Tails OS: the amnesic operating system – Complete guide 2026
Among all the privacy tools developed over the past twenty years, Tails OS occupies a unique position. It is not a browser, a messaging app, or a VPN: it is a complete operating system, designed from the ground up to leave no trace on the computer running it. Investigative journalists, human rights defenders, whistleblowers, and researchers working on sensitive topics use it every day to protect their sources and information. This article explains in depth what Tails is, how it works, how to install it, and for which use cases it is the best option.
⚫ We know why you are here. It's not this page. Tor access →What is Tails OS?
Tails stands for "The Amnesic Incognito Live System". It is a Debian-based Linux distribution designed to protect the privacy and anonymity of its users. Launched in 2009 and maintained by the Tails Project, it is today one of the world's leading references for secure operating systems.
Unlike Windows, macOS, or an ordinary Linux distribution, Tails does not install on your hard drive. It runs from a USB drive or an SD card, with the entire system fitting in a few gigabytes. You plug in the drive, restart your computer while selecting it as the boot device, and Tails takes over. When you shut down, you remove the drive, your computer restarts normally on its usual system, and no trace of your Tails session remains on the machine.
This unusual architecture addresses a specific need: allowing users exposed to risk (journalists, activists, whistleblowers) to carry out sensitive activities on any computer, without depending on a particular setup and without compromising the machine used. You can use Tails on your personal computer, a borrowed laptop, at a cybercafé, or in a public library: the behavior is identical everywhere.
The amnesic principle explained
The word "amnesic" is central to Tails's name and philosophy. It means that by default the system records nothing that happens beyond the current session. As soon as you shut Tails down, all data is erased.
How it works technically
Tails loads the entire system into RAM at boot time. The main filesystem is read-only: nothing can be written permanently to the USB drive during normal use. Files you create, emails you write, pages you visit, passwords you type: all of it exists only in RAM.
At shutdown, Tails performs a secure RAM wipe before cutting power. This precaution matters because certain attacks (so-called "cold boot" attacks) could recover data from RAM for a few seconds after power-off. Tails's deliberate wipe prevents this recovery.
Why this design is valuable
The amnesic principle provides several guarantees that few other systems can offer. First, an attacker who later gets their hands on your computer would find no forensic trace of what you did under Tails. Forensic analysis tools (EnCase, FTK, Autopsy) rely on analyzing files present on the disk; if nothing was written there, there is nothing to analyze.
Second, malware accidentally installed during a Tails session does not survive a reboot. If you click a malicious link or open an infected attachment, the malware may act during your session but disappears at the next shutdown. This provides significant protection against persistent malware.
Third, Tor is built in by default and all network traffic is routed through it unconditionally. Tails systematically blocks connections that do not go through Tor. You cannot accidentally send an unanonymized request: the system prevents it.
Built-in tools
Tails ships with a complete suite of pre-configured privacy tools. All are open source, audited, and regularly updated. You do not need to install additional software to cover common use cases.
Browsing and communication
Tor Browser is of course the default browser, with the standard Tor Project configuration. Thunderbird with Enigmail (for PGP) handles encrypted email. Pidgin offers instant messaging compatible with multiple protocols, including OTR (Off-the-Record) for encryption. OnionShare is built in for sharing files over .onion, as is Briar for peer-to-peer messaging.
Office and documents
LibreOffice provides the full office suite (Writer, Calc, Impress), compatible with Microsoft Office and ODF formats. GIMP for image editing, Inkscape for vector drawing, Audacity for audio. Metadata Cleaner lets you strip EXIF metadata from photos and documents before sharing — an essential feature for protecting sources.
Security and encryption
KeePassXC for password management. GnuPG for asymmetric cryptography (PGP). VeraCrypt for creating encrypted containers. Electrum as a Bitcoin wallet. Together these form a complete toolkit for sensitive operations.
Cryptocurrencies and blockchain
Tails includes Electrum for Bitcoin. For Monero, a dedicated application can be added via the Additional Software manager in persistent mode. Using cryptocurrencies from within Tails provides an additional layer of anonymity compared to a simple VPN.
