Topic: Linux live USB (non-persistent) vs Tails? (Read 154 times)

Oh, that's what you mean. The FAQ doesn't help either since it uses term "Qubes" and "Qubes OS" inconsistently, few example,


I'm more afraid beginner will be frustrated or do something stupid which compromise security/privacy rather than visited by 3-letter agency.

Inside Qubes OS, you can create separate VMs for each need - they're called "qubes". what I was saying is, a setup of two VMs on Qubes OS could be created so that you have one offline qube and one online qube, running at the same time. I cannot call myself a Linux expert, yet I was able to easily create manually-configured qubes using the operating system's UI and a few helping tips from their docs.

From the Getting Started docs:

This is a more-than-enough secure setup imo, unless a 3-letter agency is on your way. Basically, as soon as you have an offline qube running, the only way it can be attacked is if dom0 is compromised... and dom0 is offline as well, so it's a quite hard job. Here's more info about this:

I don't know if you have any concerns over the security/privacy of the physical "sticks" you carry.  Tails is far better (my opinion) but one glaring issue is that persistence is observable since the extra partition is placed on the USB for tails.  My application, which works well, is to carry a second USB stick encrypted with VeraCrypt volumes (Decoy + Hidden).  Tails is already loaded with the software to easily open your VeraCrypt volumes where you can use a hidden volume to store all your "business".  If an adversary confronts you then you can open the decoy volume and you are still safe.  Works quickly and there is no persistent partition to see.  Especially useful for offline things - SEED checks, signing, etc...  On my machines Tails loads in about 10 seconds and its ready to rock!

That is where "persistence" feature of Linux OS comes in, you basically store your session to be reused on any subsequent boots. You could also simply install the OS on a USB disk just like you would on a hard disk although you should be aware of your disk's lifespan and keep backups.

This shouldn't be an issue although this could be mitigated to some extend by adding 2 partitions to the USB disk, one be a normal NTFS and another a Linux specific format. Windows AFAIK can only recognize one partition no matter what the other is! Also encrypting the home folder, etc helps too.

For me, the definition of "secure" depends on how paranoid I'd want to be.

Tails is non-free. In order to be compatible with as many devices and hardware components as possible, the team behind Tails had to add non-free blobs and firmware. Otherwise, the experience on less-known or less-supported hardware would be crappy.

Hence, if you want something that is secure as in an OS that is FOSS, you could get yourself a free copy of Debian and install it on an old PC.

Either use it as an online or an offline wallet together with a verified Electrum install. If you have an old PC laying around, you could actually turn it into a dedicated airgapped wallet for Bitcoin.

Live USBs and Tails are good for when you're on-the-go, but live USBs willl likely require you to reinstall Electrum every single time you boot them. Moreover, if you want to use Tor as well, you will have to go through extra steps every boot. Since Tails comes with Electrum preinstalled and system-wide Tor, it's way more convenient.

Another option is installing Qubes OS, although it's not a newbie-friendly OS to run. You can run multiple operating systems in Virtual Machines at the same time and make two Qubes (VMs) for both offline and online wallets.

If you go for the USB setup, be careful where you're going to plug it since it could still be affected by an infected PC.

I think you mean you would use the offline wallet to sign an unsigned transaction.

The short answer is no.  There have been updates in the past that would prevent an older version from signing an unsigned transaction created by newer version, but if you're talking about a recent release of Tails, you should be fine.  I'm afraid I don't know the exact version numbers that would pose an issue, but for other security issues I would make sure the version of Tails you're using has version 3.0.4 or later.

What about to use Tails as the offline wallet to create an unsigned transaction. Would I still need to update it for this purpose?

Tails comes with Electrum pre-bundled but you'd have to have persistent storage to update the Electrum to the latest version which would be necessary if its connected to the internet, perhaps not so much if its used as an offline wallet. In terms of security, I don't think they would differ too much. You'll still have to download and verify the Electrum instance (for Tails would be the OS itself).

Tails would be pretty quick and easy to set up as compared to setting up your own Linux instance and install Electrum. Keep in mind that Tails is just like a modified Debian.

Which would you say is more secure for online wallet? What about offline...no difference?