Tails is a favorite companion tool of Tor. — Roger Dingledine, co-founder of the Tor Project One of the most robust ways of using the Tor network is through a dedicated operating system that enforces strong privacy- and security-protective defaults. That operating system is Tails. — Electronic Frontier Foundation. Jul 23, 2019.
While you are downloading, we recommend you read therelease notes for Tails4.11.They document all the changes in this new version: new features, problems thatwere solved, and known issues that have already been identified.
Direct download
1.1Download Tails
If the download fails, try to download from another mirror.download from another mirror.
1.2Verify your download using your browser
For your security,
always verify your download!
With an unverified download, you might:
- Lose time if your download is incomplete or broken due to an error during the download. This is quite frequent.
- Get hacked while using Tails if our download mirrors have been compromised and are serving malicious downloads.
This already happened to other operating systems. - Get hacked while using Tails if your download is modified on the fly by an attacker on the network.
This is possible for strong adversaries.
Our browser extension makes it quick and easy.
Install Tails Verification extensionInstall Tails Verification extensionYou seem to have JavaScript disabled. To use our browser extension, please allow all this page:
Your extension is an older version.
Update extensionUpdate extensionTails Verification extension installed!
Verifying $FILENAME…
Verification successful!
Verification failed!
XMost likely, the verification failed because of an error or interruption during the download.
The verification also fails if you try to verify a different download than the latest version (4.11).
Less likely, the verification might have failed because of a malicious download from our download mirrors or due to a network attack in your country or local network.
Downloading again is usually enough to fix this problem.
Verification failed again!
XThe verification might have failed again because of:
- A software problem in our verification extension
- A malicious download from our download mirrors
- A network attack in your country or local network
Trying from a different place or a different computer might solve any of these issues.
Please try to download again from a different place or a different computer…
1.3Continue installingupgradinginstalling or upgrading
Upgrade your Tails USB stick and keep your Persistent Storage:
Install a new USB stick:
You are using $DETECTED-BROWSER.
Direct download is only available for:
- Firefox $MINVER-FIREFOX and later (Download)
- Chrome$MINVER-CHROME and later (Download)
- Tor Browser $MINVER-TOR-BROWSER and later (Download)
For your security,
always verify your download!
With an unverified download, you might:
- Lose time if your download is incomplete or broken due to an error during the download. This is quite frequent.
- Get hacked while using Tails if our download mirrors have been compromised and are serving malicious downloads.
This already happened to other operating systems. - Get hacked while using Tails if your download is modified on the fly by an attacker on the network.
This is possible for strong adversaries.
Our browser extension for Firefox, Chrome, and Tor Browser makes this quick and easy.
Copy and paste this link in Firefox, Chrome, or Tor Browser:
https://tails.boum.org/install/win/usb-download/
https://tails.boum.org/install/linux/usb-download/
https://tails.boum.org/install/mac/usb-download/
https://tails.boum.org/upgrade/tails-download/
https://tails.boum.org/upgrade/win-download/
https://tails.boum.org/upgrade/mac-download/
https://tails.boum.org/upgrade/linux-download/
https://tails.boum.org/install/dvd-download/
https://tails.boum.org/install/vm-download/
https://tails.boum.org/install/download/
https://tails.boum.org/install/download-iso/
BitTorrent download
XBitTorrent is a peer-to-peer technology for file sharing that makes your download faster and easier to resume.
You need to install BitTorrent software on your computer, like Transmission (for Windows, macOS, and Linux).
BitTorrent doesn't work over Tor or in Tails.
1.1Download Tails (Torrent file)
1.2Verify your download using BitTorrent
Mac Os 8.6 Download
Your BitTorrent client will automatically verify your download when it is complete.
1.3Continue installingupgradinginstalling or upgrading
Open and download the Torrent file with your BitTorrent client. It contains the Tails 4.11 USBISOimage that you will use in the next step.image.
Upgrade your Tails USB stick and keep your Persistent Storage:
Install a new USB stick:
Mac Os Versions
Verify using OpenPGP (optional)
If you know OpenPGP, you can also verify your download using anOpenPGP signature instead of, or in addition to, our browser extension orBitTorrent.
Download theOpenPGP signature for the Tails 4.11 USB imageOpenPGP signature for the Tails 4.11 ISO imageand save it to the same folder whereyou saved the image.
Basic OpenPGP verification
See instructions for basic OpenPGP verification.This section provides simplified instructions:
In Windows with Gpg4win
Download the OpenPGP signature for the Tails 4.11 USB imageOpenPGP signature for the Tails 4.11 ISO image and save it to the same folder where you saved the image.
Download the Tails signing key and import it into Gpg4win.
See the Gpg4win documentation on importing keys.
Verify the signature of the image that you downloaded.
See the Gpg4win documentation on verifying signatures.
Verify that the date of the signature is at most five days earlier than the latest version: 2020-09-22.
If the following warning appears:
Then the image is still correct according to the signing key that you downloaded. To remove this warning you need to authenticate the signing key through the OpenPGP Web of Trust.
In macOS using GPGTools
Download the OpenPGP signature for the Tails 4.11 USB imageOpenPGP signature for the Tails 4.11 ISO image and save it to the same folder where you saved the image.
Download the Tails signing key and import it into GPGTools.
See the GPGTools documentation on importing keys.
Open Finder and navigate to the folder where you saved the image and the signature.
Control-click on the image and choose Services ▸ OpenPGP: Verify Signature of File.
