secure-os.org
EN FR ES

Tails OS Explained: The Amnesic Operating System That Forgets You (2026)

published June 12, 2026 · #tails #tor #live-os

A USB drive labeled Tails OS next to a laptop running an anonymous desktop session

Every operating system you install on a hard drive leaves a growing record of what you did, who you talked to, and which sites you visited. Browser history, swap files, DNS caches, prefetch logs — they accumulate silently. Tails OS inverts this model entirely. It runs from a USB stick, holds everything in RAM, and when the session ends, it forgets you were ever there.

That design is not an accident. It is the founding principle of a project that has been running since 2009 and, as of late 2024, operates under the umbrella of the Tor Project — the nonprofit behind the anonymity network that Tails depends on.

What Is Tails OS?

Tails stands for The Amnesic Incognito Live System. It is a Debian-based Linux distribution designed to be booted directly from external media — a USB drive or, historically, a DVD — without touching the host machine’s hard disk. The current release as of June 2026 is Tails 7.8.1.

The name captures its two core properties:

  • Amnesic: by default, nothing is written to persistent storage. RAM is wiped on shutdown. The next user of that computer finds no trace of your session.
  • Incognito: every network connection is forced through the Tor network, masking your IP address from the sites you visit and from your internet service provider.

Tails is free software, funded primarily by donations and grants from organizations including the Freedom of the Press Foundation, the Mozilla Foundation, and the Tor Project itself. It has been audited by independent security researchers on multiple occasions.

Why Tails Matters: The Threat Model It Addresses

Most privacy tools reduce surveillance at the margins. Tails addresses a specific, high-stakes threat: a physically compromised machine in a hostile environment. Its use cases include:

  • A journalist receiving documents from a source in an authoritarian country
  • A human rights worker operating in a region where device seizure is a realistic risk
  • A lawyer accessing case files from a shared or untrusted computer
  • A source communicating with a newsroom without leaving device-level evidence

Edward Snowden used Tails when communicating with journalists Glenn Greenwald and Laura Poitras in 2013. Poitras has publicly described it as essential to the operational security of that reporting. The Freedom of the Press Foundation actively recommends Tails in its training programs for journalists and sources.

Tails is not a tool for casual everyday computing. Understanding that distinction matters before you evaluate whether it fits your situation.

How Tails Works Under the Hood

Boot Process

Tails runs entirely from the USB drive. When you insert it and boot, the machine’s BIOS or UEFI firmware loads the Tails bootloader from the USB. The system never mounts the internal hard drive. If the computer has a functioning disk with another OS installed, Tails ignores it completely — the session runs in isolation.

This means any malware on the host OS cannot reach your Tails session. The attack surface shrinks to the firmware layer and to whatever you do during the session itself.

RAM-Only Operation

All session data — open files, browser history, typed text — lives in RAM. The moment you shut down (or the power is cut), that memory is released. Tails also attempts to overwrite RAM contents at shutdown to resist cold-boot attacks, where an adversary attempts to freeze and extract memory chips before they discharge.

Forced Tor Routing

Tails configures the system firewall to block any traffic that does not go through Tor. There is no opt-out switch at the application level. If an application tries to contact the internet directly — bypassing Tor — the packet is dropped. This prevents accidental clearnet leaks from misconfigured software.

The Tor Browser is the default browser, pre-configured with sensible security settings. Other included applications — the Thunderbird email client, the OnionShare file-sharing tool, the KeePassXC password manager — are all pre-configured to work within the Tor network.

Persistent Storage (Optional, LUKS-Encrypted)

Because Tails is amnesic by design, saving anything across sessions requires deliberate setup. Tails offers an optional Persistent Storage feature: an encrypted partition on the same USB stick, protected with a passphrase and encrypted with LUKS (Linux Unified Key Setup). You can choose what to persist — bookmarks, documents, SSH keys, custom application configurations — while keeping the rest of the session ephemeral.

If an adversary seizes your USB drive, the Persistent Storage is encrypted and inaccessible without the passphrase. For a deeper look at how full-disk encryption protects data at rest, see our guide on full-disk encryption.

Installing Tails: Overview

What You Need

  • A USB drive of at least 8 GB (this becomes your Tails drive)
  • An internet connection to download the image
  • Optionally, a second USB drive or another device to run the Tails installer

The Verification Step

Download the Tails image from tails.net. Before writing it, verify the cryptographic signature. Tails provides an OpenPGP signature and a browser extension that automates this check. Skipping verification is the most common mistake beginners make — a tampered image would undermine every security property Tails offers.

Writing the Image

On Windows, the Tails website recommends Tails Installer, a purpose-built tool that handles the write operation and optionally sets up Persistent Storage. On Linux and macOS, dd with the correct block size works reliably, though it offers no progress indicator and requires care with the target device path.

