Commit a01a4ec0 authored by Tails developers's avatar Tails developers

Create new categories for the doc

Remove the 'Use Tails' categories and create new ones:

- First steps with Tails
- Connect to the Internet anonymously
- Encryption & privacy
- Work on sensitive documents
- Advanced topics

Each one corresponds to a topic specific intro page, eg. first_steps.mdwn, and a
category index, first_steps.index.mdwn, which is in turn inlined in doc.mdwn and
first_steps.mdwn to avoid duplication.
parent 8247acca
......@@ -32,15 +32,22 @@ as true.**
- [[Stay tuned|download#index5h1]]
- [[Starting Tails!|download#index6h1]]
# [[Use Tails|use]]
- [[Start Tails|use/start]]
- [[Use Tails inside a virtualization software|use/start/virtualization]]
- [[Use the Tails desktop|use/desktop]]
- [[Connect to the Internet anonymously|use/connect_to_internet_anonymously]]
- [[Work on sensitive documents|use/work_on_sensitive_document]]
- [[Use encryption|use/encryption]]
- [[Create and use encrypted volumes|use/encrypted_volumes]]
- [[TrueCrypt|use/encryption/truecrypt]]
- [[Report a bug|use/report_a_bug]]
- [[Other applications and features|use/other_applications]]
# [[First steps with Tails|first_steps]]
[[!inline pages="doc/first_steps.index" raw="yes"]]
# [[Connect to the Internet anonymously|anonymous_internet]]
[[!inline pages="doc/anonymous_internet.index" raw="yes"]]
# [[Encryption & privacy|encryption_and_privacy]]
[[!inline pages="doc/encryption_and_privacy.index" raw="yes"]]
# [[Work on sensitive documents|sensitive_documents]]
[[!inline pages="doc/sensitive_documents.index" raw="yes"]]
# [[Advanced topics|advanced_topics]]
[[!inline pages="doc/advanced_topics.index" raw="yes"]]
- [[Protection against cold boot attacks|doc/advanced_topics/cold_boot_attacks]]
- [[Virtualization|doc/advanced_topics/virtualization]]
- [[Enable MAC Changer|doc/advanced_topics/mac_changer]]
[[!meta title="Advanced topics"]]
[[!inline pages="doc/advanced_topics.index" raw="yes"]]
[[!meta title="Protection against cold boot attacks"]]
Due to how modern computing works, basically everything that you have
done during a session is stored in the RAM. If an attacker has
physical access to your computer when you are running Tails, it may
enable her to recover everything that have been achieved during the
session, from typed texts to saved files, including passwords and
encryption keys. The more recent the activity, the more likely it is
that it is still in the RAM.
Furthermore, it has been shown that the data present in the RAM might be
recoverable for seconds or even minutes after the computer is powered
off using a [cold boot
attack](http://en.wikipedia.org/wiki/Cold_boot_attack).
In both cases the RAM contents can be analysed in a computer forensics
laboratory which might turn into a major disaster depending on what they
find.
So, what should you do when you hear an attacker knocking at your door?
You could just remove the USB stick or CD you are running Tails from. It
will start to wipe the contents of the RAM by filling it out with random
junk, thus erasing everything that was stored there before, including
the encryption key of the encrypted storage devices you might use and
the traces of your session. Then you wait, possibly trying to buy
valuable time by barricading your door.
As far as the authors know, cold boot attacks are not standard
procedure within law enforcements and similar organisations anywhere
in the world yet, but it might still be good to be prepared and stay
on the safe side.
[[!meta title="Enable MAC Changer"]]
**FIXME**: This section have not been adapted now. Macchanger is not easily
usable in Tails now (0.7.2)
If you paid attention when you started up Tails you may have noticed
an odd option in the language selection menu, namely the "Enable MAC
changer" entry. Some further explanation is probably required in order
to understand whether this is relevant for you or not.
