Tails

Portable operating system that leaves no trace. Runs from USB, routes everything through Tor.

Open source

Strong

https://tails.net · Reviewed 2026-04-02 · Editorial assessment by Mike Schneider — based on public security research and audits

What should journalists know about Tails?

Tails is the nuclear option for journalist security — a full operating system that forgets everything when you shut down. Laura Poitras, Glenn Greenwald, and Barton Gellman all used it to communicate with Edward Snowden. Tails 7.x, now based on Debian 13 and maintained by the Tor Project after the September 2024 merger, boots 10-15 seconds faster than previous versions and auto-detects Tor bridges by region. Overkill for most reporting. Essential for some. Requires real operational security knowledge — Tails protects the endpoint, not the user. The FBI deanonymized a Tails user in 2017 by exploiting a malicious video file opened over home Wi-Fi. The tool is only as good as the tradecraft behind it.

Best for

Highest-risk reporting. Working on a story where your computer could be seized or inspected. Using shared or untrusted computers. Communicating via SecureDrop in hostile environments.

Not for

Daily work (boot from USB each time, 3 GB RAM minimum since Tails 7.0). Beginners without security training. Tasks requiring specialized software. Mac users — Apple hardware support is very limited.

Security & Privacy

Encryption in transit Yes

Data is scrambled while being sent to their servers

Encryption at rest Yes

Data is scrambled when stored on their servers

Data jurisdiction Amnesic — data wiped on shutdown unless explicitly saved to encrypted persistent storage. Persistent storage uses LUKS2 with Argon2id key derivation, audited clean by Radically Open Security in late 2024.

Where servers are located — affects which governments can request your data

Security rating Strong

Tails retains nothing by design. The entire operating system runs in RAM and is erased on shutdown, with kernel-level freed memory poisoning to resist cold boot attacks. Optional encrypted persistent storage for files you choose to keep. All internet traffic routes through Tor automatically. Video memory is not wiped — an open limitation.

How to protect yourself:

Practice booting and using Tails before you need it under pressure. Verify the USB image before first use. Configure persistent storage only for what you absolutely need. Never log into personal accounts (Google, Facebook, email) — this immediately ties your Tor exit node to your identity. Understand cold boot limits: software-based RAM wipe fails if power is cut abruptly. Combine with good source communication practices. If you remove the USB during runtime, Tails triggers emergency memory erasure, bypassing normal shutdown.

The strongest endpoint security option available for journalists. Amnesic design eliminates forensic evidence by default. Kernel-level memory poisoning resists cold boot attacks. Tor routing for all traffic. LUKS2/Argon2id persistent storage passed a 2024 audit clean. Open-source, regularly audited, maintained by the Tor Project since September 2024. Tails 7.6 (March 2026) adds automatic Tor bridge detection. Compared to alternatives: Whonix offers similar Tor routing but runs in a VM (not amnesic, not portable); Qubes OS provides stronger VM isolation but requires dedicated hardware and is far more complex. Tails dominates the portable, leave-no-trace use case that field journalists actually need.

Who Owns This

Owner The Tor Project (merged with Tails on September 26, 2024)

Funding Grants and donations via the Tor Project. Tor's 2024 budget was $7.3M, with 35% from U.S. government sources. Other funders: Ford Foundation, Open Society Foundations, Heising-Simons Foundation, Zcash Foundation, Mozilla, NLnet. Donation infrastructure merged in 2025.

Business model Nonprofit. No monetization. Tails merged into the Tor Project because it outgrew its own structure — fundraising, HR, and operations were unsustainable for the small team. The merger lets developers focus on code while Tor handles organizational overhead.

Known issues

Microsoft's August 2024 Secure Boot update (KB5041585) broke Tails on UEFI hardware by enforcing SBAT level 5, effectively banning Linux distributions using shim 15.7 or older. Microsoft patched the fallout in May 2025 (KB5058385), but the incident exposed a real fragility: a single Windows update can brick your Tails USB on shared hardware. Mac support remains very limited — Apple does not cooperate with free software projects, and newer Apple Silicon Macs are unsupported. A Radically Open Security audit in late 2024 found four vulnerabilities in Tails 6.10: a high-impact privilege escalation in the Upgrader, arbitrary code execution in Python scripts, argument injection in GNOME scripts, and a lower-risk Tor Browser launcher issue. All required prior compromise of the default user. All were patched in Tails 6.11 (January 2025) before the audit report went public in May 2025. No remote code execution was found. Video memory cannot be wiped on shutdown — an open issue since 2022. Cold boot protections fail if power is cut suddenly. The 2017 FBI deanonymization case (via a malicious video file served to a Tails user on home Wi-Fi) demonstrates that Tails does not protect against targeted exploits delivered through application-layer content.

Pricing

Free

This is an editorial assessment based on publicly available information as of 2026-04-02, using our published methodology. Independent security review is pending. Security posture can change at any time. This is not a guarantee of safety.

Something wrong or outdated? Report it.