Why use TAILS for Crypto? How it is a great a secure Air-Gapped environment for cryptocurrency


Righty, so I’ve made a number of videos
looking at various things to do with crypto and how to securely access things
like your 24 words seed and all of that and I’ve kind of mentioned and
demonstrated in some of those TAILS as an operating system and I actually
haven’t spent the time to run through I guess what TAILS is in details why TAILS
is useful for crypto tasks you know what it’s what things it won’t protect you
from because I think it’s important to understand that too and then just a
quick run through on how you’d actually go about using it and I think it’s worth
running through that just in case your I guess wanting to learn and understand
and like all of these things I think the better informed you are around I guess
the principles behind how to stay secure and safe in crypto the better and yeah
there’s I think so a lot to be gained from getting familiar with this tool and
understanding it not only in crypto but for privacy and secrecy generally if
that’s something you are after so firstly I think it’s worth just talking
about you know what is tails now the Wikipedia article on tails is
actually pretty good which is basically that tails is an acronym so when I write
it I always capitalized it even though the authors don’t and it’s called you
know the amnesic incognito live system and essentially a lot of you will be
familiar with how incognito mode works in your browser of choice and
essentially it’s a way to have something very similar to that except on a whole
operating system scale and it’s a security focused Linux distribution so
that’s great because it’s free so you can just like download it completely
legally and freely it’s open source so it’s made of tools and a whole suite of
tools that anybody in the community who’s has even a bit of a background in
terms of programming and development can actually have a look
and if they’re you know really wanting to be thorough can audit the whole thing
themselves so it’s open-source software which is great because it means that
it’s there and exposed for everyone to improve and you don’t have to trust
anyone else in terms of I guess the software that’s running under the hood
you could also you know build and compile your own TAILS distribution from
scratch using all the tools that TAILS users but again that the purpose of this
video is for people who perhaps don’t have a strong Linux background and just
to get started with that the other big one with tails is it’s up to date so you
know over the years that in plenty of operating systems and distributions that
are aimed at security but it’s important to note that you know tails still has
releases happening as of you know 20 days ago here filming in May 2019 and if
you can look on their website it’s regularly updated and with each update
they’re essentially patching security holes so it’s helpful to be using a
distribution that is still actively supported rather than something that you
know might have a secure ten years ago but still has lots of vulnerabilities
that haven’t been fixed or patched so and again tails it’s kind of like
incognito mode in that it runs and is designed not to leave any trace
whatsoever on the computer that you are running it on it also has tor which is a
sort of VPN style thing that allows you to access the internet anonymously so
not only does it not leave a trace on your computer that you’re using it on
but it also is a runs in a way that your ISP or whoever’s supplying
your network can’t monitor what you’re doing either and so yeah basically how
TAILS works is you burn it onto a USB or onto a CD and then you boot it you
restart the computer and it will load itself into the RAM
on your computer so it doesn’t install anything on to the hard drive it does
have an option to do persistent mode which will keep stuff between sessions
but frankly I think for the purposes of crypto you don’t need to worry about
persistent mode and to be honest it’s more likely to I guess encourage bad
habits which is something we’d like to avoid but yeah it forgets everything on
reboot so it’s not an operating system that you would want to use as your daily
driver unless you I guess have a need to leave no trace whatsoever on the
computer and you know I think to be fair as well you know tales is a serious
enough piece of software in terms of what it claims to do that at least
according to some media coverage you know the NSA are automatically looking
for and flagging people who search for TAILS or visiting the TAILS website so
it’s clearly a significant enough security tool that you know some
security organizations or surveillance organizations take it seriously as a
threat to what they’re trying to do but again there are plenty of legitimate
uses for tales and crypto currency and doing less stuff secure securely is a
huge one so that’s good to know secondly tales is useful for crypto
tasks because it’s amnesic so I would suggest using tales is better than
having a air-gapped computer that you set aside and you just set up and use
because if say you had a you know a separate computer that you were planning
to keep offline that you had was running like Linux Ubuntu or something like that
that you would always use for your crypto stuff but never let it touch the
Internet you know there’s always the possibility that at some point in the
future some well-meaning person will accidentally connect to that computer to
the Internet and if there was stuff on there that was compromised it might leak
it so you know having something that forgets everything when you reboot is
at least in my opinion an excellent approach TAILS is
minimal operating systems so when we build into tails in a little while
you’ll notice it does not have as many things as you would expect an operating
systems have bundled with it like Ubuntu or something like that another really
good thing about tails and and for our purposes what I’ll be showing in a
minute we’ll be using tails off line in an air-gapped environment however it’s
also good to know that by default the behavior of tails is that applications
that aren’t tunneled through tor get blocked so if you have a piece of
software on the computer that’s just going to try like I don’t know you
install some dodgy malware or something or you run install or run some software
or scripts that actually aren’t trustworthy unless those scripts are
designed to tunnel through tor tunnel out using tor they’ll actually just get
blocked using the firewall built into it if they just try and access normal
unencrypted network communication so that’s easy to
demonstrate than to know to talk about unless you’re familiar with how this
sort of stuff works now this is not a fail-safe foolproof thing but it’s sort
of just a helpful layer of security which is simply not there for you know
normal distributions of Linux you know if you install something on a live
Ubuntu system and it’s connected to the Internet if that app decides it wants to
talk to the Internet Ubuntu will let it straight away it won’t prompt you it’ll
just let it talk assuming everything’s trying to do the right thing whereas
tails is fairly paranoid in that regard tails is well documented so it’s not
only you know an up-to-date thing that you can find on some obscure forum
somewhere with just you know instructions in Russian that you have to
translate but tails is is well documented in a range of languages that
at least in my opinion are quite human consumable and there’s plenty of