First of all, you should know that all network cards, both wired and
wireless, have a unique identifier stored in them called their MAC
address. This address is actually used to address your computer on the
_local_ network, but it will _never_ get out on the Internet so people
can _not_ use it to trace you. However, other computers on the network
could log it which then would provide proof that your computer have
been connected to it. As such, this is not a concern if you are using
Tails with your home Internet connection as that can be linked to
you any way, but if you are connecting your computer to an untrusted,
public wireless network you might consider enabling it. It is never
useful enabling this option if you are using a public computer – only
use this if you are using a computer that can be linked to you on a
public network.
The reason why this is not always enabled is that is might cause
problems on some networks, so if you experience network problems while
it is enabled you might want try disabling it.
- [[Networking with NetworkManager|doc/anonymous_internet/networkmanager]]
- [[Controlling Tor with Vidalia|doc/anonymous_internet/vidalia]]
- [[Browsing the web with IceWeasel|doc/anonymous_internet/iceweasel]]
- [[Chatting with Pidgin & OTR|doc/anonymous_internet/pidgin]]
- [[Emailing with Thunderbird|doc/anonymous_internet/thunderbird]]
[[!meta title="Connect to the Internet anonymously"]]
[[!inline pages="doc/anonymous_internet.index" raw="yes"]]
[[!meta title="Networking with NetworkManager"]]
The name is quite self-explanatory – this is what you should use to
manage your network, which usually only consists of establishing an
Internet connection. In many cases this is done more or less
automatically. For example, if you are connected with wire,
NetworkManager will try to obtain network access automatically. If you
want to connect via wireless with a supported wireless adapter, you
are basically two clicks away.
Click on its icon on the left of the top panel to find the list of available
connections:
**FIXME**: screenshot
<center><a href="nm-menu.jpg"><img border="0" height="194"
src="nm-menu.jpg" width="240" /></a></center>
All wireless networks your computer is picking up are listed there, as
are all wired networks you have access to (usually one per wire), so
the second click is used for choosing any one of these. If the network
is protected you will be prompted for a password. There are other
options too, e.g. for dial-up connections and setting up VPNs although
these will require further set-up in the "Options -> Configure..."
section.
[[!meta title="Chatting with Pidgin"]]
For instant messaging Tails includes the Pidgin Instant Messenger.
It is a multi-protocol client, so you can run MSN, ICQ, IRC, AIM,
Jabber and many other protocols at the same time, even with several
instances of the same protocol. See the following picture for a Pidgin
user with three different protocols enabled at the same time:
<center><a href="pidgin-main.jpg"><img border="0" height="196"
src="pidgin-main.jpg" width="109" /></a></center>
## OTR encryption
Of course the issue of end-to-end encryption arises again. As we
mentioned earlier, we have [Off-the-record
messaging](http://www.cypherpunks.ca/otr) (commonly called OTR) for
instant messaging, and Pidgin and many other instant messengers have
support for that. There are several resources on how it works and how
to use it on their web site. Basically all you need to do is choose
"Start private conversation" in the OTR menu and a key will be
generated automatically if you do not have one already. After that OTR
will establish a private conversation if the other end's instant
messenger supports it. This is will look something like this:
<center><a href="pidgin-chat.jpg"><img border="0" height="218"
src="pidgin-chat.jpg" width="370" /></a></center>
OTR and other Pidgin plugins are enabled in the "Tools menu -&gt;
Plug-ins" section. Simply check the appropriate box for enabling any
plugin you want, and possibly you might also want to configure it by
pressing the "Configure Plug-in" button. When this is done for the OTR
plugin a window that can be used to manage your keys will open.
The use of OTR is recommended as many instant messaging protocols
normally sends your messages in plaintext. Force your friends to
migrate to clients with support for OTR!
**FIXME**: mention `/me` is **not** encrypted when used in a OTR
private conversation.
[[!meta title="Emailing with Thunderbird"]]
**FIXME**: This section have not been adapted now so please do not take it into
account. Tails uses Claws Mail instead of Thunderbird.
