Tails is very useful if you want to be more anonymous by running everything through the tor network; but it is especially interesting for nomad activists who travel without a laptop of their own. This is because of the “Persistent Storage” feature.
If you setup a Persistent Storage on your Tails stick, you can keep all of your passwords, encryption keys, and other data on an encrypted partition of your Tails stick. This way you can travel without a laptop, and when you need to access your emails to write an important message to your family or organize with activists or supporters, you have all of your accounts directly on your Tails stick. You just need to borrow a laptop.
Unfortunately, many programs don’t work “out of the box” on Tails. For some it’s impossible, like Signal – because you can’t configure it to use Tor for talking to the Internet. For some other messengers you can find guides, e.g. Element or Wire. With Delta Chat it works quite well, it’s just a bit slower than running Delta Chat directly on a laptop. These 4-5 steps should be enough to get it working for you:
Step 0: Enable Persistent Storage
If not, you can follow this easy guide which explains it much better than I could – note that you need to set an admin password in the bottom left of the Tails setup screen if you want to enable Persistent Storage, and you need to reboot Tails after activating it.
Start Tails with your Persistent Volume unlocked to continue. And also set an admin password again, we will need it later.
On get.delta.chat you can download the Linux Client. It’s available in different flavours: we need the AppImage version. This has the advantage that we don’t need to install Delta Chat in Tails, we can just run it directly from the .AppImage file.
Best you save it to
/home/amnesia/Persistent/Tor Browser/, so you don’t need to download it every time you reboot Tails.
Delta Chat stores all its messages, encryption keys, account configuration, etc. in the
/home/amnesia/.config/DeltaChat folder. Unfortunately even with a Persistent Volume we need to go an extra step to make it persistent. And for this we need the command line – don’t worry, you can’t break anything here. Maybe you learn something 🙂
First we need to open a Terminal. Put your Mouse Pointer to the top left to open the application chooser, and search for “terminal” (we don’t need the Root Terminal for this step):
First, let’s check that the
.config/DeltaChat folder is not created already. We start in the
/home/amnesia folder, so we can check the content of
.config with the following command:
ls -l .config. (It shouldn’t be there yet… if there is a DeltaChat folder already, let’s move it to the Persistent part of Tails with
mv .config/DeltaChat Persistent/.)
Then we need to create a link to the Persistent folder, so Delta Chat stores its data in the right location. To do this, run:
ln -s /home/amnesia/Persistent/DeltaChat .config/ (don’t worry if the command line doesn’t give you a “success” message – as long as a command line doesn’t give you an error, it means it worked.)
We can check with
ls -l .config whether it worked: there should be a red entry with the link we just created.
If it’s red, don’t worry, that just means that the link points to nowhere. So let’s just create an empty folder there. You can do this with
mkdir Persistent/DeltaChat. Now
ls -l .config should show a blue entry for the Delta Chat folder:
Now usually the link would be deleted when you restart Tails. We need to make this change persistent, so we don’t need to run this every time we start Tails. This should be accomplished by these two commands:
echo "ln -s /home/amnesia/Persistent/DeltaChat /home/amnesia/.config" >> .xsessionrc sudo cp -a .xsessionrc /live/persistence/TailsData_Unlocked/dotfiles/
(The second command will ask you for the admin password you specified when you started Tails. Don’t be surprised if apart from that there is no output – this probably means they worked. To check whether they worked, reboot Tails and look if the link in .config still exists/was recreated successfully.)
Step 3: Run Delta Chat
Now we only need to make Delta Chat executable to run it. For this, we can use the following command:
chmod u+x Persistent/Tor\ Browser/DeltaChat*.AppImage. You can see whether it worked by looking if the filename is green when you run
ls -l "Persistent/Tor Browser":
Now we can start Delta Chat! Just double-click on it in the file browser:
Now we need an account for Delta Chat. You can use any email account to login. If you already used Delta Chat on a different device, it is recommended that you export a backup there, and import it on Tails. If you just login with the same account, new encryption keys will be generated, and you can run into problems. If you run into trouble, exporting a backup on one device and importing it into the other device should fix it.
In the beginning, the connection will not work. Your account needs to be configured to use Tor first. Tails offers a SOCKS5 proxy which any application can use to connect to Tor. For this, go to the settings, and to “Password and Account”. Then click on “Advanced”, and scrolls down to “Use SOCKS5”. Here you need to enter
localhost as “SOCKS5 Host” and
9050 as “SOCKS5 PORT”. The rest can stay empty.
When you click “LOG IN”, it will try to connect to Tor. Then it should start downloading your most recent messages. Now you can start using Delta Chat!
Bonus: Add a Friend Through QR Code Scanning
Now that you know how to do it, you can help a friend setting it up. With other Delta Chat users, you can communicate end-to-end encrypted. To ensure that your chat is safe from attackers and always end-to-end encrypted, you should add your friends by scanning their QR codes. This way you verify each other as contacts.
Of course, with a Tails stick you don’t always use a laptop with a webcam; sometimes it will just be the old desktop PC of someone’s grandparents. But you can still verify them by sending them the verification code manually. Note that you both need to be online at the same time for this to work.
In the QR menu, you can just click on “copy to clipboard”. Then you can send the code to your friend, preferaby via a secure channel. It should look like this:
Now they can also go to their QR menu, and paste the verification code there:
Then the verification process starts. It can take a minute or so, until the verification confirmation appears on both sides:
Voilà – that’s it! Now you can be sure that your communication is end-to-end encrypted.