Tails Changelog

New in version 1.3.2

March 31st, 2015
  • The Florence virtual keyboard can now be used with touchpads again.
  • Tails Installer does not list devices that are too small to be supported.

New in version 1.3.1 (March 23rd, 2015)

  • Tails has transitioned to a new OpenPGP signing key.
  • Tor Launcher 0.2.7.2 improves usability of Internet connections that are censored, filtered, or proxied.

New in version 1.3 (February 25th, 2015)

  • New features:
  • Electrum is an easy to use bitcoin wallet. You can use the Bitcoin Client persistence feature to store your Electrum configuration and wallet.
  • The Tor Browser has additional operating system and data security. This security restricts reads and writes to a limited number of folders. Learn how to manipulate files with the new Tor Browser.
  • The obfs4 pluggable transport is now available to connect to Tor bridges. Pluggable transports transform the Tor traffic between the client and the bridge to help disguise Tor traffic from censors.
  • Keyringer lets you manage and share secrets using OpenPGP and Git from the command line.
  • Upgrades and changes:
  • The Mac and Linux manual installation processes no longer require the isohybrid command. Removing the isohybrid command simplifies the installation.
  • The tap-to-click and two-finger scrolling trackpad settings are now enabled by default. This should be more intuitive for Mac users.
  • The Ibus Vietnamese input method is now supported.
  • Improved support for OpenPGP smartcards through the installation of GnuPG 2.

New in version 1.3 RC1 (February 13th, 2015)

  • Major new features:
  • Distribute a hybrid ISO image again: no need for anyone to manually run isohybrid anymore! (ticket #8510)
  • Confine the Tor Browser using AppArmor to protect against some types of attack. Learn more about how this will affect your usage of Tails. (ticket #5525)
  • Install the Electrum bitcoin client, and allow users to persist their wallet. (ticket #6739)
  • Minor improvements:
  • Support obfs4 Tor bridges (ticket #7980)
  • Touchpad: enable tap-to-click, 2-fingers scrolling, and disable while typing. (ticket #7779)
  • Support Vietnamese input in IBus. (ticket #7999)
  • Improve support for OpenPGP smartcards. (ticket #6241)

New in version 1.2.3 (January 15th, 2015)

  • Security fixes:
  • Upgrade to Linux 3.16.7-ckt2-1.
  • Upgrade to Tor Browser 4.0.3 (based on Firefox 31.4.0esr) (ticket #8700).
  • Improve MAC spoofing fail-safe mechanisms, which includes preventing one more way the MAC address could be leaked. (ticket #8571).
  • Disable upgrade checking in the Unsafe Browser. Until now the Unsafe Browser has checked for upgrades of the Tor Browser in the clear (ticket #8694).
  • Bugfixes:
  • Fix startup of the Unsafe Browser in some locales (ticket #8693).
  • Repair the desktop screenshot feature (ticket #8087).
  • Do not suspend to RAM when closing the lid on battery power (ticket #8071).
  • Properly update the Tails Installer's status when plugging in a USB drive after it has started (ticket #8353).

New in version 1.1.1 (September 2nd, 2014)

  • Security fixes:
  • Upgrade the web browser to 24.8.0esr-0+tails1~bpo70+1 (Firefox 24.8.0esr + Iceweasel patches + Torbrowser patches).
  • Add an I2P boot parameter. Without adding "i2p" to the kernel command line, I2P will not be accessible for the Live user. I2P was also upgraded to 0.9.14.1-1~deb7u+1, and stricter firewall rules are applied to it, among other security enhancements.
  • Upgrade Tor to 0.2.4.23-2~d70.wheezy+1 (fixes CVE-2014-5117).
  • Upgrade Linux to 3.14.15-2 (fixes CVE-2014-3534, CVE-2014-4667 and CVE-2014-4943).
  • Prevent dhclient from sending the hostname over the network (ticket #7688).
  • Override the hostname provided by the DHCP server (ticket #7769).
  • Bugfixes:
  • Don't ship OpenJDK 6: I2P prefers v7, and we don't need both (ticket #7807).
  • Prevent Tails Installer from updating the system partition properties on MBR partitions (ticket #7716).
  • Minor improvements:
  • Upgrade to Torbutton 1.6.12.1.
  • Install gnome-user-guide (ticket #7618).
  • Install cups-pk-helper (ticket #7636).
  • Update the SquashFS sort file, which should speed up boot from DVD (ticket #6372).
  • Compress the SquashFS more aggressively (ticket #7706) which should make the Tails ISO image smaller.