Not everyone is happy using webmail (like the authors) but want to use
a _real_ email client instead of some fragile web-based interface. For
that we have included Mozilla Thunderbird which looks like this:
<center><a href="tb-main.jpg"><img border="0" height="305"
src="tb-main.jpg" width="453" /></a></center>
Composing email looks like this:
<center><a href="tb-compose.jpg"><img border="0" height="257"
src="tb-compose.jpg" width="324" /></a></center>
Notice that there are buttons for PGP encryption in both of the above
windows (labelled with "Decrypt" and "OpenPGP"). These are provided by
the [Enigmail](http://http://enigmail.mozdev.org/) extension, and
pressing any of them for the first time will start a guide for setting
up PGP, possibly generating new keys if you do not have any. Their web
site is a great resource for learning how PGP encryption works so make
sure to check it out.
Setting up your email account requires a tiny amount of knowledge,
like what [POP](http://en.wikipedia.org/wiki/Post_Office_Protocol),
[IMAP](http://en.wikipedia.org/wiki/IMAP) and
[SMTP](http://en.wikipedia.org/wiki/SMTP) is, and indeed that your
email service supports these. [This step-by-step
guide](http://opensourcearticles.com/articles/thunderbird_15/english/part_01)
might be useful. However, this initial configuration requires writing
down the addresses of the servers involved, downloading mail, etc.
which will take some time. It is a bit annoying to have to redo
everytime you start Tails, which is necessary when running from a
CD, so you might want to consider using a persistent home directory by
[running from USB](#usb) if you plan to use Thunderbird often. One
more thing to consider is that Tor exit nodes usually block the
plaintext SMTP port (25) in order to prevent spam. This is easily
fixed by enabling end-to-end encryption with the email server through
SSL, which you should do any way for all of POP, IMAP and SMTP as your
password otherwise will be sent in plaintext.
[[!meta title="Controlling Tor with Vidalia"]]
Vidalia is an anonymity manager. Basically this means that it can be used
to control Tor, and is automatically launched on network connection.
As soon as the Tor client managed to establish a route to the Tor
network, Vidalia hides as an onion icon on the upper right corner of
the screen. Right-clicking this icon displays a configuration menu.
[[!img Vidalia_menu_en.jpg title="Vidalia menu" align="center"]]
Vidalia menu proposes essentialy two features:
* a *Network map* which displays a window showing a map of the Tor network, a list
of Tor relays and a the list of currently used routes and their status.
* a *New identity* entry, which will make Tor use a different
route for **future** connections, so that they will appear to come
from a different address. But **be carefull** that some software might
still continue to use the old route, depending on how it behaves with
network connections. If you want to be sure a software is using a new
route, you may want to close it, hit the *New identity* button, and
then start the software again once the popup window disappears.
**FIXME** cf explanations from warning: stop Tails,
restart. So... remove the explanations here, develop correctly further
down.
## The network map
Next we will have a look at the Tor network map:
[[!img Vidalia_Netmap_en.jpg title="Vidalia network map" align="center"]]
In here, all the Tor nodes in the Tor network are listed, as are all
your circuits and connections that go through the Tor network. This
requires a bit of technical knowledge of how Tor works in order to
understand and use, but it is not at all necessary. From the
connection listing it should at least be relatively easy for you to
see which exit node and country it appears your connections come from.
Right-clicking on any established circuits enable you to close it in
case this one is too slow.
## The *New identity* feature
**FIXME**: instruct how to really "change identity"
One very useful thing when working with Tor is the following option,
found in the Vidalia menu that you get by right-clicking its systray
icon:
<center><a href="tork-menu.jpg"><img border="0" height="98"
src="tork-menu.jpg" width="182" /></a></center>
Clicking on the "New Identity" option will tear down all you current
circuits and build new ones which means that the set of computers you
route your Internet traffic through will exchanged by some others.
This is very useful if you experience bad performance or even
time-outs accessing some Internet resource as you might have better
luck with the new circuits that are built. Also, if you ever want to
make sure that one thing you are doing will not be linkable to the
next thing you are going to do you should use this feature.
**FIXME** wrong. copy explanations from warning instead of this bullshit.
## Connect through a bridge
**FIXME**: This section have not been adapted now so please do not take it into
account.