In Tails
Tails comes with the Tails signing key already imported.
Download the OpenPGP signature for the Tails 4.11 USB imageOpenPGP signature for the Tails 4.11 ISO image and save it to the same folder where you saved the image.
Open the file browser and navigate to the folder where you saved the image and the signature.
Right-click (on Mac, click with two fingers) on the signature and choose Open With Verify Signature.
The verification of the image starts automatically:
After the verification finishes, you should see a notification that the signature is good:
Verify that the date of the signature is at most five days earlier than the latest version: 2020-09-22.
If instead, you see a notification that the signature is valid but untrusted:
Then the image is still correct according to the signing key that you downloaded. To remove this warning you need to authenticate the signing key through the OpenPGP Web of Trust.
Using the command line
Download the OpenPGP signature for the Tails 4.11 USB imageOpenPGP signature for the Tails 4.11 ISO image and save it to the same folder where you saved the image.
Download the Tails signing key and import it into GnuPGP.
To import the Tails signing key into GnuPGP, open a terminal and navigate to the folder where you saved the Tails signing key.
Execute:
gpg --import tails-signing.key
In a terminal, navigate to the folder where you saved the image and the signature.
Execute:
TZ=UTC gpg --no-options --keyid-format long --verify tails-amd64-4.11.img.sig tails-amd64-4.11.img
TZ=UTC gpg --no-options --keyid-format long --verify tails-amd64-4.11.iso.sig tails-amd64-4.11.iso
The output of this command should be the following:
gpg: Signature made 2020-09-21T10:45:56 UTC
gpg: using RSA key 05469FB85EAD6589B43D41D3D21DAD38AF281C0B
gpg: Good signature from 'Tails developers (offline long-term identity key) <tails@boum.org>' [full]
gpg: aka 'Tails developers <tails@boum.org>' [full]gpg: Signature made 2020-09-21T10:45:38 UTC
gpg: using RSA key 05469FB85EAD6589B43D41D3D21DAD38AF281C0B
gpg: Good signature from 'Tails developers (offline long-term identity key) <tails@boum.org>' [full]
gpg: aka 'Tails developers <tails@boum.org>' [full]Verify that the date of the signature is at most five days earlier than the latest version: 2020-09-22.
If the output also includes:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.Then the image is still correct according to the signing key that you downloaded. To remove this warning you need to authenticate the signing key through the OpenPGP Web of Trust.
Authenticate the signing key through the OpenPGP Web of Trust
Authenticating our signing key through the OpenPGP Web of Trust isthe only way that you can be protected in case our website iscompromised or if you are a victim of a man-in-the-middle attack.However, it is complicated to do and it might not bepossible for everyone because it relies on trust relationships betweenindividuals.
Read more about authenticating the Tails signing key through the OpenPGP Web of Trust.The verification techniques that we present (browser extension,BitTorrent, or OpenPGP verification) all rely on someinformation being securely downloaded using HTTPS from our website:
- The checksum for the Firefox extension
- The Torrent file for BitTorrent
- The Tails signing key for OpenPGP verification
It is possible that you could download malicious information if ourwebsite is compromised or if you are a victim of a man-in-the-middleattack.
OpenPGP verification is the only technique that protects you ifour website is compromised or if you are a victim of a man-in-the-middleattack. But, for that you need to authenticate the Tails signing keythrough the OpenPGP Web of Trust.
If you are verifying an image from inside Tails, forexample, to do a manual upgrade, then you already have the Tails signing key.You can trust this signing key as much as you already trust yourTails installation since this signing key is included in your Tailsinstallation.
One of the inherent problems of standard HTTPS is that the trust putin a website is defined by certificate authorities: a hierarchical and closedset of companies and governmental institutions approved by your web browser vendor.This model of trust has long been criticized and proved several times to bevulnerable to attacks as explained on our warning page.
We believe that, instead, users should be given the final say when trusting awebsite, and that designation of trust should be done on the basis of humaninteractions.
The OpenPGP Web of Trust is adecentralized trust model based on OpenPGP keys that can help with solvingthis problem. Let's see this with an example:
- You are friends with Alice and you really trust her way of making sure that OpenPGP keys actually belong to their owners.
- Alice met Bob, a Tails developer, in a conference and certified Bob's key as actually belonging to Bob.
- Bob is a Tails developer who directly owns the Tails signing key. So, Bob has certified the Tails signing key as actually belonging to Tails.
In this scenario, you found, through Alice and Bob, a path to trust the Tails signing keywithout the need to rely on certificate authorities.
If you are on Debian, Ubuntu, or Linux Mint, you can install thedebian-keyring
package which contains the OpenPGP keys ofall Debian developers. Some Debian developers have certified the Tailssigning key and you can use these certifications to build a trust path.This technique is explained in detail in our instructions oninstalling Tails from Debian, Ubuntu, or Linux Mint using the commandline.
Relying on the Web of Trust requires both caution and intelligent supervisionby the users. The technical details are outside of the scope of this document.
Since the Web of Trust is based on actual human relationships andreal-life interactions, it is best to get in touch with peopleknowledgeable about OpenPGP and build trust relationships in order tofind your own trust path to the Tails signing key.
For example, you can start by contacting a local Linux User Group,an organization offering Tails training, or other Tailsenthusiasts near you and exchange about their OpenPGP practices.
Latest Mac Os
After you build a trust path, you can certify the Tails signing key bysigning it with your own key to get rid of some warnings during theverification process.