Tails previously required two USB drives for the installation process (one to run the installer, one to receive Tails). As of recent versions, this is no longer required on Windows — you can install directly from the downloaded image using Tails Installer.

First Boot

Enter the BIOS/UEFI on your machine and set the USB drive as the primary boot device, or use the one-time boot menu (typically F12, F11, or Escape at startup, depending on manufacturer). On modern machines with Secure Boot enabled, you may need to disable it — Tails does not currently support Secure Boot.

What Tails Protects — and What It Does Not

ProtectedNot Protected
IP address (via Tor)Tor exit node surveillance of unencrypted traffic
Session data (RAM-only)Firmware-level malware (BIOS/UEFI rootkits)
Files in Persistent Storage (LUKS)Behavioral fingerprinting within a session
Identity from clearnet leaksPhysical observation of the screen
DNS queries (Tor handles these)Compromised Tor Browser (browser exploits)
Activity from the host OSISP metadata on Tor usage itself

Tor Exit Nodes

Tor encrypts traffic between your machine and the exit node, but the exit node communicates with the destination in cleartext (unless the destination uses HTTPS). A malicious exit node can observe unencrypted traffic. This is a property of Tor, not a flaw specific to Tails. Always verify HTTPS when using Tails for sensitive communications.

Firmware Attacks

Tails cannot protect against malware embedded in the computer’s firmware — the BIOS, UEFI, or hardware controllers. These attacks are rare and expensive to deploy, but they exist. If you are operating against a nation-state adversary with physical access to your hardware, Tails alone is insufficient.

MAC Address Spoofing

Tails automatically randomizes the MAC address of your network interface at each boot. This prevents the local network (a hotel Wi-Fi router, for example) from linking your activity across sessions by hardware identifier. It is enabled by default and is one of several protections Tails applies without requiring user configuration.

Tails vs. Other Privacy Operating Systems

Tails occupies a specific niche. It is designed for episodic, high-risk sessions where leaving no trace matters more than convenience.

Whonix takes a different approach: it runs inside a virtual machine on your regular operating system, splitting the workstation from the Tor gateway across two separate VMs. This makes it better suited to longer-term pseudonymous workflows where you need persistence and the ability to install software — but it requires a reliable host OS and leaves traces on the host machine’s disk. Our Whonix guide covers when that trade-off makes sense.

Qubes OS — a project with historical roots in the same community that helped shape Tails — uses hardware virtualization to isolate different activities into separate compartments. It is the most technically demanding of the three and is intended for users who need persistent, compartmentalized identities rather than amnesic sessions.

Tails and the Secure Desktops Community

Tails has deep roots in the broader secure desktop movement. The developers of Tails co-founded the Secure Desktops mailing list in 2015 alongside contributors from the Subgraph and Qubes OS projects — a forum that laid early technical groundwork for isolation-based privacy operating systems. That heritage is documented in the history section of this site.

Practical Recommendations

Use Tails when:

  • You are accessing sensitive sources or documents and need plausible deniability at the device level
  • You are working from an untrusted machine (hotel, library, borrowed computer)
  • You need a clean, known-good environment with no locally installed malware

Do not rely solely on Tails when:

  • You need persistent identities or accounts across sessions
  • You are managing long-running projects that require complex installed tooling
  • You want to protect data at rest on your primary machine (use full-disk encryption instead)

Operational habits that matter:

  • Always boot from the same Tails USB to avoid version fragmentation
  • Set a strong passphrase on Persistent Storage — LUKS is only as strong as the key
  • Keep your Tails installation updated; the project issues security releases regularly
  • Do not stretch sessions unnecessarily; log out when the task is done
  • Be aware that Tor usage is detectable by your ISP even if the content is not — in some environments, using Tor itself is a signal

For broader context on anonymous browsing and layered identity protection, the Tor Project’s support documentation offers practical operational guidance that complements what Tails provides at the OS level.

Verdict

Tails OS is one of the most thoroughly engineered privacy tools available to the public. Its amnesic design, mandatory Tor routing, and LUKS-encrypted optional storage address a coherent threat model with clarity and discipline. For journalists, activists, sources, and anyone operating in genuinely adversarial conditions, it remains the reference implementation of the “leave no trace” operating system.

Its limits are equally clear: it is not an everyday OS, it does not protect against firmware-level attacks, and Tor exit nodes introduce risk for unencrypted traffic. Used correctly — for specific, bounded sessions where amnesia is an asset — it does what it promises.

The project’s integration into the Tor Project in 2024 provides additional organizational stability for what has always been a critical piece of civil liberties infrastructure. Tails 7.x continues to be actively maintained, with security releases issued on a regular cadence.

If your threat model calls for a session-based, no-trace environment routed through Tor, nothing in the open-source ecosystem does it better.