Vidalia also makes it easy to use some of the Tor Network's more
advanced features. For example, you can click on the *Settings* option,
then on the *Network* tab of the newly opened window, and select the *My
ISP blocks connections to the Tor network* checkbox to gain access to a
form where you can add Tor
[bridges](https://www.torproject.org/bridges.html) as entry points to
the Tor network. This is a way to circumvent censorship systems that
blocks normal access to the Tor network, intentially or not.
## Setting up a Tor relay
**FIXME**: discuss if we really want to document that
> why not, since it's written... if it needs writing, just put a link
> to the Tor documentation.
Lastly Vidalia will assist you setting up yourself as a Tor server,
helping out the Tor Network by relaying other people's traffic. You
also have the possibility to act as an exit node, which means that
other Tor users' traffic will exit in the clear from your computer.
You should really think through if you want to do the latter (act as
an exit node) as your ISP might start sending you complaints for other
people's file sharing traffic that happens to exit from you, and
potentially even worse things that might attract the attention of the
police. But simply relaying traffic is completely safe and will only
cost you some bandwidth (how much can be configured). However, at the
same time you will get more anonymity – it will be impossible for
eavesdroppers to distinguish the Tor traffic you are relaying from
your own traffic generated by web browsing etc. So if you have
bandwidth to spare, you might want to consider doing this.
In order to succeed with setting up a relay you might have to do
something about your firewall or router if you have one, like enable
port-forwarding for ports 9001 and 9030 – if you do not know what this
is or how to do it you should either look it up on with favourite search
engine or simply skip it. The next step would be to actually enable it
in Vidalia, which only requires a few clicks. First click the *settings*
option in the systray menu, then go to the *Sharing* tab of the new
window. There you can choose wether you want to setup a normal Tor relay
or a Tor [bridge](https://www.torproject.org/bridges.html). In any case,
you'll have to choose a nickname and a contact email in the newly
appeared form. Other tabs of this form helps you to choose if you want
to limit bandwith usage and the kind of trafic your relay will be used
to.
## Setup a hidden service
**FIXME**: add instructions to setup a hidden service with Vidalia.
- [[Your data won't be saved unless explicitely asked|doc/encryption_and_privacy/your_data_wont_be_saved_unless_explicitely_asked]]
- [[Type passwords securely on an untrusted computer|doc/encryption_and_privacy/virtual_keyboard]]
- [[Create and use encrypted volumes|doc/encryption_and_privacy/encrypted_volumes]]
- [[TrueCrypt|doc/encryption_and_privacy/truecrypt]]
[[!meta title="Use encryption"]]
[[!meta title="Encryption & privacy"]]
# Use OpenPGP encryption
......@@ -26,3 +26,4 @@ users. See [[truecrypt]].
**FIXME**: explain how to create and use an encrypted USB stick?
[[!inline pages="doc/encryption_and_privacy.index" raw="yes"]]
[[!meta title="Type passwords securely on an untrusted computer"]]
If an attacker had access to the computer you run Tails on, she might
have installed a piece of hardware that records every key which is
pressed on the keyboard: that's a keylogger. This kind of hardware is
quite common and known to have been already used.
To prevent against giving such a device your password or encryption
passphrase, you might want to "type" them using the mouse on a virtual
keyboard displayed on screen.
The *[Florence](http://florence.sourceforge.net/english.html)*
virtual keyboard starts automatically with Tails and
is accessible by the keyboard icon in the systray on the top left of the screen.
It can be used to safely enter passwords using the mouse
when you suspect that a hardware keylogger may be present.
[[!meta title="Your data won't be saved unless explicitely asked"]]
As stated in the [[about]] page, Tails is designed to leave no trace on the
computer you're using unless you ask it explicitly. It is important
to understand some of the consequences of that.
Starting a computer on a media containing Tails doesn't change anything on the
operating system actually installed on your hard drive: as a live system, Tails
doesn't need to use your hard drive during the whole session. Be your hard drive absent
or damaged, it wouldn't prevent your computer to start Tails. Consequently,
removing the CD or USB stick containing Tails is enough to retrieve your usual
operating system.
A consequence of this amnesia is that you can't save anything on the device
containing Tails, be it files you create or download or any configuration you
might do. You should save anything you want to keep for later access into a
separate device (other USB stick, other CD or any device you would choose).