New in version 1.1 (July 23rd, 2014)

  • Rebase on Debian Wheezy
  • Upgrade literally thousands of packages.
  • Migrate to GNOME3 fallback mode.
  • Install LibreOffice instead of OpenOffice.
  • Major new features
  • UEFI boot support, which should make Tails boot on modern hardware and Mac computers.
  • Replace the Windows XP camouflage with a Windows 8 camouflage.
  • Bring back VirtualBox guest modules, installed from Wheezy backports. Full functionality is only available when using the 32-bit kernel.
  • Security fixes
  • Fix write access to boot medium via udisks (ticket #6172).
  • Upgrade the web browser to 24.7.0esr-0+tails1~bpo70+1 (Firefox 24.7.0esr + Iceweasel patches + Torbrowser patches).
  • Upgrade to Linux 3.14.12-1 (fixes CVE-2014-4699).
  • Make persistent file permissions safer (ticket #7443).
  • Bugfixes
  • Fix quick search in Tails Greeter's Other languages window (Closes: ticket #5387)
  • Minor improvements
  • Don't install Gobby 0.4 anymore. Gobby 0.5 has been available in Debian since Squeeze, now is a good time to drop the obsolete 0.4 implementation.
  • Require a bit less free memory before checking for upgrades with Tails Upgrader. The general goal is to avoid displaying "Not enough memory available to check for upgrades" too often due to over-cautious memory requirements checked in the wrapper.
  • Whisperback now sanitizes attached logs better with respect to DMI data, IPv6 addresses, and serial numbers (ticket #6797, ticket #6798, ticket #6804).
  • Install the BookletImposer PDF imposition toolkit.

New in version 1.1 RC1 (July 15th, 2014)

  • Security fixes:
  • Don't allow the desktop user to pass arguments to tails-upgrade-frontend (ticket #7410).
  • Make persistent file permissions safer (ticket #7443).
  • Set strict permissions on /home/amnesia (ticket #7463).
  • Disable FoxyProxy's proxy:// protocol handler (ticket #7479).
  • Bug fixes:
  • Use pinentry as the GnuPG agent, as we do on Squeeze (ticket #7330). This is needed to support OpenPGP smartcards.
  • Cleanup some packages that were installed by mistake.
  • Fix emergency shutdown when removing the boot device before login (ticket #7333).
  • Resume support of persistent volumes created with Tails 1.0.1 and earlier (ticket #7343).
  • Revert back to browsing the offline documentation using Iceweasel instead of Yelp (ticket #7390, ticket #7285).
  • Automatically transition NetworkManager persistence setting when upgrading from Squeeze to Wheezy (ticket #7338). Note: the data is not migrated.
  • Fix the Unsafe Web Browser startup in Windows camouflage mode (ticket #7329).
  • Make it possible to close error messages displayed by the persistent volume assistant (ticket #7119).
  • Fix some file associations, with a backport of shared-mime-info 1.3 (ticket #7079).
  • Minor improvements:
  • Various improvements to the Windows 8 camouflage.
  • Fix "Upgrade from ISO" functionality when run from a Tails system that ships a different version of syslinux than the one in the ISO (ticket #7345).
  • Ensure that the MBR matches the syslinux version used by the Tails release it is supposed to boot.
  • Help Universal USB Installer support Tails again, by include syslinux.exe for Windows in the ISO filesystem (ticket #7425).
  • Improve the Tails Installer user interface a bit.
  • Enable double-clicking to pick entries in the language or keyboard layout lists in Tails Greeter.

New in version 1.1 Beta 1 (May 30th, 2014)

  • Rebase on Debian 7 (Wheezy):
  • Upgrade literally thousands of packages.
  • Install LibreOffice instead of OpenOffice.
  • Fix write access to boot medium via udisks (ticket #6172).
  • Security fixes:
  • Upgrade Tor to 0.2.4.22.
  • Major new features:
  • Replace the Windows XP camouflage with an experimental Windows 8 one.
  • UEFI boot support. This allows you to boot Tails from USB sticks on recent hardware, and especially on Mac. It enables you to use great features such as persistence and ?automatic upgrades. If you experience problems, please have a look at the known issues for UEFI support.
  • Install Linux 3.14 from Debian unstable for improved hardware support.
  • Improve integration when run inside VirtualBox. This enables, for instance, more screen resolutions, host-guest file and clipboard sharing. Unfortunately, full functionality is only available when using the 32-bit kernel.
  • Minor improvements:
  • Install seahorse-nautilus, replacing seahorse-plugins (Closes ticket #5516).
  • Install the BookletImposer PDF imposition toolkit.
  • Install GtkHash and its Nautilus interface (Closes ticket #6763).
  • Install the hledger accounting program.
  • Tails Greeter's help window now adapts to the screen resolution.
  • Whisperback now sanitizes attached logs better with respect to DMI data, IPv6 addresses, and serial numbers (Closes ticket #6797, ticket #6798, ticket #6804).
  • Integrate the new logo in Tails Installer (Closes ticket #7095)

New in version 1.0 (April 29th, 2014)

  • Security fixes:
  • Upgrade the web browser to 24.5.0esr-0+tails1~bpo60+1 (Firefox 24.5.0esr + Iceweasel patches + Torbrowser patches).
  • Upgrade Tor to 0.2.4.21-1+tails1~d60.squeeze+1:
  • Based on 0.2.4.21-1~d60.squeeze+1.
  • Backport the fix for bug #11464 on Tor Project's Trac. It adds client-side blacklists for all Tor directory authority keys that was vulnerable to Heartbleed. This protects clients in case attackers were able to compromise a majority of the authority signing and identity keys.
  • Bugfixes:
  • Disable inbound I2P connections. Tails already restricts incoming connections, but this change tells I2P about it.
  • Fix link to the system requirements documentation page in the Tails Upgrader error shown when too little RAM is available.
  • Minor improvements:
  • Upgrade I2P to 0.9.12-2~deb6u+1.
  • Import TorBrowser profile. This was forgotten in Tails 0.23 and even though we didn't explicitly set those preferences in that release they defaulted to the same values. This future-proofs us in case the defaults would ever change.
  • Import new custom version of Tor Launcher:
  • Based on upstream Tor Launcher 0.2.5.3.
  • Improve how Tor Launcher handles incomplete translation. (bug #11483 on Tor Project's Trac; more future-proof fix for ticket #6885)
  • Remove the bridge settings prompt. (bug #11482 on Tor Project's Trac; closes ticket #6934)
  • Always show bridge help button. (bug #11484 on Tor Project's Trac)
  • Integrate the new Tails logo into various places:
  • The website
  • The boot splash
  • The "About Tails" dialog

