Tails 0.18 - Changelog

What's new in Tails 0.18:

May 19th, 2013

New features:

· Support obfs3 bridges.
· Automatically install a custom list of additional packages chosen by the user at the beginning of every working session, and upgrade them once a network connection is established (technology preview).

Iceweasel:

· Upgrade to Iceweasel 17.0.5esr-0+tails2~bpo60+1.
· Update Torbrowser patches to current maint-2.4 branch (567682b).
· Torbutton 1.5.2, and various prefs hacks to fix breakage.
· HTTPS Everywhere 3.2
· NoScript 2.6.6.1-1
· Isolate DOM storage to first party URI, and enable DOM storage.
· Isolate the image cache per url bar domain.
· Update prefs to match the TBB's, fix bugs, and take advantage of the latest Torbrowser patches.
· Make prefs organization closer to the TBB's, and generally clean them up.

Bugfixes:

· Linux 3.2.41-2+deb7u2.
· All Iceweasel prefs we set are now applied.
· Bring back support for proxies of type other than obfsproxy.

Minor improvements:

· Set kernel.dmesg_restrict=1, and make /proc// invisible and restricted for other users. It makes it slightly harder for an attacker to gather information that may allow them to escalate privileges.
· Install gnome-screenshot.
· Add a About Tails launcher in the System menu.
· Install GNOME accessibility themes.
· Use Getting started... as the homepage for the Tails documentation button.
· Disable audio preview in Nautilus.

· Localization: many translation updates all over the place.

What's new in Tails 0.17.2:

April 10th, 2013

Iceweasel:
· Upgrade to Iceweasel 17.0.5esr-0+tails2~bpo60+1.
· Stop displaying obsolete context menu entries ("Open Tor URL" and friends).

Hardware support:
· Update Linux to 3.2.41-2.
· Temporarily drop the Rendition display driver.

Bugfixes:
· Use more reliable OpenPGP keyservers.
· Keep udisks users (GNOME Disk Utility, tails-persistence-setup, etc.) from resetting the system partition's attributes when manipulating the partition table.

Minor improvements:
· Disable NoScript's HTML5 media click-to-play for better user experience.

Localization:
· Many updated and new translations all over the place.

What's new in Tails 0.17.1:

March 25th, 2013

Iceweasel:

· Upgrade to Iceweasel 17.0.4esr-0+tails1~bpo60+1.

Hardware support:

· Update Linux to 3.2.39-2, that It includes better support for graphics adapter, backported from Linux 3.4.29.
· Temporarily drop the Rendition display driver.

Bugfixes:

· Remove Indymedia IRC account, until we ship a version of Pidgin with SASL support.

What's new in Tails 0.17:

February 26th, 2013

New features:

· Install the KeePassX password manager, with a configuration and documentation that makes it easy to persist the password database.

Iceweasel:

· Upgrade to Iceweasel 17.0.3esr-1+tails1~bpo60+1.
· Do not allow listing all available fonts.
· Improve default spellchecker dictionary selection.
· Disable the add-ons automatic update feature.
· Remove NoScript click-to-play confirmation.
· Sync some prefs set by Torbutton, to be ready when it stops setting these.
· Disable navigation timing.
· Disable SPDY.
· More aggressive iceweasel HTTP pipelining settings.
· Enable WebGL (as click-to-play only).
· Disable network.http.connection-retry-timeout.
· Disable full path information for plugins.
· Remove NoScript blocks of WebFonts.

Minor improvements:

· Upgrade to live-boot 3.0~b11-1 and live-config 3.0.12-1.
· Don't add "quiet" to the kernel command-line ourselves.
· Upgrade I2P to 0.9.4.

Bugfixes:

· Many bugfixes brought by the Debian Squeeze 6.0.7 point-release.
· Use the regular GnuPG agent + pinentry-gtk2 instead of Seahorse as a GnuPG agent. This fixes usage of OpenPGP in Claws Mail, and brings support for OpenPGP smartcards.
· Enable I2P hidden mode. Else, killing I2P ungracefully is bad for the I2P network.
· Add shutdown and reboot launchers to the menu. This workarounds the lack of a shutdown helper applet in camouflage mode.
· Remove Pidgin's MXit and Sametime support to workaround security flaws.