Future versions of Tails will propose a feature to save some files or
configuration, but it is still being developped.
- [[Start Tails|doc/first_steps/start_tails]]
- [[Introduction to GNOME and the Tails desktop|doc/first_steps/introduction_to_gnome_and_the_tails_desktop]]
- [[Report a bug|doc/first_steps/report_a_bug]]
[[!meta title="First steps with Tails"]]
[[!inline pages="doc/first_steps.index" raw="yes"]]
[[!meta title="Use the Tails desktop"]]
# A basic introduction to the GNOME desktop
[[!meta title="Introduction to GNOME and the Tails desktop"]]
[[!img Desktop_en.jpg title="Tails Desktop as of 0.6.1" align="center"]]
......@@ -75,71 +73,3 @@ window and drop them to another.
To connect to remote FTP or SFTP server, go to *Connect to Server...* from
*Places* menu.
# <a name="live"></a>Your data won't be saved unless explicitely asked
As stated in the [[about]] page, Tails is designed to leave no trace on the
computer you're using unless you ask it explicitly. It is important
to understand some of the consequences of that.
Starting a computer on a media containing Tails doesn't change anything on the
operating system actually installed on your hard drive: as a live system, Tails
doesn't need to use your hard drive during the whole session. Be your hard drive absent
or damaged, it wouldn't prevent your computer to start Tails. Consequently,
removing the CD or USB stick containing Tails is enough to retrieve your usual
operating system.
A consequence of this amnesia is that you can't save anything on the device
containing Tails, be it files you create or download or any configuration you
might do. You should save anything you want to keep for later access into a
separate device (other USB stick, other CD or any device you would choose).
Future versions of Tails will propose a feature to save some files or
configuration, but it is still being developped.
# Type password securely on an untrusted computer
If an attacker had access to the computer you run Tails on, she might
have installed a piece of hardware that records every key which is
pressed on the keyboard: that's a keylogger. This kind of hardware is
quite common and known to have been already used.
To prevent against giving such a device your password or encryption
passphrase, you might want to "type" them using the mouse on a virtual
keyboard displayed on screen.
The *[Florence](http://florence.sourceforge.net/english.html)*
virtual keyboard starts automatically with Tails and
is accessible by the keyboard icon in the systray on the top left of the screen.
It can be used to safely enter passwords using the mouse
when you suspect that a hardware keylogger may be present.
# <a name="cold"></a>Protection against cold boot attacks
Due to how modern computing works, basically everything that you have
done during a session is stored in the RAM. If an attacker has
physical access to your computer when you are running Tails, it may
enable her to recover everything that have been achieved during the
session, from typed texts to saved files, including passwords and
encryption keys. The more recent the activity, the more likely it is
that it is still in the RAM.
Furthermore, it has been shown that the data present in the RAM might be
recoverable for seconds or even minutes after the computer is powered
off using a [cold boot
attack](http://en.wikipedia.org/wiki/Cold_boot_attack).
In both cases the RAM contents can be analysed in a computer forensics
laboratory which might turn into a major disaster depending on what they
find.
So, what should you do when you hear an attacker knocking at your door?
You could just remove the USB stick or CD you are running Tails from. It
will start to wipe the contents of the RAM by filling it out with random
junk, thus erasing everything that was stored there before, including
the encryption key of the encrypted storage devices you might use and
the traces of your session. Then you wait, possibly trying to buy
valuable time by barricading your door.
As far as the authors know, cold boot attacks are not standard
procedure within law enforcements and similar organisations anywhere
in the world yet, but it might still be good to be prepared and stay
on the safe side.
......@@ -5,5 +5,3 @@ rather than in the dowload page.
It is also possible to [[start Tails as a guest in a virualization
software|virtualization]] while it has some security issues.
- [[Office suite|doc/sensitive_documents/office_suite]]
- [[Graphics|doc/sensitive_documents/graphics]]
- [[Desktop publishing|doc/sensitive_documents/desktop_publishing]]
- [[Audio|doc/sensitive_documents/audio]]
- [[Printing and scanning|doc/sensitive_documents/printing_and_scanning]]
[[!meta title="Work on sensitive documents"]]
Tails aims at providing a "safe" environment to produce and optionally publish
sensitive documents.