New in version 0.23 RC1 (March 8th, 2014)

  • Major improvements:
  • Spoof the network interfaces' MAC address by default (Closes: ticket #5421), as specified in our on design document .
  • Rework the way to configure how Tor connects to the network (bridges, proxies, restrictive firewalls): add an option to Tails Greeter, start Tor Launcher when needed (Closes: ticket #5920, ticket #5343).
  • Bugfixes:
  • Additional software: do not crash when persistence is disabled (Closes: ticket #6440).
  • Upgrade Pidgin to 2.10.9, that fixes some regressions introduced in the 2.10.8 security update (Closes: ticket #6661).
  • Wait for Tor to have fully bootstrapped, plus a bit more time, before checking for upgrades (Closes: ticket #6728) and unfixed known security issues.
  • Disable the Intel Management Engine Interface driver (Closes: ticket #6460). We don't need it in Tails, it might be dangerous, and it causes bugs on various hardware such as systems that reboot when asked to shut down.
  • Add a launcher for the Tails documentation. This makes it available in Windows Camouflage mode (Closes: ticket #5374, ticket #6767).
  • Remove the obsolete wikileaks.de account from Pidgin (Closes: ticket #6807).
  • Minor improvements:
  • Upgrade Tor to 0.2.4.21-1~d60.squeeze+1.
  • Upgrade obfsproxy to 0.2.6-2~~squeeze+1.
  • Upgrade I2P to 0.9.11-1deb6u1.
  • Install 64-bit kernel instead of the 686-pae one (Closes: ticket #5456). This is a necessary first step towards UEFI boot support.
  • Install Monkeysign (in a not-so-functional shape yet).
  • Disable the autologin text consoles (Closes: ticket #5588). This was one of the blockers before a screen saver can be installed in a meaningful way (ticket #5684).
  • Don't localize the text consoles anymore: it is broken on Wheezy, the intended users can as well use loadkeys, and we now do not have to trust setupcon to be safe for being run as root by the desktop user.
  • Make it possible to manually start IBus.
  • Reintroduce the possibility to switch identities in the Tor Browser, using a filtering proxy in front of the Tor ControlPort to avoid giving full control over Tor to the desktop user (Closes: ticket #6383).
  • Incremental upgrades improvements:
  • Drop the Tails Upgrader launcher, to limit users' confusion (Closes: ticket #6513).
  • Lock down sudo credentials a bit.
  • Hide debugging information (Closes: ticket #6505).
  • Include ~/.xsession-errors in WhisperBack bug reports. This captures the Tails Upgrader errors and debugging information.
  • Report more precisely why an incremental upgrade cannot be done (Closes: ticket #6575).
  • Various user interface and phrasing improvements.
  • Don't install the Cookie Monster browser extension (Closes: ticket #6790).
  • Add a browser bookmark pointing to Tor's Stack Exchange (Closes: ticket #6632).
  • Remove the preconfigured #tor channel from Pidgin: apparently, too many Tails users go ask Tails questions there, without making it clear that they are running Tails, hence creating a user-support nightmare (Closes: ticket #6679).
  • Use (most of) Tor Browser's mozconfig (Closes: ticket #6474).
  • Rebase the browser on top of iceweasel 24.3.0esr-1, to get the certificate authorities added by Debian back (Closes: ticket #6704).
  • Give access to the relevant documentation pages from Tails Greeter.
  • Hide Tails Greeter's password mismatch warning when entry is changed.
  • Persistent Volume Assistant:
  • Take into account our installer is now called Tails Installer.
  • Optimize window height (Closes: ticket #5458).
  • Display device paths in a more user-friendly way (Closes: ticket #5311).
  • Build system:
  • Ease updating POT and PO files at release time, and importing translations from Transifex (Closes: ticket #6288, ticket #6207).
  • Drop custom poedit backport, install it from squeeze-backports-sloppy.
  • Make ISO and IUK smaller (Closes: ticket #6390, ticket #6425):
  • Exclude more files from being included in the ISO.
  • Remove *.pyc later so that they are not recreated.
  • Truncate log files later so that they are not filled again.
  • At ISO build time, set mtime to the epoch for large files whose content generally does not change between releases. This forces rsync to compare the actual content of these files, when preparing an IUK, instead of blindly adding it to the IUK merely because the mtime has changed, while the content is the same.
  • Make local hooks logging consistent.
  • Test suite:
  • Migrate from JRuby to native Ruby + rjb.
  • The test suite can now be run on Debian Wheezy + backports.
  • Fix buggy "persistence is not enabled" step (Closes: ticket #5465).
  • Use IPv6 private address as of RFC 4193 for the test suite's virtual network. Otherwise dnsmasq from Wheezy complains, as it is not capable of handling public IPv6 addresses.
  • Delete volumes after each scenario unless tagged @keep_volumes.
  • Add an anti-test to make sure the memory erasure test works fine.
  • A *lot* of bugfixes, simplifications and robustness improvements.

