Installing Tails: Safe OS with Tor as the base

Installing Tails: Safe OS with Tor as the base

Tails is intended as a live operating system where everything is focused on anonymity and the protection of your online privacy. It will come as little surprise that the Tor project is behind this development. We explain how to install Tails.

Linux can be considered one of the more secure operating systems. It is therefore no coincidence that Tails is based on Debian GNU/Linux with a GNOME desktop environment. Tails stands for The Amnesic Incognito Live System and that name perfectly sums up what the project aims at: anonymity and privacy.

Tails is just one of the Tor project’s tools and services. You can find an overview on

Central is the Tor Browser, a modified version of Mozilla Firefox. Not only are all cookies deleted by default after each browser session, but Tails doesn’t leave any other traces on your PC either, as everything is stored in RAM, except what you keep in an encrypted persistent storage space.

Some extensions also ensure your privacy in other ways: HTTPS Everwhere enforces https-encrypted connections where possible, NoScript disables scripts and plug-ins, and uBlock removes ads. Also included in the Tails toolbox is a modified version of Thunderbird for sending encrypted emails, KeePassXC for storing your passwords, and OnionShare for securely sharing files via Tor.

Put Tails on USB stick

Although you can also install Tails as a virtual machine (see for the iso disk image file), here we show you how to put it on a live usb stick. You can do this from multiple operating systems, but we start from Windows. We use for this balenaEtcher (for macOS and Windows).

Start the tool and select Flash from file. Refer to Tails’ img disk image, which you can get from click on Select targetrefer to your (empty) USB stick and confirm with Flash. When you’re done, your Tails stick is ready.

Creating your live Tails stick only takes a few clicks in balenaEtcher.


Preferably only plug your stick into a switched off PC, this reduces the risk that an active and infected system can write something to the stick. In the welcome screen you set the language and the keyboard layout. Bee Additional Settings it’s time to pay attention. This contains some extra (security) settings that you can configure via the plus button.

That’s how you put it Administration Password only if you want to install additional software (see the section ‘Persistent storage’ below), access internal hard drives or run sudo commands (via Applications / System Tools / Root Terminal).

Unsafe Browser only engage yourself to be able to register with a network with a ‘captive portal’. MAC Address Anonymization leave it enabled unless you are experiencing connectivity issues with your network interface(s). Offline Mode is useful if you do not need an internet connection. Of Start Tails start up the desktop environment.

Before you actually start using Tails, you can configure some additional settings.

Tor connection

Normally a dialog box of Tor Connection in which you can choose between Connect to Tor automatically and Hide my local network that I’m connecting to Tor. This second option is mainly intended if you suspect that your network connections are being monitored, for example in a corporate environment. In the first case, Tails automatically connects to the Tor network via a public relay. If that doesn’t work, Tails uses a standard Tor bridge, something like a secret relay.

Only if this also fails, Tails will ask you for a custom bridge. You will get the question for a custom bridge anyway if you choose to hide your connection to Tor. on you can request bridges. In order to save it, you must enable persistent storage.

Confirm your choice with Connect to Tor. A little later you can start the Tor Browser or open other applications. click on Tor Check to verify that you are actually connected to the Tor network. If it doesn’t work right away, click on the network icon at the top right and check whether the correct wireless network interface, if any, has been set up.

Persistent Storage

As mentioned, Tails does not keep any data by default. If you find this useful, you can enable encrypted persistent storage. Click on the top left for this Applications / Tails / Configure Persistent Volume. Enter a strong password (2x) and confirm with Create. From the configuration wizard you then indicate what you want to keep in it, for example Personal Data, Welcome Screen (the language and regional settings), Tor Bridge, OpenPGP keys or Additional software. You can also reach this storage space via Applications / Accessories / Files / Persistent.

A little more about the option Additional software. So you can install additional applications within tails, such as applications or language packs. To do this, go to Applications / Tails and choose Additional software. Click (for example) on Synaptic Package Manager, enter your (previously entered) administrator password and after the package information has been retrieved, you can install the software from the Synaptic package manager. At the end of the installation, you can choose whether the software should be installed once or permanently in your persistent storage space.

More tips for monitoring your digital privacy? Then order this Security and Privacy Course Bundle.

Points of attention

Tails may have quite a few security functions and tools, but a system is never completely watertight. Certainly not when the user acts nonchalantly and, for example, uses a weak password, logs in to social media with information that is linked to his real identity or shares files with privacy-sensitive metadata. You should also make sure that you are installing Tails on a clean PC and that you are using Tails on a computer that has not had its BIOS or firmware compromised.

Also keep in mind that the sites visited may know that you are surfing through Tor, as the exit nodes from that network be public. It cannot be completely ruled out that your exit node is involved in an MITM attack. If the Tor Browser warns you about a potential security risk, immediately request a new identity (via Ctrl+Shift+U), so that you are also assigned a new exit node.


Recent Articles

Related Stories