[[!inline pages="doc/sensitive_documents.index" raw="yes"]]
[[!meta title="Audio"]]
[Audacity](audacity.sourceforge.net) is a multi-track audio editor for
Linux/Unix, MacOS and Windows. It is designed for easy recording, playing and
editing of digital audio.
[[!meta title="Work on sensitive document"]]
Tails aims at providing a "safe" environment to produce and optionally publish
sensitive documents.
# Office suite
Tails includes OpenOffice.org, which is a full-featured office productivity
suite that provides a near drop-in replacement for Microsoft(R) Office.
It includes a word processor, a spreadsheet and a presentation application.
You can launch them from the *Applications* → *Office*
# Graphics
Tails includes [The GIMP](gimp.org) for The GNU Image Manipulation Program for
bitmap graphics. GIMP lets you draw, paint, edit images, and much more.
For vector-based drawing, Tails includes [inkscape](www.inkscape.org).
Both are accessible from *Applications* → *Graphics* menu.
# Audio
[Audacity](audacity.sourceforge.net) is a multi-track audio editor for
Linux/Unix, MacOS and Windows. It is designed for easy recording, playing and
editing of digital audio.
# Desktop publishing
[[!meta title="Desktop publishing"]]
[Scribus](scribus.org) is an Open Source Desktop Page Layout accessible from
the *Applications* → *Graphics*. It can be used for many tasks; from booklets
......@@ -38,9 +9,3 @@ curves polygons, precision placement of objects, layering with RGB and CMYK
custom colors. The Scribus document file format is XML-based. Unlike
proprietary binary file formats, even damaged documents can be recovered with
a simple text editor.
# Printing and scanning
The [CUPS printing system](cups.org), which includes drivers for several common
printers allows printing, while you can scan with [Simple
scan](launchpad.net/simple-scan)
[[!meta title="Graphics"]]
Tails includes [The GIMP](gimp.org) for The GNU Image Manipulation Program for
bitmap graphics. GIMP lets you draw, paint, edit images, and much more.
For vector-based drawing, Tails includes [inkscape](www.inkscape.org).
Both are accessible from *Applications* → *Graphics* menu.
[[!meta title="Office suite"]]
Tails includes OpenOffice.org, which is a full-featured office productivity
suite that provides a near drop-in replacement for Microsoft(R) Office.
It includes a word processor, a spreadsheet and a presentation application.
You can launch them from the *Applications* → *Office*
[[!meta title="Printing and scanning"]]
The [CUPS printing system](cups.org), which includes drivers for several common
printers allows printing, while you can scan with [Simple
scan](launchpad.net/simple-scan)
# SOME DESCRIPTIVE TITLE
# Copyright (C) YEAR Free Software Foundation, Inc.
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2011-06-18 22:40+0300\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#. type: Plain text
#, no-wrap
msgid "[[!meta title=\"Use Tails\"]]\n"
msgstr ""
#. type: Plain text
msgid ""
"In this section we will now briefly present how to use Tails, and especially "
"the the main applications included in Tails. Users are encouraged to look "
"for further information about them elsewhere and to experiment (while not "
"doing anything sensitive!) for their own benefit. All the pictures are "
"clickable to get them undistorted and in full size, but note that some of "
"the text is smudged in order to protect identities."
msgstr ""
#. type: Plain text
#, no-wrap
msgid ""
"- [[Start Tails|use/start]]\n"
" - [[Use Tails inside a virtualization "
"software|use/start/virtualization]]\n"
"- [[Use the Tails desktop|use/desktop]]\n"
"- [[Connect to the Internet "
"anonymously|use/connect_to_internet_anonymously]]\n"
"- [[Work on sensitive documents|use/work_on_sensitive_document]]\n"
"- [[Use encryption|use/encryption]]\n"
" - [[TrueCrypt|use/encryption/truecrypt]]\n"
"- [[Report Tails bugs|use/debugging]]\n"
"- [[Other applications and features|use/other_applications]]\n"
msgstr ""