[nikcub]

First, Harvard bomb kid was caught because of some decent sysadmins ran good network analysis and after receiving a bomb threat that was received from Tor saw that there was only a single student on the entire network that was running Tor.

ISP's or network providers know if you're running Tor, when you're online and when you're active (it has been used in criminal cases to link real people to online aliases)

Someone else in this thread pointed out that the download points for Tails are all HTTP - so you can't find it and download it anonymously.

The way to do it would be to find an HTTPS mirror (avoiding search engines) or a public terminal.

IMO you shouldn't use Tails as your personal machine. This isn't a technical decision more a question of OPSEC policy. The key to anonymity is compartmentalization - the concept of creating, maintaining and then isolating your different identities.

Your real identity will continue to use your computer, your phone number, your internet connection, etc. It might tighten up some privacy leaks. Your anonymous identity (which may have a name) will use Tor in a virtual machine as a gateway and Linux in another virtual machine as a client, or it will boot into Tails. The anonymous identity using Tor has nothing in common with the real identity that can be linked together by a passive or active attacker.

For ex. your anon identity is doing anonymous stuff on anonymous online markets, but then you use the same Tails session to login to your personal Gmail. You've just been de-anonymized. Don't share anything between the two identities (having the same interests, typing style, etc. to name a few) as that would tie an anonymous identity to a real one.

With this in mind, Tails is perfect for the use case of 'I need to do some anonymous stuff with my anonymous identity and then get back' which is exactly how a lot of journalists, black hats, etc. use it. The more 'comfortable' Tails is with features and programs the more likely you are to hang around and do something that will de-anonymize you :)

[wila]

Seems you can download via bittorrent as well? [1]

BTW, if you download a file of 1.1 GB from boum.org then the size of the download already pretty much gives away that you are downloading tails.. So https does not give you anonymous downloads, it gives you an increased certainty of origin. But as you should verify the signature instead (which is served over https)[2] I think it is fine to download via http.

[1] https://tails.boum.org/install/mac/dvd/index.en.html?overrid...

[2] https://tails.boum.org/download/index.en.html#index2h1