New in version 0.22.1 (February 4th, 2014)

  • Security fixes:
  • Update NSS to 3.14.5-1~bpo60+1.
  • Major improvements:
  • Check for upgrades availability using Tails Upgrader, and propose to apply an incremental upgrade whenever possible.
  • Install Linux 3.12 (3.12.6-2).
  • Bugfixes:
  • Fix the keybindings problem introduced in 0.22.
  • Fix the Unsafe Browser problem introduced in 0.22.
  • Use IE's icon in Windows camouflage mode.
  • Handle some corner cases better in Tails Installer.
  • Minor improvements:
  • Update Tor Browser to 24.2.0esr-1+tails1.
  • Update Torbutton to 1.6.5.3.
  • Do not start Tor Browser automatically, but notify when Tor is ready.
  • Import latest Tor Browser prefs.
  • Many user interface improvements in Tails Upgrader.

New in version 0.22.1 RC1 (January 11th, 2014)

  • Security fixes:
  • Update NSS to 3.14.5-1~bpo60+1.
  • Major improvements:
  • Check for upgrades availability using Tails Upgrader, and propose to apply an incremental upgrade whenever possible.
  • Install Linux 3.12 (3.12.6-2).
  • Bugfixes:
  • Fix the keybindings problem introduced in 0.22.
  • Fix the Unsafe Browser problem introduced in 0.22.
  • Use IE's icon in Windows camouflage mode.
  • Handle some corner cases better in Tails Installer.
  • Minor improvements:
  • Update Tor Browser to 24.2.0esr-1+tails1.
  • Update Torbutton to 1.6.5.3.
  • Do not start Tor Browser automatically, but notify when Tor is ready.
  • Import latest Tor Browser prefs.
  • Many user interface improvements in Tails Upgrader.

New in version 0.22 (December 12th, 2013)

  • Security fixes:
  • Upgrade to Iceweasel 24.2.0esr that fixes a few serious security issues.
  • Stop migrating persistence configuration and access rights. Instead, disable all persistence configuration files if the mountpoint has wrong access rights.
  • Upgrade to NSS 3.15.3 that fixes a few serious security issues affecting the browser.
  • Major improvements:
  • Switch to Iceweasel 24.2.0esr and Torbutton 1.6.5.
  • Incremental upgrades are ready for beta-testing.
  • Bugfixes:
  • Fix Vidalia startup.
  • Disable DPMS screen blanking.
  • Fix checking of the persistent volume's ACL.
  • Sanitize more IP and MAC addresses in bug reports.
  • Do not fail USB upgrade when the "tmp" directory exists on the destination device.
  • Minor improvements:
  • Clearer warning when deleting the persistent volume.
  • Use IBus instead of SCIM.
  • Always list optimal keyboard layout in the greeter.
  • Fix on-the-fly translation of the greeter in various languages.
  • Update I2P to 0.9.8.1 and rework its configuration.

New in version 0.22 RC1 (December 2nd, 2013)

  • Security fixes:
  • Stop migrating persistence configuration and access rights. Instead, disable all persistence configuration files if the mountpoint has wrong access rights.
  • Upgrade to NSS 3.15.3 that fixes a few serious security issues affecting the browser.
  • Major improvements:
  • Switch to Iceweasel 24 and Torbutton 1.6.
  • Install Linux 3.11-2 (3.11.8-1).
  • Incremental upgrades are ready for beta-testing, stay tuned.
  • Bugfixes:
  • Fix Vidalia startup.
  • Disable DPMS screen blanking.
  • Fix checking of the persistent volume's ACL.
  • Sanitize more IP and MAC addresses in bug reports.
  • Do not fail USB upgrade when the "tmp" directory exists on the destination device.
  • Minor improvements:
  • Clearer warning when deleting persistent volume.
  • Use IBus instead of SCIM.
  • Always list optimal keyboard layout in the greeter.
  • Fix on-the-fly translation of the greeter in various languages.
  • Update I2P to 0.9.8.1 and rework its configuration.

New in version 0.21 (October 30th, 2013)

  • Security fixes:
  • Don't grant access to the Tor control port for the desktop user. Else, an attacker able to run arbitrary code as this user could obtain the public IP.
  • Don't allow the desktop user to directly change persistence settings. Else, an attacker able to run arbitrary code as this user could leverage this feature to gain persistent root access, as long as persistence is enabled.
  • Install Iceweasel 17.0.10esr with Torbrowser patches.
  • Patch Torbutton to make window resizing closer to what the design says.
  • New features:
  • Add a persistence preset for printing settings.
  • Support running Tails off more types of SD cards.
  • Minor improvements:
  • Add a KeePassX launcher to the top panel.
  • Improve the bug reporting workflow.
  • Prefer stronger ciphers when encrypting data with GnuPG.
  • Exclude the version string in GnuPG's ASCII armored output.
  • Use the same custom Startpage search URL than the TBB. This apparently disables the new broken "family" filter.
  • Provide a consistent path to the persistent volume mountpoint.
  • Localization:
  • Many translation updates all over the place.

