Validating your Tails OS

The largest vulnerability of Tails is that it generally comes from a single source (i.e. the Tails webpage).

While Bittorrent can be used to download the main ISO, state-level actors can replace the BitTorrent link and spoof the ISO download on the website. If the site was hacked, it’s up to the community to figure out if the BitTorrent link/download is accurate and somehow warn you. It is unlikely this will happen to you, but doing your own verification of the ISO is generally a good idea.

State-level actors could certainly intervene on the connection, and replace out the file or link altogether, but it becomes more and more complicated to actually verify the download if a man-in-the-middle attack was activated on you. At that point, you literally have to rely on the developers of Tails or the Tor/Tails community directly to help verify your ISO.

However, my main concern is not state-level actors, but on smaller hackers or spoofers trying to steal your funds or break things.

While state level actors will always be a concern in the new internet we would all like to see, you can run some basic verification of the Tails OS by following these instructions (for Linux):

This is why you should always verify your Tails OS download:

results matching ""

    No results matching ""