A tutorial on how to install the Tails anonymous operating system on a Mac and set up and use encrypted email. Click the above image for the video tutorial.
Installing Tails on Mac:
- Download the newest version of Tails https://tails.boum.org/download/index.en.html
Verify Tails (optional):
- Download the Tails signing key https://tails.boum.org/doc/get/verify_the_iso_image_using_the_command_line/index.en.html
- Open Terminal (Applications/Utilities/Terminal)
- Specify the signature key location. Type in Terminal: cd downloads (or replace downloads with the directory in which you downloaded the key i.e desktop)
- Type (or copy to) in Terminal: cat tails-signing.key | gpg --keyid-format long -–import
You should see: Good signature from "Tails developers (signing key) <firstname.lastname@example.org>"
- Download GPG Tools https://gpgtools.org/ and install
- Download the Tails signature https://tails.boum.org/download/index.en.html
- Terminal: cd [the ISO image directory] (only necessary if key has been downloaded to a different location)
- Type in Terminal: gpg --keyid-format long --verify tails-i386-0.22.1.iso.sig tails-i386-0.22.1.iso (If you downloaded a newer version of Tails, replace the iso name)
- If the ISO Image is correct: Good signature from "Tails developers (signing key) <email@example.com>"
- If the ISO Image is incorrect you will get: BAD signature from "Tails developers (signing key) <firstname.lastname@example.org>"
Burn a DVD image of Tails:
- Launch Disk Utility (Applications/Utilities/Disk Utility)
- Drag and drop your .iso file to the left pane in Disk Utility.
- Highlight the Tails .iso file, and click on the “Burn” button in the toolbar.
- Select “verify”, then burn.
Start up Tails:
- Shut down your computer and press the alt/option key on restart.
- Select boot from disc.
- Login to tails, for “more options” choose “no” (unless you want to install additional software.)
- You can now connect to the internet and surf anonymously.
Installing tails on a USB flash drive:
- Insert USB flash device (8gb or larger).
- Launch the Tails Installer (Applications/Tails/Tails Installer)
- Select “Clone and Install”.
- Select your USB flash device in the dropdown menu.
- Press “install Tails”.
- To run Tails from the USB stick shut down Tails and log back into OSX. (Note: You still need the DVD to boot tails, I’m not sure if it is possible to boot from the USB flash drive only on a Mac. Instructions for USB only can be found here: https://tails.boum.org/doc/first_steps/installation/manual/mac/index.en.html I could not get this to work on the Macbook pro.)
To run Tails from the USB flash drive you need to install rEFInd:
- Download rEFInd http://sourceforge.net/projects/refind/
- Open Terminal (Applications/Utilities/Terminal)
- Drag and drop the “install.sh” file (from the refind folder you just downloaded) into Terminal and press “Return”.
- Enter your admin password if prompted, and press “Return”.
- If successful this will appear: Installation has completed successfully.
- Restart your computer, the rEFInd boot menu will appear. (You need both the Tails DVD and USB device inserted.)
- Select Linux.
- Login to Tails.
Create a persistent volume to save preferences etc:
- Launch Configure Persistent Volume (Applications/Tails/Configure Persistent Volume)
- Enter a password and select “create”.
- For a list of the persistent volume features see: https://tails.boum.org/doc/first_steps/persistence/configure/index.en.html
- Restart Tails.
- Select yes to use the persistent volume.
- Enter your persistent volume password and login.
- Your configurations and passwords should now be saved to the USB device.
Adding your email account to Claws Mail:
- If you don’t have a safe email account, sign up to mykolab or torguard etc or see if you can get a riseup account.
- Open Claws mail (Icon is situated in the Debian toolbar)
- Add your name (or pseudonym) and your email address. Select “Forward”.
- Search for your email provider’s “client configuration”. Fill out the server address “imap.(email provider).com”, and your email address and password. Select your email clients encryption type. This should be specified on their client configuration page.
- Enter the server address again into the “IMAP server directory.” Select “Forward.”
- Enter the “SMTP server address” and SSL type. Select “Forward.”
- You should now be able to send and receive email.
If you can’t send emails try the following:
- Open your Email Account Preferences (Configuration/Preferences for current account)
- Select “Send” on the left hand pane, and in the “Authentication method” dropdown box select “Login”. Enter your email address and password.
- Go to “Advanced”, select the “SMTP port” and “IMAP port”. Make a note of the numbers.
- Open your web browser and search for “IMAP port (name of your email provider)”. Check the IMAP and SMTP ports correspond to the ones you just noted, if not change them.
- Press “Apply”, and “Ok”.
Set up PGP:
- Generate a new key pair, open your Account Preferences (Configuration/Preferences for current account). Select “GPG” on the left-hand pane under “Plugins”.
- Select “Generate a new key pair.” Enter a password for your PGP key. Generate the keys.
- If you want other people to be able to find your key pair online, select “Yes” to export your key to a keyserver.
- To add a contact’s public key to your key library open Passwords and Encryption Keys. (System/Preferences/Passwords and Encryption Keys)
- Select “Other Keys”, and press the “Search” icon.
- Enter your contacts email address and select “Search”.
- Highlight your contact and select the “Import” icon.
Using PGP encryption:
- Compose your email.
- Select the encryption type (Options/Privacy System/PGP Inline). (Only use PGP Mime if you know your recipients email client supports this.)
- Go to “Options” and highlight “Sign” and “Encrypt”.
- To send the email you need to enter the password for your key.