New in version 0.21 RC1 (October 21st, 2013)

  • Security fixes:
  • Don't grant access to the Tor control port for the desktop user. Else, an attacker able to run arbitrary code as this user could obtain the public IP with a get_info command.
  • Don't allow the desktop user to directly change persistence settings. Else, an attacker able to run arbitrary code as this user could leverage this feature to gain persistent root access, as long as persistence is enabled.
  • New features:
  • Add a persistence preset for printing settings.
  • Support SD card connected through a SDIO host adapter.
  • Minor improvements:
  • Add a KeePassX launcher to the top GNOME panel.
  • Exclude the version string in GnuPG's ASCII armored output.
  • Prefer stronger ciphers (AES256,AES192,AES,CAST5) when encrypting data with GnuPG.
  • Use the same custom Startpage search URL than the TBB. This apparently disables the new broken "family" filter.

New in version 0.20 (August 9th, 2013)

  • New features:
  • Install Linux kernel 3.10.3-1 from Debian unstable.
  • Iceweasel 17.0.8esr + Torbrowser patches.
  • Bugfixes:
  • Prevent Iceweasel from displaying a warning when leaving HTTPS web sites.
  • Make Iceweasel use the correct, localized search engine.
  • Fix Git access to https:// repositories.
  • Minor improvements:
  • Install Dasher, a predictive text entry tool.
  • Add a wrapper around TrueCrypt which displays a warning about it soon being deprecated in Tails.
  • Remove Pidgin libraries for all protocols but IRC and Jabber/XMPP. Many of the other protocols Pidgin support are broken in Tails and haven't got any security auditting.
  • Disable the pre-defined Pidgin accounts so they do not auto-connect on Pidgin start.
  • Include information about Alsa in WhisperBack reports.
  • Explicitly restrict access to ptrace. While this setting was enabled by default in Debian's Linux 3.9.6-1, it will later disabled in 3.9.7-1. It's unclear what will happen next, so let's explicitly enable it ourselves.
  • Do not display dialog when a message is sent in Claws Mail.
  • Sync iceweasel preferences with the Torbrowser's.
  • Localization:
  • Many translation updates all over the place.
  • Merge all Tails-related POT files into one, and make use of intltoolize for better integration with Transifex.

New in version 0.19 (June 27th, 2013)

  • New features:
  • Linux 3.9.5-1.
  • Iceweasel 17.0.7esr + Torbrowser patches.
  • Unblock Bluetooth, Wi-Fi, WWAN and WiMAX; block every other type of wireless device.
  • Bugfixes:
  • Fix write access to boot medium at the block device level.
  • tails-greeter l10n-related fixes.
  • gpgApplet: partial fix for clipboard emptying after a wrong passphrase was entered.
  • Minor improvements:
  • Drop GNOME proxy settings.
  • Format newly created persistent volumes as ext4.
  • GnuPG: don't connect to the keyserver specified by the key owner.
  • GnuPG: locate keys only from local keyrings.
  • Upgrade live-boot and live-config to the 3.0.x final version from Wheezy.
  • Localization: many translation updates all over the place.
  • Test suite:
  • Re-enable previously disabled boot device permissions test.

New in version 0.18 (May 19th, 2013)

  • New features:
  • Support obfs3 bridges.
  • Automatically install a custom list of additional packages chosen by the user at the beginning of every working session, and upgrade them once a network connection is established (technology preview).
  • Iceweasel:
  • Upgrade to Iceweasel 17.0.5esr-0+tails2~bpo60+1.
  • Update Torbrowser patches to current maint-2.4 branch (567682b).
  • Torbutton 1.5.2, and various prefs hacks to fix breakage.
  • HTTPS Everywhere 3.2
  • NoScript 2.6.6.1-1
  • Isolate DOM storage to first party URI, and enable DOM storage.
  • Isolate the image cache per url bar domain.
  • Update prefs to match the TBB's, fix bugs, and take advantage of the latest Torbrowser patches.
  • Make prefs organization closer to the TBB's, and generally clean them up.
  • Bugfixes:
  • Linux 3.2.41-2+deb7u2.
  • All Iceweasel prefs we set are now applied.
  • Bring back support for proxies of type other than obfsproxy.
  • Minor improvements:
  • Set kernel.dmesg_restrict=1, and make /proc// invisible and restricted for other users. It makes it slightly harder for an attacker to gather information that may allow them to escalate privileges.
  • Install gnome-screenshot.
  • Add a About Tails launcher in the System menu.
  • Install GNOME accessibility themes.
  • Use Getting started... as the homepage for the Tails documentation button.
  • Disable audio preview in Nautilus.
  • Localization: many translation updates all over the place.