Hardware support:

· Install recent Intel and AMD microcode.
· Install firmware loader for Qualcomm Gobi USB chipsets.
· Upgrade barry to 0.18.3-5~bpo60+1.

Localization:

· Tails USB Installer: update translations for Arabic, Czech, German, Hebrew, Polish and Spanish.
· tails-greeter: update Spanish and French translations, new Polish translation.
· tails-persistence-setup: update translations for Arabic, Bulgarian, Spanish, French, Dutch, Polish and Chinese.
· WhisperBack: update Spanish and Korean translations, import new Polish translation.

What's new in Tails 0.16:

January 12th, 2013

Minor improvements:
· Replace the too-easy-to-misclick shutdown button with a better "Shutdown Helper" applet.
· Display ~/Persistent in GNOME Places and Gtk file chooser.
· Install dictionaries for a few languages.
· Set Unsafe Browser's window title to "Unsafe Browser".
· Install ekeyd to support the EntropyKey.
· Install font for Sinhala script.
· Update Poedit to 1.5.4.
· Expose Vidalia's "broken onion" icon less.
· Hide the persistence setup launchers in kiosk mode.

Bugfixes:
· Disable IPv6 on all network interfaces. This is a workaround for the IPv6 link-local multicast leak that was recently discovered.
· Tails may previously have been able to list GPT partitions labelled "TailsData" on hard drives (!) as valid persistence volumes... this is now fixed.
· Fix SCIM in the autostarted web browser.
· Talk of DVD, not of CD, in the shutdown messages.
· Make tordate work in bridge mode with an incorrect clock.

Iceweasel:
· Update iceweasel to 10.0.12esr-1+tails1.
· Set the homepage to the news section on the Tails website.
· Hide the iceweasel add-on bar by default.
· Don't hide the AdBlock-Plus button in the add-on bar anymore.
· Don't install xul-ext-monkeysphere anymore.

Localization:
· tails-greeter: add German translation, update Portuguese (Brasil) and Russian ones.
· tails-persistence-setup: update French, German and Italian translations.

What's new in Tails 0.15:

November 29th, 2012

Tor:

· Upgrade to 0.2.3.25

Major new features:

· Persistence for browser bookmarks.
· Support for obfsproxy bridges.

Minor improvements:

· Add the Hangul (Korean) Input Method Engine for SCIM.
· Preliminary support for some OpenPGP SmartCard readers.
· Support printers that need HPIJS PPD and/or the IJS driver.
· Optimize fonts display for LCD.
· Update TrueCrypt to version 7.1a.

Bugfixes:

· Fix gpgApplet menu display in Windows camouflage mode.
· Fix Tor reaching an inactive state if it's restarted in "bridge mode", e.g. during the time sync' process.

Iceweasel:

· Update iceweasel to 10.0.11esr-1+tails1.
· Update HTTPS Everywhere to version 3.0.4.
· Update NoScript to version 2.6.
· Fix bookmark to I2P router console.

Localization:

· The Tails USB installer, tails-persistence-setup and tails-greeter are now translated into Bulgarian.
· Update Chinese translation for tails-greeter.
· Update Euskadi translation for WhisperBack.

What's new in Tails 0.12:

June 18th, 2012

· The Unsafe Web Browser, which has direct access to the Internet and can be used to login to captive portals usually found at libraries, Internet cafes and when using other publicly available Internet connections.

· Windows camouflage can now be enabled via a check box in Tails Greeter. Tails' user interface is unfamiliar to most, which may attract unwanted attention when used in public places. This option makes Tails look more like Microsoft Windows XP in order to raise less suspicion.

Tor:

· Upgrade to 0.2.2.37-1~~squeeze+1.

iceweasel:

· Upgrade iceweasel to 10.0.5esr-1 (Extended Support Release).
· Add a bookmark for the offline Tails documentation.

Internationalization:

· The Tails website and documentation now has a (partial) Portuguese translation.

Hardware support:

· Upgrade Linux to 3.2.20-1 (linux-image-3.2.0-2-amd64).

