Businer.com
Web Apps for your business, since 1999


How to configure TOR and Tails for better Security and Comfort


Unfortunately, Tails v5.8 (released on 2022-12-20) introduced two changes that favor usability sacrificing security:
  • Unsafe Browser (which should be needed only to log in to some network captive portals) is enabled by default. And it even supports downloads and uploads, which can pose an extra risk;
  • You can't permanently save your TOR browser settings, which are reset to default values every time you start TOR, even within the same session of Tails. The rationale behind this choice is that customized settings can be used to fingerprint your browser. Which is only possible if you have Javascript enabled. The bad news is that TOR security level is set to Standard (lowest level) by default, which means that Javascript is enabled by default, that constitutes a security hazard, even with the NoScript extension in place to limit damages. So that you may probably want to disable Unsafe Browser every time you start Tails, and configure TOR to the safest settings every time you start it.
Another change in Tails v5.8 is that you now need to set a (temporary) administration password to handle system configuration files (dotfiles), which are needed to store your customized settings permanently (except for the TOR browser, as already noted), because they can now be accessed only with root privileges. This is a good thing, actually.
To create an administration password, in Tails boot screen go to Additional Settings, press the Plus (+) Button, then click on Administration Password, and then enter the password in both fields and press Enter. It's a password for the current session only and it will be discarded when you shut down the system, so it doesn't need to be super secure. This is only needed when you start Tails to customize your settings and save them permanently, or to fix some other issues, don't set a root password when you start Tails to browse the Web or perform other operations.

To disable Unsafe Browser, in Tails boot screen go to Additional Settings, press the Plus (+) Button, then click on Unsafe Browser, and on Disable the Unsafe Browser, and then click Add.


How to configure TOR for better Security


TOR makes you browse the dark web anonymously, still some default configuration can pose some risk and leave you exposed.

Here you can find some ways to make it more secure:

Go to Edit : Settings (Tails v5.8), or Tools : Options (up to Tails v5.7)
or enter about:preferences in the URL bar of TOR.

Suggested settings:

Dark Theme

Go to Extensions & Themes: Themes and enable Dark theme.
If the content are of TOR doesn't turn dark, go to Settings: General: Language and Appearance: Website appearance, and set color scheme to Tor Browser theme (or to Dark).

General


Startup
  • Make Tor Browser your default browser, and Always check if Tor Browser is your default browser.

Tabs
  • Confirm before closing multiple tabs
  • Confirm before quitting with Ctrl+Q

Privacy & Security

These are the most important settings to keep you safe while browsing the Dark Web and Clear Web.

Onion Services
  • Prioritize .onion sites when known: Always.

Cookies and Site Data
  • Delete cookies and site data when Tor Browser is closed.

History
  • Tor Browser will: Use custom settings for history
  • Always use private browsing mode

Permissions
  • Warn you when websites try to install add-ons

Address Bar
  • When using the address bar, suggest: Browsing history, Bookmarks, Open tabs. Disable suggestions from: Shortcuts, Search engines.

Security
This is the most important setting to keep you safe!
  • Set Security Level to Safest. It will disable JavaScript from any website, which is one of the greatest security hazards for TOR. You can also set the Security Level clicking on the shield on the right side of the URL bar.

HTTPS-Only Mode
  • Enable HTTPS-Only Mode in all windows. Note that this will prevent you to access HTTP only websites on the clearweb. Which are nowadays both rare and unsafe.

How to configure Tails for Security and Comfort


Tails provide a secure environment. Everything is totally encrypted, and anything not expressely saved into the Persistent directory is deleted when you turn off your system.

This also means you also lose every configuration of the user interface, and the software (especially TOR). Having to configure everything every time you boot your PC with Tails not only is tiresome, but can also pose a security threat, since TOR Security Level is set by default to Standard (the lowest possible) and you may forget to set it to Safest before to start browsing the Web or the Dark Web.

However, you can save some configuration files into the Persistent directory. We assume you have created the Persistent space on Tails, if you haven't yet, you can create it from Tails boot screen.

This is how you can have more security and comfort on Tails, by configuring TOR to the Safest Security Level, setting a dark theme for the Desktop User Interface and TOR, and keeping it persistent after the reboot.

Permanent TOR settings


First of all configure TOR as it's explained in the dedicated section above. Especially, make sure you have set the Security Level to Safest.

As noted before, you can only make TOR browser settings permanent on Tails up v5.7. Starting from Tails v5.8 (r2022-12-20) this is no longer possible.
To make TOR configuration permanent, open the Terminal first. You'll have to run some commands manually on the root console.
You can find it on Applications / System Tools / Root Terminal. You'll need to enter the administration password to access it.

Enter the following commands:

cd /live/persistence/TailsData_unlocked/dotfiles
mkdir .tor-browser
mkdir .tor-browser/profile.default
cp /home/amnesia/.tor-browser/profile.default/prefs.js .tor-browser/profile.default/
chmod 640 .tor-browser/profile.default/prefs.js

Once you're done with the configuration of TOR, you may want to customize some settings on Tails.

Single Display (prevent windows to open off screen)


To prevent windows to open off screen, go to Applications: System Tools: Settings, then to Displays, and set Single Display. Apply, and Keep Changes.

To make the Single Display persistent, enter the following command in the Root Terminal:

cp /home/amnesia/.config/monitors.xml /live/persistence/TailsData_unlocked/dotfiles/.config/

Dark Theme for Tails


To get a dark theme for Tails, to make it more comfortable, especially when browsing at night.

To enable the dark theme on Tails, enter the following commands in the Root Terminal:

gsettings set org.gnome.desktop.interface gtk-theme 'Adwaita-dark'
gsettings set org.gnome.desktop.background picture-options 'none'
gsettings set org.gnome.desktop.background primary-color '#000000'
gsettings set org.gnome.desktop.background secondary-color '#000000'

If you want to apply the dark theme to the text editor (gedit) as well, open the text editor ( Applications : Accessories : Text Editor ), then go to Menu : Preferences. Font & Colors, Choose Color Scheme: Oblivion.
Then, to make the dark theme persistent, enter the following commands:

cd /live/persistence/TailsData_unlocked/dotfiles
mkdir .config
mkdir .config/dconf
mkdir .config/gtk-3.0
cp /home/amnesia/.config/dconf/user .config/dconf/

Then you have to create a text file:

cd /live/persistence/TailsData_unlocked/dotfiles
Run editor .config/gtk-3.0/settings.ini on the Terminal.

Then type the following lines into the text file:

[Settings]
gtk-application-prefer-dark-theme = true
gtk-theme-name = Adwaita-dark

Save the text file and quit the text editor pressing CTRL+X, then y, and then hit ENTER.

Now, you're finished: reboot Tails and enjoy the comfort of the dark theme.

Check for System Updates


Normally Tails checks for a system update at every system boot. If you want to check it manually, enter this command in the console:

tails-upgrade-frontend-wrapper