New in version 0.17.2 (April 10th, 2013)

  • Iceweasel:
  • Upgrade to Iceweasel 17.0.5esr-0+tails2~bpo60+1.
  • Stop displaying obsolete context menu entries ("Open Tor URL" and friends).
  • Hardware support:
  • Update Linux to 3.2.41-2.
  • Temporarily drop the Rendition display driver.
  • Bugfixes:
  • Use more reliable OpenPGP keyservers.
  • Keep udisks users (GNOME Disk Utility, tails-persistence-setup, etc.) from resetting the system partition's attributes when manipulating the partition table.
  • Minor improvements:
  • Disable NoScript's HTML5 media click-to-play for better user experience.
  • Localization:
  • Many updated and new translations all over the place.

New in version 0.17.1 (March 25th, 2013)

  • Iceweasel:
  • Upgrade to Iceweasel 17.0.4esr-0+tails1~bpo60+1.
  • Hardware support:
  • Update Linux to 3.2.39-2, that It includes better support for graphics adapter, backported from Linux 3.4.29.
  • Temporarily drop the Rendition display driver.
  • Bugfixes:
  • Remove Indymedia IRC account, until we ship a version of Pidgin with SASL support.

New in version 0.17 (February 26th, 2013)

  • New features:
  • Install the KeePassX password manager, with a configuration and documentation that makes it easy to persist the password database.
  • Iceweasel:
  • Upgrade to Iceweasel 17.0.3esr-1+tails1~bpo60+1.
  • Do not allow listing all available fonts.
  • Improve default spellchecker dictionary selection.
  • Disable the add-ons automatic update feature.
  • Remove NoScript click-to-play confirmation.
  • Sync some prefs set by Torbutton, to be ready when it stops setting these.
  • Disable navigation timing.
  • Disable SPDY.
  • More aggressive iceweasel HTTP pipelining settings.
  • Enable WebGL (as click-to-play only).
  • Disable network.http.connection-retry-timeout.
  • Disable full path information for plugins.
  • Remove NoScript blocks of WebFonts.
  • Minor improvements:
  • Upgrade to live-boot 3.0~b11-1 and live-config 3.0.12-1.
  • Don't add "quiet" to the kernel command-line ourselves.
  • Upgrade I2P to 0.9.4.
  • Bugfixes:
  • Many bugfixes brought by the Debian Squeeze 6.0.7 point-release.
  • Use the regular GnuPG agent + pinentry-gtk2 instead of Seahorse as a GnuPG agent. This fixes usage of OpenPGP in Claws Mail, and brings support for OpenPGP smartcards.
  • Enable I2P hidden mode. Else, killing I2P ungracefully is bad for the I2P network.
  • Add shutdown and reboot launchers to the menu. This workarounds the lack of a shutdown helper applet in camouflage mode.
  • Remove Pidgin's MXit and Sametime support to workaround security flaws.
  • Hardware support:
  • Install recent Intel and AMD microcode.
  • Install firmware loader for Qualcomm Gobi USB chipsets.
  • Upgrade barry to 0.18.3-5~bpo60+1.
  • Localization:
  • Tails USB Installer: update translations for Arabic, Czech, German, Hebrew, Polish and Spanish.
  • tails-greeter: update Spanish and French translations, new Polish translation.
  • tails-persistence-setup: update translations for Arabic, Bulgarian, Spanish, French, Dutch, Polish and Chinese.
  • WhisperBack: update Spanish and Korean translations, import new Polish translation.

New in version 0.16 (January 12th, 2013)

  • Minor improvements:
  • Replace the too-easy-to-misclick shutdown button with a better "Shutdown Helper" applet.
  • Display ~/Persistent in GNOME Places and Gtk file chooser.
  • Install dictionaries for a few languages.
  • Set Unsafe Browser's window title to "Unsafe Browser".
  • Install ekeyd to support the EntropyKey.
  • Install font for Sinhala script.
  • Update Poedit to 1.5.4.
  • Expose Vidalia's "broken onion" icon less.
  • Hide the persistence setup launchers in kiosk mode.
  • Bugfixes:
  • Disable IPv6 on all network interfaces. This is a workaround for the IPv6 link-local multicast leak that was recently discovered.
  • Tails may previously have been able to list GPT partitions labelled "TailsData" on hard drives (!) as valid persistence volumes... this is now fixed.
  • Fix SCIM in the autostarted web browser.
  • Talk of DVD, not of CD, in the shutdown messages.
  • Make tordate work in bridge mode with an incorrect clock.
  • Iceweasel:
  • Update iceweasel to 10.0.12esr-1+tails1.
  • Set the homepage to the news section on the Tails website.
  • Hide the iceweasel add-on bar by default.
  • Don't hide the AdBlock-Plus button in the add-on bar anymore.
  • Don't install xul-ext-monkeysphere anymore.
  • Localization:
  • tails-greeter: add German translation, update Portuguese (Brasil) and Russian ones.
  • tails-persistence-setup: update French, German and Italian translations.