Software:

Do not install cryptkeeper anymore. See remove cryptkeeper for reason. Users of cryptkeeper are encouraged to migrate built-in persistence with the following one-time migration procedure:
· set an administration password when booting Tails
· temporarily install cryptkeeper via sudo apt-get update; sudo apt-get install --yes cryptkeeper
· open your cryptkeeper (EncFS] volume and move its contents to the Persistence folder provided by Tails' built-in persistence
· Install mousetweaks. This is needed to use the mouse accessibility settings in System -> Preferences -> Mouse -> Accessibility.
· Upgrade I2P to version 0.9.
· Don't install GParted. GNOME Disk Utility has been on par with GParted since Squeeze was released.
· Upgrade MAT, the metadata anonymisation toolkit, 0.3.2-1~bpo60+1.

Miscellaneous:

· Set Tails specific syslinux and plymouth themes.

What's new in Tails 0.10.1:

February 2nd, 2012

Iceweasel:
· Make Startpage the default web search engine. Scroogle does not look reliable enough these days.

Software:
· Upgrade WhisperBack to 1.5.1 (update link to bug reporting documentation).
· Update MAT to 0.2.2-2~bpo60+1 (fixes a critical bug in the GUI).

Hardware support:
· Upgrade Linux kernel to 3.2.1-2

· Time synchronization Serious rework that should fix most, if not all, of the infamous time-sync' related bugs some Tails users have experienced recently.
· Make htpdate more resilient by using three server pools, and allowing some failure ratio.
· Set time from Tor's unverified-consensus if needed.
· Set time to middle of [valid-after, fresh-until] from consensus.
· Many robustness, performance and fingerprinting-resistance improvements.
· Display time-sync' notification much earlier.

Miscellaneous:
· Fix access to "dumb" git:// protocol by using a connect-socks wrapper as GIT_PROXY_COMMAND.
· SSH client: fix access to SSH servers on the Internet by correcting Host / ProxyCommand usage.
· Pidgin: use OFTC hidden service to workaround Tor blocking.
· Claws Mail: disable draft autosaving. When composing PGP encrypted email, drafts are saved back to the server in plaintext. This includes both autosaved and manually saved drafts.
· tails-security-check-wrapper: avoid eating all memory when offline.

What's new in Tails 0.10:

January 6th, 2012

· Tor: upgrade to 0.2.2.35-1.

· Iceweasel
· Install Iceweasel 9.0 from the Debian Mozilla team's APT repository.
· Update Torbutton to 1.4.5.1-1.
· Support viewing any YouTube video that is available in HTML5 format.
· Use Scroogle (any languages) instead of Scroogle (English only) when booted in English. Many users choose English because their own language is not supported yet; let's not hide them search results in their own language.
· Install the NoScript Firefox extension; configure it the same way as the TBB does.
· Disable third-party cookies. They can be used to track users, which is bad. Besides, this is what TBB has been doing for years.

· Do not transparently proxy outgoing Internet connections through Tor. Instead drop all non-Torified Internet traffic. Hence applications has to be explicitly configured to use Tor in order to reach the Internet from now on.

· Software
· Upgrade Vidalia to 0.2.15-1+tails1. This version will not warn about new Tor versions (this is handled by Tails security check instead).
· Upgrade MAT to 0.2.2-1~bpo60+1.
· Upgrade VirtualBox guest software to 4.1.6-dfsg-2~bpo60+1, built against the ABI of X.Org backports.
· Upgrade I2P to 0.8.11; the start script (which was broken in Tails 0.9) is now fixed.
· Install unar (The Unarchiver) instead of the non-free unrar.
· Install Nautilus Wipe instead of custom Nautilus scripts.

· Hardware support
· Upgrade Linux kernel to 3.1.6-1.
· Upgrade to X.Org from squeeze-backports.
· Install more, and more recent b43 firmwares.
· Upgrade barry to 0.15-1.2~bpo60+1.

· Internationalization
· Add basic language support for Russian, Farsi and Vietnamese.
· Install some Indic fonts.
· Install some Russian fonts.
· Add Alt+Shift shortcut to switch keyboard layout.

