Safe Updates and PGP Program Authentication - How to be Anonymous Online: Step-by-Step Anonymity with Tor, Tails, Bitcoin and Writeprints (2016)

How to be Anonymous Online: Step-by-Step Anonymity with Tor, Tails, Bitcoin and Writeprints (2016)

Section: Safe Updates and PGP Program Authentication

In this section, you will upgrade to the latest version of Tails. Unlike just about everyone else, you will not leave yourself vulnerable to a security breach during the upgrade. I cannot stress how important it is to upgrade Tails properly. Once upgraded, you can go stand outside Labor Camp 16's fence and wave to all those people that said, "just download and install Tails." Since they did not follow these steps, they installed Kim Jong-Un's decoy program, Twails.

You are going to use PGP encryption to authenticate this upgrade. In the next section, I will fully explain PGP, but, for now, just follow these steps to get through the upgrade. This way, once you get to the next section and start making encryption keys, you will know you are working within an authentic system.

Downloading and Authenticating Tails

1. Boot from your Tails Flash Drive or MicroSD card and log in with Persistence enabled

2. Once in Tails, go online and visit the website

The Tails website offers plenty of information about authentication, but, it ain't easy. I am going to make the process more “keep it simple stupid” like.

3. You need to download three files from this page. Scroll down to the ‘Direct download’ sub-section. The download links will be green rectangular boxes

· First, download “Tails x.xx ISO image” (Click the “Tails x.xx ISO image” box, and then click Save File and OK. Then choose Persistent from the “Save in folder” drop-down menu and Save.

· Second, download “Tails x.xx signature” to your Persistent folder

· Third, scroll down a bit more and download the “Tails signing key” to your Persistent folder

At this point, you should be downloading the files “tails-i386-x.xx.iso”, “tails-signing.key”, and either “tails-i386-x.xx.iso.sig” OR “tails.i386-x.xx.iso.pgp

You need to wait for all three files to download before continuing to step 4. It can take a few hours, sorry.

4. Verify if “tails-signing.key” is authentic. This step is a little erratic yet VERY IMPORTANT!

· In your Persistent folder, right-click tails-signing.key and choose Open With > gedit

· You should now see the text of the Tails PGP Public Key

· To verify that this is the real key, not a decoy, you have to check it against other sources. Think of it as trying to figure out if someone is lying to you. If one person says he did not do it, but 20 witnesses say he did do it, he probably did it. To corroborate a signing key, you have to find other sources that agree it is authentic

· Organizations change keys sometimes. However, as of February 6, 2016, the Tails key I have starts out with mQINBEytkvQBEAC3G9iFTj… and so on. I believe this is the authentic key. If this matches your key, then I believe you also have the authentic key (I will show you better ways to authenticate a key in the next section)

· Once the key text checks out, you can close it

F.Y.I., in Windows, you can open a .key, .sig or .pgp file in Notepad.

5. Now you will authenticate Tails

· Open the Terminal program (from the top toolbar, select Applications > Accessories > Terminal)

· In the Terminal, type “gpg --import ” (there is a space after ‘gpg’ and ‘--import’), and then click and drag the ‘tails-signing.key’ file into the Terminal window. All-in-all, you should have something like “gpg --import ‘/xxx/xxx/tails-signing.key/’”

· Hit Enter

· You should see a response that starts out something like ‘gpg: key 58ACD8AF...’ and so on.

· Next, in the Terminal, type “gpg --verify ” (there is a space after ‘gpg’ and ‘--verify’), and then click and drag the ‘tails-i386-xxx.iso.sig’ file into the Terminal window. All-in-all, you should have something like “gpg --import ‘/xxx/xxx/ tails-i386-xxx.iso.sig/’”

· Hit Enter

· The second line of the rather long response should state ‘gpg: Good Signature’

· You have authenticated the tails-i386-xxx.iso file

It is common for PGP files to end in “.asc” instead of “.sig”, “.key”, or “.pgp”. For any of these files, simply open them in gedit and the top line of the file's text will tell you if it is a Key, Signature, etc. That should save you a few headaches.

Updating Tails

6. Now that you have authenticated your tails-i383-x.xx.iso file, you can burn it to a DVD-R

· Insert a Blank DVD-R into your system.

· Right-click “tails-i386-x.xx.iso” and select “Open with Brasero”.

· Your Tails ".iso" file is preselected. Choose your blank DVD-R from the "Select disc to write to” drop-down menu. Click Burn.

· Get some cheese, crackers and a glass of wine.

· Success! You have an up-to-date Tails DVD. Next, you will update your personal Tails Flash Drive or MicroSD card.

7. Restart your system, this time booting from your new, up-to-date Tails DVD. Just go all the way into Tails; you do not need to create an Administrator password at login.

8. Insert the same Tails Flash Drive or MicroSD card you have been using all along (Don’t worry; you are only updating it, not erasing it).

9. From the top toolbar, select Applications > Tails > Tails installer.

10. Select Upgrade by cloning

11. Choose your target device (it is probably preselected), click Install Tails, and then Yes

12. Once completed, you can boot from your up-to-date Tails Flash Drive or MicroSD card with your Persistent volume intact.

The following are a few differences in Tails 2.0 from the Tails .16 version you installed from the Toolbox...

When starting Tails, if you choose Yes for More Options at the Welcome to Tails screen, you are given the option to uncheck Spoof all MAC addresses and to use a Bridge to connect to Tor. Under almost all circumstances, you can leave these settings unchanged.

MAC address spoofing is a way of anonymizing your machine's identity within your local network. Spoofing can be a problem if your local network has restrictions that only allow connections from 'approved' machines. That could be the case within some office networks. Do not worry if you do not spoof your MAC address, it is not visible online like an IP address. It will only show a network administrator that your machine connected to the internet on a particular network at a particular time. It does not reveal your online activities.

A Bridge is an unlisted access point to the Tor network. Using a Bridge is necessary when a local network (like your office, coffee shop or internet service provider) blocks access to Tor by blacklisting known Tor servers. I talk more about Bridges in a few posts on my blog. You can read them at

To connect to Wi-Fi

1. Click the little upside-down triangle on the far right side of the top toolbar

2. Click ‘Wi-Fi’

3. Select your network

The Tor Web Browser will not automatically open upon connecting to the internet. So…

1. Connect to an Ethernet cable or Wi-Fi network

2. Wait for a little Onion Icon to appear on the right half of the top toolbar. It will be yellow while it connects to the Tor network. Wait for it to turn Green

3. Once the onion turns green, open your browser from Applications > Internet > Tor Browser

To disable JavaScript, in the Tor Browser:

1. Click the Green Onion to the left of the address bar

2. Click Privacy and Security Settings…

3. Select High

4. Click OK and you are finished

This also disables automatic loading of online custom fonts (an extra preventative measure to stop a website from determining fonts installed on your system)

Disabling Cookies: You no longer have the option of disabling all cookies. However, by default, Third-Party cookies are Disabled. These are the dangerous ones that track you from one site to another. First-Party cookies are Enabled, but, automatically deleted when no longer needed. These cookies only track you within the site that gave you the cookies. They are used, for example, to keep you logged into a website that requires a password.

A few optional steps:

To disable automatic loading of online images (helpful for faster browsing):

1. In the Tor browser URL address bar, type 'about:config' and hit Enter

2. Click the I'll be careful, I promise! button

3. Scroll down or use the search bar to find permissions.default.image

4. Right-click permissions.default.image and select Modify

5. Change the integer value to “2

6. Click OK and you are finished