   2048R/125868EA4BFA08E4 2008-06-19 [expires: 2011-05-31]
</pre>

	<p>You can then import it in your own keyring by doing:</p>

	<pre>gpg --keyring=/usr/share/keyrings/debian-keyring.gpg --export CCD2ED94D21739E9 | gpg --import</pre>

	<p>Now you can try to verify the signature made by this new key on Tails
	signing key by doing:</p>

	<pre>gpg --keyid-format long --check-sigs 1202821CBE2CD9C1</pre>

	<p>On the output, The status of the verification is indicated by a flag
	directly following the "sig" tag. A "!" indicates that the signature has
	been successfully verified, a  "-" denotes a bad signature and a "%" is
	used if an error occurred while checking the signature (e.g. a non
	supported algorithm). For example, in the following output the signature
	of Daniel Kahn Gillmor on Tails signing key has been successfully
	verified:</p>

<pre>
pub   4096R/1202821CBE2CD9C1 2010-10-07 [expires: 2012-10-06]
uid                          T(A)ILS developers (signing key) <amnesia@boum.org>
sig!3        1202821CBE2CD9C1 2010-10-07  T(A)ILS developers (signing key) <amnesia@boum.org>
sig!         CCD2ED94D21739E9 2010-12-29  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

3 signatures not checked due to missing keys
</pre>

	<h3>Get into the Web of Trust!</h3>

	<p>Since the Web of Trust is actually based on human relationships and
	real-life interactions the best would be to start establishing contacts
	with people knowledgeable about OpenPGP, start using it yourself and
	build trust relationships in order to find your own trust path to Tails
	signing key.</p>

	<p>You could start by contacting a local [[!wikipedia Linux_User_Group
	desc="%s"]] or other Tails enthusiasts near you and exchange about
	their OpenPGP practices.</p>

	<h3>Further reading on OpenPGP</h3>

	<ul>
	  <li>[[!wikipedia GnuPG desc="Wikipedia: %s"]], a free OpenPGP
	  software</li>
	  <li><a href="http://www.apache.org/dev/openpgp.html">Apache: How To
	  OpenPGP</a></li>
	  <li><a href="http://www.debian.org/events/keysigning">Debian:
	  Keysigning</a>, a tutorial on sign keys of other people</li>
	  <li><a href="http://www.rubin.ch/pgp/weboftrust.en.html">rubin.ch:
	  Explanation of the web of trust of PGP</a></li>
	</ul>

	<h2>FIXME: What to do if the image is bad?</h2>

</div> <!-- #verify -->

<div id="support">

	<h1>4. Burn a CD or install onto a USB stick</h1>

	<p>Every ISO image we ship can be either burn on a CD or installed onto a USB stick.</p>

	<h2>Burning a CD</h2>
	<ul>
	  <li>CDs are read-only so your Tails can't be altered by a virus or an
	  attacker.</li>
	  <li>CDs are cheap but you will need to burn a new CD each time you
	  will update your Tails version (hint: CD-RW).</li>
	</ul>

	<p>For detailed instructions on how to burn an ISO image under Linux,
	Windows or Mac OS X you can consult <a
	href="https://help.ubuntu.com/community/BurningIsoHowto">the
	corresponding Ubuntu documentation</a>: just replace the Ubuntu ISO
	image by the Tails ISO image you downloaded and ignore the part on
	verifying the data integrity since you've already done that.</p>

	<h2>Installing onto a USB stick</h2>

	<p><strong>The content of the USB stick will be lost in the
	operation.</strong></p>

	<ul>
	  <li>An attacker with physical access to your USB stick or through a
	  virus could alter your Tails.</li>
	  <li>USB sticks can be reused across Tails versions.</li>
	  <li>USB sticks are smaller to fit in your pocket.</li>
	  <li>Older computers might not be able to start from a USB stick.</li>
	  <li>This technique also works for [[!wikipedia SD_card desc="SD
	  cards"]]. Some SD cards have a read-only switch that can prevent your
	  Tails from being altered.</li>
	</ul>