· Miscellaneous
· Support booting in "Windows XP-like camouflage mode".
· Do not fetch APT translation files. Running apt-get update is heavy enough.
· Add MSN support thanks to msn-pecan.
Add custom SSH client configuration:
· Prefer strong ciphers and MACs.
· Enable maximum compression level.
· Explicitly disable X11 forwarding.
· Connect as root by default, to prevent fingerprinting when username was not specified.
· Replace flawed FireGPG with a home-made GnuPG encryption applet; install a feature-stripped FireGPG that redirects users to the documentation, and don't run Seahorse applet anymore.
· Blank screen when lid is closed, rather than shutting down the system. The shutdown "feature" has caused data losses for too many people, it seems. There are many other ways a Tails system can be shut down in a hurry these days.
· Fix bug in the Pidgin nick generation that resulted in the nick "XXX_NICK_XXX" once out of twenty.
· Pre-configure the #tor IRC discussion channel in Pidgin.
· Reintroduce the htpdate notification, telling users when it's safe to use Tor Hidden Services.
· Various htpdate improvements.

What's new in Tails 0.9:

November 17th, 2011

Tor:

· Upgrade to 0.2.2.34. This fixes CVE-2011-2768 and CVE-2011-2769 which prompted for manual updates for users of Tails 0.8.1.
· Suppress Tor's warning about applications doing their own DNS lookups. Some users have reported concerns about these warnings, but it should be noted that they are completely harmless inside Tails as its system DNS resolver is Torified.

· Linux 3.0.0-6, which fixed a great number of bugs and security issues.

Iceweasel:

· Upgrade to 3.5.16-11 ((fixes CVE-2011-3647, CVE-2011-3648, CVE-2011-3650).
· Torbutton: upgrade to 1.4.4.1-1, including support for the in-browser "New identity" feature.
· FireGPG: upgrade to 0.8-1+tails2. Users are notified that the FireGPG Text Editor is the only safe place for performing cryptographic operations, and these operations has been disabled in other places. Performing them outside of the editor opens up several severe attacks through JavaScript (e.g. leaking plaintext when decrypting, signing messages written by the attacker).
· Replace CS Lite with Cookie Monster for cookie management. Cookie Monster has an arguably nicer interface, is being actively maintained and is packaged in Debian.

Software:

· Install MAT, the Metadata Anonymisation Toolkit. Its goal is to remove file metadata which otherwise could leak information about you in the documents and media files you publish. This is the result of a Tails developer's suggestion for GSoC 2011, although it ended up being mentored by The Tor Project.
· Upgrade WhisperBack to 1.5~rc1. Users are guided how to send their bug reports through alternative channels upon errors sending them. This will make bug reporting easier when there's no network connection available.
· Upgrade TrueCrypt to 7.1.

Miscellaneous:

· The date and time setting system was completely reworked. This should prevent time syncing issues that may prevent Tor from working properly, which some users have reported. The new system will not leave a fingerprintable network signature, like the old system did. Previously that signature could be used to identify who is using Tails (but not deanonymize them).
· Erase memory at shutdown: run many instances of the memory wiper. Due to architectural limitations of i386 a process cannot access all memory at the same time, and hence a single memory wipe instance cannot clear all memory.
· Saner keyboard layouts for Arabic and Russian.
· Use Plymouth text-only splash screen at boot time.

What's new in Tails 2008.1-r1:

October 6th, 2008

· It has been reported that one of the advertised features of Incognito doesn't work in the 2008.1 release, the possibility to run Incognito in Microsoft Windows through the QEMU installation it ships with. The problem was a single backslash () in a script that the new QEMU version (0.9.1) didn't like, but which the previous version (0.9) didn't mind.

· Because of this I'm releasing Incognito 2008.1 revision 1, which fixes this issue (plus a few unimportant cosmetic changes that no one really should notice or care about). Those of you that have already downloaded 2008.1 but don't use this feature do not need to download 2008.1-r1.

· While every Incognito release is more or less a beta release at this stage, it has dawned to me that these kinds of silly mistakes probably can be avoided if there were some beta testers around and some sort of Quality Assurance procedure before every official release. At the moment the only one doing this is me, on two different systems plus the occasional system I happen to get my hands on, and in a few virtual machines (QEMU and VMWare). Clearly this is not good practice.

· Would you like to be a beta tester for upcoming releases? If so, please send me an email (see the Contact section for how to do that). Right now I'm in particular interested in a few users of Microsoft Windows so that the above feature can be tested. I don't have access to a Microsoft Windows install myself and barely any one I know use it (great, isn't it!) so I cannot test this myself reliably.

· Sorry for the inconvenience.