documentation and community around this tales also have gone to the effort of
making tools that make it easy to verify the download
so that’s another big reason why it’s worth using so you can be sure that what
you’re downloading is actually tails because there will be there are some I
guess ways of attacking or seeking to trick you into downloading the wrong
thing that can be difficult to detect unless you are familiar with the tools
for how to do that tails is also this useful for privacy and security
generally so irrespective of whether you’re only interested in crypto or
whether you have an interest in other information security related practices
and tools tails you can as soon as you boot tails you’ve pretty much got it
ready to go tor browser sort of thing there and it
is working so it’s it’s really can be really interesting tool to play with if
you’re interested in that space at all and it’s free
the big one as well it does all of this on your existing hardware so tails is
such that even if you just have one computer that is you know yours and you
unplug the network cable and reboot it you can use it in a very secure way it
doesn’t require specialized hardware at all it doesn’t require any sort of
exotic setup you can do this with the computer that you you are using everyday
and sort of run this as well so it’s not something you run from within Windows or
within Linux or anything you can shut down and boot this and have a very
secure environment especially if you disconnect all the networking as well
though yet some people will have their preferences in terms of having
completely separate Hardware they use for this stuff but again tails just
gives you the ability to repurpose hardware you’ve already got I do think
it’s important before we go on to how to get tails and how to install it just to
be really clear about what tails will not protect you from and these these to
be honest are all sort of the same kinds of things that incognito mode in your
browser won’t help you with so firstly tails will not help you if someone is
standing looking at what you’re doing so if someone pulls out their smart phone
and takes a picture of your 24 word seed you know as you’re writing it in
or as a security camera in the room looking at you or something like that
tails will not help you the other this is a big one actually is tails can be a
good piece of software to use if you’re say traveling or using someone else’s
computer but want to do so in a really secure way that it will not protect you
if they have a USB key logger installed and you know you can buy USB key loggers
they’re about the size of USB stick and they literally just plug in in between
your keyboard and the computer they’re just like an inline plug so it will not
protect you from a keylogger if you’re typing you know 24 words seed and I
think that’s that’s really important to be aware of if you’re using a public
computer because heck even even when I was at university people would routinely
be planting key loggers on the computers in the labs there and I would expect the
same you know if you’re traveling in internet cafes and things like that
so it will not will not will not protect you from a hardware key log of so you do
need to be vigilant about the hardware it won’t protect you from someone
physically finding your 24 words see if you’ve got written down somewhere that
that’s a no-brainer it won’t protect you if you then go on
download untrustworthy software and run it especially if you do that when you’re
connected I added the hardware that may be compromised in addition to key logger
it’s sort of the same thing but the other one might be for example that you
want to print some information from the Ian Coleman 24 word seed tool but say
print those private keys on a printer that’s compromised because again as
printers and those sort of multifunction devices are becoming increasingly
complex it’s it’s really possible that that printer could be compromised as
well and it also won’t protect protect you from dodgy software tools so I’m
going to talk a little bit later about how you would get tails running and Ian Coleman’s tool and Seed Savior is an example but those tails will
not protect you for if someone has say made a dodgy
version of Ian Coleman’s tool that will for example only give out their
addresses that they own as the receiving addresses for all the different crypto
things it is possible to modify those browser based tools in such a way that
the public addresses that they give out that they’re like encouraging you to
send stuff to will actually be belonging to somebody else in the same way that a
paper wallet tool someone has written could very easily be set up to send to
only show public addresses to unsuspecting users that are actually
controlled by someone else who controls the private keys and I won’t I won’t run
through exactly how to do that just because I don’t actually want to show
people how to do that but it’s worth looking at the tools you are using and
making sure they come from a reputable source so you know the official github
of of this person and again just just also being really aware like it’s it one
one simple test you can even do is just to see whether for example ledger live
is producing the same public addresses as are being spat out by something like
Ian Coleman’s tool but yeah anyway it’s just important to understand that you
you need to be able to verify or at the very least to trust the tools that
you’re using to give you information that’s right so and TAILS won’t help
you with that the only other thing that I’d add is
this probably is a helpful way to understand sort of the benefits that are
Hardware while it gives you in the sense that it gives you this sort of
air-gapped level of security with the device that can be plugged in and can
run securely on a computer that’s like full of malware so if you haven’t got a
hardware wallet I think a ledger Nano is a really great place to start and again
if you just sort of new to the space and don’t have you know hundreds of
different crypto currencies trying to store a Ledger Nano S can be a great
investment and you know if you’re feeling
like spending extra money and X can be Ledger Nano X can be good but frankly
the Ledger Nano S can do everything pretty much that the X does in terms of
security and is like half the price so yeah your best bet for them is just to
buy it directly through ledger and they’ll send them internationally and
I’ve just thrown a link to that in the description as well so if you found this
helpful you know hit like on the video that
helps me and you know certainly subscribe if you’re interested in this
kind of stuff and planning just to I guess cover a bit more ground in terms
of just being familiar with some of the tools that can help you get out of
trouble if you’re stuck in terms of crypto but also can help you to
understand some of the practices to avoid just getting scammed because again
there are no shortage of websites just want you to shove your 24 Word seed
key straight in online or email it to them or send it to them on Facebook or
any of those things just just avoid all of that and I just learned some good
security practices so I hope that’s been useful and yeah best of luck let us know
if there’s any particular elements that you get confused with and I’m happy to I
guess help you add in the replies or direct you in the right direction for
that

Leave a Reply

Your email address will not be published. Required fields are marked *