New in version 0.15 (November 29th, 2012)

  • Tor:
  • Upgrade to 0.2.3.25
  • Major new features:
  • Persistence for browser bookmarks.
  • Support for obfsproxy bridges.
  • Minor improvements:
  • Add the Hangul (Korean) Input Method Engine for SCIM.
  • Preliminary support for some OpenPGP SmartCard readers.
  • Support printers that need HPIJS PPD and/or the IJS driver.
  • Optimize fonts display for LCD.
  • Update TrueCrypt to version 7.1a.
  • Bugfixes:
  • Fix gpgApplet menu display in Windows camouflage mode.
  • Fix Tor reaching an inactive state if it's restarted in "bridge mode", e.g. during the time sync' process.
  • Iceweasel:
  • Update iceweasel to 10.0.11esr-1+tails1.
  • Update HTTPS Everywhere to version 3.0.4.
  • Update NoScript to version 2.6.
  • Fix bookmark to I2P router console.
  • Localization:
  • The Tails USB installer, tails-persistence-setup and tails-greeter are now translated into Bulgarian.
  • Update Chinese translation for tails-greeter.
  • Update Euskadi translation for WhisperBack.

New in version 0.12 (June 18th, 2012)

  • The Unsafe Web Browser, which has direct access to the Internet and can be used to login to captive portals usually found at libraries, Internet cafes and when using other publicly available Internet connections.
  • Windows camouflage can now be enabled via a check box in Tails Greeter. Tails' user interface is unfamiliar to most, which may attract unwanted attention when used in public places. This option makes Tails look more like Microsoft Windows XP in order to raise less suspicion.
  • Tor:
  • Upgrade to 0.2.2.37-1~~squeeze+1.
  • iceweasel:
  • Upgrade iceweasel to 10.0.5esr-1 (Extended Support Release).
  • Add a bookmark for the offline Tails documentation.
  • Internationalization:
  • The Tails website and documentation now has a (partial) Portuguese translation.
  • Hardware support:
  • Upgrade Linux to 3.2.20-1 (linux-image-3.2.0-2-amd64).
  • Software:
  • Do not install cryptkeeper anymore. See remove cryptkeeper for reason. Users of cryptkeeper are encouraged to migrate built-in persistence with the following one-time migration procedure:
  • set an administration password when booting Tails
  • temporarily install cryptkeeper via sudo apt-get update; sudo apt-get install --yes cryptkeeper
  • open your cryptkeeper (EncFS] volume and move its contents to the Persistence folder provided by Tails' built-in persistence
  • Install mousetweaks. This is needed to use the mouse accessibility settings in System -> Preferences -> Mouse -> Accessibility.
  • Upgrade I2P to version 0.9.
  • Don't install GParted. GNOME Disk Utility has been on par with GParted since Squeeze was released.
  • Upgrade MAT, the metadata anonymisation toolkit, 0.3.2-1~bpo60+1.
  • Miscellaneous:
  • Set Tails specific syslinux and plymouth themes.

New in version 0.10.1 (February 2nd, 2012)

  • Iceweasel:
  • Make Startpage the default web search engine. Scroogle does not look reliable enough these days.
  • Software:
  • Upgrade WhisperBack to 1.5.1 (update link to bug reporting documentation).
  • Update MAT to 0.2.2-2~bpo60+1 (fixes a critical bug in the GUI).
  • Hardware support:
  • Upgrade Linux kernel to 3.2.1-2
  • Time synchronization Serious rework that should fix most, if not all, of the infamous time-sync' related bugs some Tails users have experienced recently.
  • Make htpdate more resilient by using three server pools, and allowing some failure ratio.
  • Set time from Tor's unverified-consensus if needed.
  • Set time to middle of [valid-after, fresh-until] from consensus.
  • Many robustness, performance and fingerprinting-resistance improvements.
  • Display time-sync' notification much earlier.
  • Miscellaneous:
  • Fix access to "dumb" git:// protocol by using a connect-socks wrapper as GIT_PROXY_COMMAND.
  • SSH client: fix access to SSH servers on the Internet by correcting Host / ProxyCommand usage.
  • Pidgin: use OFTC hidden service to workaround Tor blocking.
  • Claws Mail: disable draft autosaving. When composing PGP encrypted email, drafts are saved back to the server in plaintext. This includes both autosaved and manually saved drafts.
  • tails-security-check-wrapper: avoid eating all memory when offline.

New in version 0.10 (January 6th, 2012)

