- Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Will the Tails OS help secure enterprise communications?

Edward Snowden used the Tails OS to keep his communications secure and anonymous -- so should it be leveraged in a business setting? Expert Michael Cobb explains.

NSA whistleblower Edward Snowden reportedly used the Tails OS to keep his communications safe from snooping. How does this technology work? Is there a legitimate use in an enterprise context for high-security activities?

According to The Guardian reporter Glenn Greenwald, he and Snowden used Tails to keep their communications secure. Tails is a standalone bootable computer installation that includes an operating system and preinstalled applications, all of which run in the computer's memory. Instead of loading the operating system from a desktop or laptop's hard drive, users load Tails directly from a CD, DVD, USB stick or SD card. It has been designed from the ground up to provide anonymity and preserve privacy while a user is on a computer or the Internet.

Tails is an open source version of the Debian Linux operating system, but it is stateless and optimized for anonymity. Tails comes with several preconfigured privacy and cryptographic tools like OpenPGP, the password management system KeePassX, LUKS for disk encryption and the chat encryption plugin Off-the-Record. It doesn't store any data locally, only using RAM to run the OS and applications. Data held in RAM is erased when the computer shuts down so that when a user boots back into their computer's normal operating system, no history from the Tails session remains. This prevents anyone from being able to recover data or gather forensic evidence. Tails is configured so that all connections to the Internet have to go through the Tor network, which anonymizes a user's Internet traffic by routing it through a network of computers around the world.

In this Internet age of mistrust and rumor, can Tails be trusted -- particularly as nobody knows who the developers of Tails are? The developers initially called their project Amnesia and based it on the existing Incognito operating system, with Tails standing for "The Amnesic Incognito Live System." The project's aim is to bring privacy technologies together in a ready and easy-to-use form. Started five years ago, all the code is open source -- so it can be reviewed by anyone worried about backdoors. A separate group is said to be developing a mobile version of Tails that can run on Android and Ubuntu tablets.

There is certainly a need for a live OS like Tails for journalists, whistleblowers and the like, and with the growing level of cyberespionage, many enterprises may benefit from using it to exchange highly sensitive commercial data between departments and partners, or when top executives need to use the Internet while traveling abroad.

While Tails makes it much easier for the average person to use privacy tools (for example, Tor runs automatically), training and a strong sense of paranoia will be necessary to ensure all online activities are kept anonymous. Although Tails includes productivity applications like OpenOffice, enterprises are best off having computers dedicated solely for using Tails when a secure communication channel is needed, ensuring it is kept physically secure and air-gapped at all other times. This means total isolation from any other computer and manually transferring files to and from it on trusted media.

No operating system or privacy tool can guarantee complete protection in all situations, but using Tails can go a long way toward facilitating the secure exchange of highly sensitive information.

Ask the Expert!
Have a question about application security? Send it via email today! (All questions are anonymous.)

Next Steps

Should Internet anonymity be banned? Schneier and Ranum face off

Learn how to surf the Web anonymously

This was last published in November 2014

Dig Deeper on Alternative operating system security

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Do you advocate the use of Tails and Tor in the enterprise? Why?
I've never used them. As a business, we have no particular need to hide our identities throughout most of our daily operations, so the use of anonymizing systems like Tails and Tor simply isn't relevant.

That said, they might be good options if you want to discreetly investigate what a competitor is doing without giving them any information on you. Outside of that, though, I don't recommend them - too much work for no discernible gain.