TAILS OS and Secure Communications
Learning Objectives
- Explain what TAILS OS is and why it exists
- Boot TAILS from a USB drive and verify signatures
- Combine air-gapped mesh communication with TAILS
- Configure persistent encrypted storage
- Use Kleopatra for GPG key management in TAILS
- Make informed decisions about operational security trade-offs
Part 1: TAILS Introduction (30 min)
TAILS (The Amnesic Incognito Live System) is a portable OS that routes all traffic through Tor and leaves no trace on the host computer.
Download: tails.net/install
Part 2: Hands-On Boot and Setup (45 min)
- Boot from USB (BIOS: F12/F2 for boot menu)
- Configure persistent encrypted volume
- Connect to Tor network
- Use Kleopatra for GPG key generation and management
Part 3: Mesh + TAILS (45 min)
# Install meshtastic-cli in TAILS pip install --user meshtastic # Connect to device via USB meshtastic --port /dev/ttyUSB0 --info
Cross-reference: GPG guide for key generation details.
Part 4: 5-Layer OpSec Model (30 min)
| Layer | Concern | Tool |
|---|---|---|
| Physical | Device access, location | CLIENT_HIDDEN mode, secure storage |
| Digital | Data persistence | TAILS amnesic mode |
| Communications | Content privacy | AES-256 + PKC, GPG |
| Behavioral | Patterns, timing | Awareness, randomization |
| Network | Traffic analysis | Tor, mesh routing |
Part 5: Practical Scenarios (30 min)
- Journalist source protection
- Protest communications
- Disaster response when infrastructure is compromised
Part 6: Honest Assessment (15 min)
What TAILS + mesh can protect: message content, digital forensics, metadata (partially).
What it cannot protect: RF direction finding, physical surveillance, compelled disclosure, hardware implants.