  • Tor: upgrade to 0.2.2.35-1.
  • Iceweasel
  • Install Iceweasel 9.0 from the Debian Mozilla team's APT repository.
  • Update Torbutton to 1.4.5.1-1.
  • Support viewing any YouTube video that is available in HTML5 format.
  • Use Scroogle (any languages) instead of Scroogle (English only) when booted in English. Many users choose English because their own language is not supported yet; let's not hide them search results in their own language.
  • Install the NoScript Firefox extension; configure it the same way as the TBB does.
  • Disable third-party cookies. They can be used to track users, which is bad. Besides, this is what TBB has been doing for years.
  • Do not transparently proxy outgoing Internet connections through Tor. Instead drop all non-Torified Internet traffic. Hence applications has to be explicitly configured to use Tor in order to reach the Internet from now on.
  • Software
  • Upgrade Vidalia to 0.2.15-1+tails1. This version will not warn about new Tor versions (this is handled by Tails security check instead).
  • Upgrade MAT to 0.2.2-1~bpo60+1.
  • Upgrade VirtualBox guest software to 4.1.6-dfsg-2~bpo60+1, built against the ABI of X.Org backports.
  • Upgrade I2P to 0.8.11; the start script (which was broken in Tails 0.9) is now fixed.
  • Install unar (The Unarchiver) instead of the non-free unrar.
  • Install Nautilus Wipe instead of custom Nautilus scripts.
  • Hardware support
  • Upgrade Linux kernel to 3.1.6-1.
  • Upgrade to X.Org from squeeze-backports.
  • Install more, and more recent b43 firmwares.
  • Upgrade barry to 0.15-1.2~bpo60+1.
  • Internationalization
  • Add basic language support for Russian, Farsi and Vietnamese.
  • Install some Indic fonts.
  • Install some Russian fonts.
  • Add Alt+Shift shortcut to switch keyboard layout.
  • Miscellaneous
  • Support booting in "Windows XP-like camouflage mode".
  • Do not fetch APT translation files. Running apt-get update is heavy enough.
  • Add MSN support thanks to msn-pecan.
  • Add custom SSH client configuration:
  • Prefer strong ciphers and MACs.
  • Enable maximum compression level.
  • Explicitly disable X11 forwarding.
  • Connect as root by default, to prevent fingerprinting when username was not specified.
  • Replace flawed FireGPG with a home-made GnuPG encryption applet; install a feature-stripped FireGPG that redirects users to the documentation, and don't run Seahorse applet anymore.
  • Blank screen when lid is closed, rather than shutting down the system. The shutdown "feature" has caused data losses for too many people, it seems. There are many other ways a Tails system can be shut down in a hurry these days.
  • Fix bug in the Pidgin nick generation that resulted in the nick "XXX_NICK_XXX" once out of twenty.
  • Pre-configure the #tor IRC discussion channel in Pidgin.
  • Reintroduce the htpdate notification, telling users when it's safe to use Tor Hidden Services.
  • Various htpdate improvements.

New in version 0.9 (November 17th, 2011)

  • Tor:
  • Upgrade to 0.2.2.34. This fixes CVE-2011-2768 and CVE-2011-2769 which prompted for manual updates for users of Tails 0.8.1.
  • Suppress Tor's warning about applications doing their own DNS lookups. Some users have reported concerns about these warnings, but it should be noted that they are completely harmless inside Tails as its system DNS resolver is Torified.
  • Linux 3.0.0-6, which fixed a great number of bugs and security issues.
  • Iceweasel:
  • Upgrade to 3.5.16-11 ((fixes CVE-2011-3647, CVE-2011-3648, CVE-2011-3650).
  • Torbutton: upgrade to 1.4.4.1-1, including support for the in-browser "New identity" feature.
  • FireGPG: upgrade to 0.8-1+tails2. Users are notified that the FireGPG Text Editor is the only safe place for performing cryptographic operations, and these operations has been disabled in other places. Performing them outside of the editor opens up several severe attacks through JavaScript (e.g. leaking plaintext when decrypting, signing messages written by the attacker).
  • Replace CS Lite with Cookie Monster for cookie management. Cookie Monster has an arguably nicer interface, is being actively maintained and is packaged in Debian.
  • Software:
  • Install MAT, the Metadata Anonymisation Toolkit. Its goal is to remove file metadata which otherwise could leak information about you in the documents and media files you publish. This is the result of a Tails developer's suggestion for GSoC 2011, although it ended up being mentored by The Tor Project.
  • Upgrade WhisperBack to 1.5~rc1. Users are guided how to send their bug reports through alternative channels upon errors sending them. This will make bug reporting easier when there's no network connection available.
  • Upgrade TrueCrypt to 7.1.
  • Miscellaneous:
  • The date and time setting system was completely reworked. This should prevent time syncing issues that may prevent Tor from working properly, which some users have reported. The new system will not leave a fingerprintable network signature, like the old system did. Previously that signature could be used to identify who is using Tails (but not deanonymize them).
  • Erase memory at shutdown: run many instances of the memory wiper. Due to architectural limitations of i386 a process cannot access all memory at the same time, and hence a single memory wipe instance cannot clear all memory.
  • Saner keyboard layouts for Arabic and Russian.
  • Use Plymouth text-only splash screen at boot time.

New in version 2008.1-r1 (October 6th, 2008)

  • It has been reported that one of the advertised features of Incognito doesn't work in the 2008.1 release, the possibility to run Incognito in Microsoft Windows through the QEMU installation it ships with. The problem was a single backslash () in a script that the new QEMU version (0.9.1) didn't like, but which the previous version (0.9) didn't mind.
  • Because of this I'm releasing Incognito 2008.1 revision 1, which fixes this issue (plus a few unimportant cosmetic changes that no one really should notice or care about). Those of you that have already downloaded 2008.1 but don't use this feature do not need to download 2008.1-r1.
  • While every Incognito release is more or less a beta release at this stage, it has dawned to me that these kinds of silly mistakes probably can be avoided if there were some beta testers around and some sort of Quality Assurance procedure before every official release. At the moment the only one doing this is me, on two different systems plus the occasional system I happen to get my hands on, and in a few virtual machines (QEMU and VMWare). Clearly this is not good practice.
  • Would you like to be a beta tester for upcoming releases? If so, please send me an email (see the Contact section for how to do that). Right now I'm in particular interested in a few users of Microsoft Windows so that the above feature can be tested. I don't have access to a Microsoft Windows install myself and barely any one I know use it (great, isn't it!) so I cannot test this myself reliably.
  • Sorry for the inconvenience.