Installing on a USB drive
Installing Tails requires a bit of preparation but remains accessible. The official procedure is documented at tails.net and follows the steps below.
What you need
You need a USB drive of at least 8 GB (16 GB recommended), a computer on which to prepare the drive (Windows, macOS, or Linux), and an internet connection to download the image. Allow significant download time: the image is roughly 1.5 GB.
Step 1: download the ISO image
Go to tails.net (watch out for fraudulent look-alike sites: double-check the spelling). The official site provides the ISO image and instructions. Download the latest stable version. The Tails Project releases a new version roughly every six weeks, with security updates and improvements.
Step 2: verify the signature
This step is essential for Tails, even more so than for other software. Tails is a complete system used in sensitive contexts; a compromised version would be catastrophic. The tails.net site offers automatic verification via a browser extension, and manual verification via GnuPG and the project's public key. Do not skip this step, especially if you plan professional use.
Step 3: flash the image to the USB drive
Several tools can turn the ISO image into a bootable USB drive. Etcher (free,
cross-platform) is the simplest: select the image, select the drive, click "Flash". Rufus
is a popular Windows alternative. The dd command on Linux and macOS handles the job from
the command line for advanced users.
Warning: this step completely erases the USB drive. Back up anything on it first. Also carefully verify that you have selected the correct drive in Etcher or Rufus: targeting the wrong device can wipe an important external disk.
Step 4: boot into Tails
Plug the USB drive into the target computer and restart, selecting the drive as the boot device. How to access the boot menu depends on the manufacturer: F2, F10, F12, or Escape on PC; hold the Option (⌥) key on Mac. Select the USB drive from the list of devices.
Tails starts and displays its welcome screen within one or two minutes, depending on the speed of the USB drive. You can choose your language and keyboard layout. The GNOME graphical environment then launches, and you are in Tails.
Encrypted persistent storage
By default, Tails is completely amnesic: nothing survives shutdown. This can become limiting for regular use where you want to keep certain things (PGP keys, bookmarks, work-in-progress files). For this, Tails offers encrypted persistent storage, an optional feature that creates an encrypted area on the USB drive.
How it works
When creating persistent storage, Tails asks you to set a strong passphrase. A LUKS encrypted container is created in the remaining space on your USB drive. At each boot, Tails asks for this passphrase: if you provide it, the storage is mounted and you can access your persistent data; otherwise Tails runs in normal amnesic mode.
This two-mode design offers valuable flexibility. In amnesic mode (no passphrase), Tails remains perfectly usable for a one-off session or for scenarios where persistence would be risky. In persistent mode, you find your settings, documents, and bookmarks again, just as on an ordinary system.
What can be kept?
Tails lets you choose precisely what is persistent: Tor Browser bookmarks, Thunderbird history, OpenPGP keys, personal files in the Persistent folder, SSH configurations, printers, Wi-Fi networks, and additionally installed software. You enable or disable each category as needed. This granular approach lets you tailor persistent storage to your threat model.
Important precautions
The persistent storage passphrase must be long and strong. Everything you store there is protected by it and only by it. If someone gets hold of your drive and guesses the passphrase, all your data becomes accessible. Use a passphrase of at least 20 characters, ideally 30 or more, combining several random words. The Diceware method is recommended.
Furthermore, persistent storage partially breaks the amnesic nature of Tails: if your adversary knows you use Tails with persistence and knows you used this drive at a particular time, they can infer certain things. For the most sensitive use cases, pure amnesic mode remains the best option.
Who actually uses Tails?
Tails is built for sensitive scenarios, which defines its user base.
Investigative journalists are the emblematic users. Edward Snowden publicly recommended it. Newsrooms at the New York Times, Washington Post, ProPublica, Le Monde, and Mediapart use Tails for their most sensitive investigations and to communicate with sources via SecureDrop. The Freedom of the Press Foundation incorporates Tails into its journalist training programs.