	<ul>
	  <li>[[Instructions for Linux|doc/installing_onto_a_usb_stick/linux]]</li>
	  <li>[[Instructions for Windows|doc/installing_onto_a_usb_stick/windows]]</li>
	</ul>

	<p><strong>FIXME:</strong> mention Intel-based Mac users
	sometimes need to upgrade their firmware to get the keyboard
	working in the syslinux boot menu.</p>

</div> <!-- #support -->

<div id="stay_tuned">

	<h1>5. Stay tuned</h1>

	<p>
	<strong>It's very important to keep your Tails version up-to-date, otherwise
	your system will be vulnerable to numerous security holes.</strong> The
	development team is doing its best to release new versions fixing known
	security holes on a regular basis.
	</p>

	<p>New versions are announced on:</p>

	<ul>
	<li>our <a href='https://boum.org/mailman/listinfo/amnesia-news'>news
	mailing-list</a></li>
	<li>our <a href='torrents/rss/index.rss'>RSS</a> and <a
	href='/torrents/rss/index.atom'>Atom</a> feeds that announces new
	available BitTorrent files.</li>
	</ul>

	<p>Refer to our [[security announcements|/security]] feed for more
	detailed information about the security holes affecting Tails.
	Furthermore you will be automatically notified of the security holes
	affecting the version you are using at the startup of a new Tails
	session.</p>

	<p>Since Tails is based on Debian, it takes advantages of the all of the
	work done by the Debian security team. As quoted from <a
	href="http://security.debian.org/">(http://security.debian.org/)</a>:</p>

	<blockquote>Debian takes security very seriously. We handle all
	security problems brought to our attention and ensure that they are
	corrected within a reasonable timeframe. Many advisories are coordinated
	with other free software vendors and are published the same day a
	vulnerability is made public and we also have a Security Audit team that
	reviews the archive looking for new or unfixed security bugs.
	</blockquote>

	<blockquote>Experience has shown that "security through obscurity" does
	not work. Public disclosure allows for more rapid and better solutions
	to security problems. In that vein, this page addresses Debian's status
	with respect to various known security holes, which could potentially
	affect Debian.</blockquote>

</div> <!-- #stay_tuned-->

<div id="boot">

	<h1>6. Starting Tails!</h1>

	<p>Now that you have a Tails CD or USB stick you can shutdown your
	computer and start using Tails without altering your existing operating
	system.</p>

	<p><strong>If you're using a CD:</strong> Put the Tails CD into the
	CD/DVD-drive and restart the computer. You should see a welcome screen
	prompting you to choose your language.</p>

	<p>If you don't get this menu, you can consult the Ubuntu documentation
	about <a href="https://help.ubuntu.com/community/BootFromCD">booting
	from the CD</a> for more information, especially the part on the <a
	href="https://help.ubuntu.com/community/BootFromCD#BIOS%20is%20not%20set%20to%20boot%20from%20CD%20or%20DVD%20drive">
	BIOS settings</a>.</p>

	<p><strong>If you're using a USB stick:</strong> Shutdown the computer,
	plug in your USB stick and start the computer. You should see a welcome
	screen prompting you to choose your language.</p>

	<p>If your computer does not automatically do so, you might need to edit
	the BIOS settings. Restart your computer, and watch for a message
	telling you which key to press to enter the BIOS setup. It will usually
	be one of F1, F2, DEL, ESC or F10. Press this key while your computer is
	booting to edit your BIOS settings. You need to edit the Boot Order.
	Depending on your computer you should see an entry for 'removable drive'
	or 'USB media'. Move this to the top of the list to force the computer
	to attempt to boot from USB before booting from the hard disk. Save your
	changes and continue.</p>

	<p>For more detailed instruction on how to boot from USB you can read <a
	href="http://pcsupport.about.com/od/tipstricks/ht/bootusbflash.htm">About.com:
	How To Boot your Computer from a Bootable USB Device</a></p>

	<p>If you have problems accessing the BIOS, try to read <a
	href="http://www.pendrivelinux.com/how-to-access-bios/">pendrivelinux.com:
	How to Access BIOS</a></p>

</div><!-- #boot" -->
</div> <!-- #download -->