Whistleblowers use Tails to transmit documents. The advantage is considerable: by booting Tails on a public computer (library, cybercafé), they break the link between their civil identity and the act of transmission. Edward Snowden notably used Tails during the period when he was preparing his revelations.
Human rights defenders and activists in repressive contexts (Iran, China, Belarus, Venezuela, Myanmar) use Tails to document abuses, organize actions, and communicate with foreign media. The amnesic aspect is crucial when arrest is a real possibility: it is far better for a seized computer to reveal nothing.
Security researchers use it to analyze malware samples without risking compromising their main machine. Lawyers working on sensitive cases use it to protect attorney-client communications. Victims of domestic violence or stalking can use Tails to communicate without a controlling partner finding any trace on the shared family computer.
Tails vs Whonix: which one to choose?
Tails is not alone in its category. Its main counterpart is Whonix, with a complementary philosophy. Understanding the difference helps you choose.
Architecture
Tails runs live from a USB drive, entirely in RAM, and erases itself at shutdown. Whonix runs as persistent virtual machines on an ordinary computer, with a two-VM architecture: a "Gateway" that exclusively manages the Tor connection, and a "Workstation" where the user works. This separation ensures that even if the Workstation is compromised, it cannot discover the real IP address of the host machine.
Preferred use cases
Tails excels for one-off and sensitive operations: whistleblowing, sessions on borrowed computers, environments where nothing must be left behind. Its amnesic nature is its primary strength.
Whonix excels for regular and persistent use: your daily work machine for sensitive activities, a development environment for privacy-related software, a journalist's machine handling several cases in parallel. Its persistence allows installing additional tools and maintaining a work state.
Can they be combined?
Yes, and this is actually an appreciated advanced combination. Tails can be launched inside a VM on a Whonix host, or Whonix can be used on a Qubes OS host. These configurations require more technical skill but offer optimal compartmentalization. For most users, choosing one or the other based on their primary use case is more than sufficient.
Limits and situations where Tails is not enough
Despite its strengths, Tails is not a universal solution. Knowing its limits prevents assigning it responsibilities it cannot fulfill.
Tails does not protect against physical surveillance. Cameras in the room, a hardware keylogger attached to the keyboard, someone looking over your shoulder: Tails cannot do anything against these physical threats. Always complement Tails with appropriate environmental security measures.
Tails does not hide Tor usage from your ISP. Your internet service provider can see that you are connecting to a Tor relay, whether launched from Windows, from Tails, or from anything else. To hide Tor usage, you need to combine it with a bridge (obfs4, Snowflake) or a VPN, as explained in our article VPN and Tor.
Tails does not protect against human error. If you log into your personal Gmail account from Tails, you break your anonymity. If you take a photo with your smartphone and open it in Tails, EXIF metadata can give you away (unless cleaned beforehand). Human opsec remains the critical element.
Tails is slow. Running entirely in RAM from a USB drive with all traffic routed via Tor introduces significant latency. For everyday tasks (reading, writing, email, basic web), it is perfectly usable. For intensive computation, video editing, or heavy development, Tails is not the right tool.
Hardware compatibility is not universal. Some recent Wi-Fi or graphics cards may not be supported. The project continually works to improve support, but testing Tails with your specific hardware before critical use is strongly recommended.
Further reading
To deepen your use of Tor and digital privacy, several resources complement this Tails guide. Our guide to accessing the dark web safely covers installing and configuring Tor Browser. Our article VPN and Tor: should you combine them? explores the technical debate around adding a VPN. Our comparison of dark web search engines covers Ahmia, Torch, Haystak, and others.
Our pillar on 50 dark web myths debunked dismantles misconceptions about Tor and anonymity. Our unusual FAQ answers 50 common questions. Our glossary precisely defines all the technical terms you will encounter.
To concretely explore legitimate .onion services, browse our OnionDir directory, in particular the categories Tools & Privacy (where Tails and its companions Whonix, OnionShare, and SecureDrop are listed) and Email & Messaging.