14 DAY TRIAL // A new version of Tails is now available for download, and this time the highlight is a set of security improvements that are supposed to protect users when running this Linux distro.
The most notable change concerns Unsafe Browser, which has been disabled by default in Tails version 4.8.
The dev team emphasizes that Unsafe Browser is not an app that can protect your identity online, adding that the app can be used to deanonymize you and, with the help of other security flaws in the apps running on the OS, could eventually reveal your IP address.
The Tails team says that while this is an unlikely exploit, governments or other authorities out there could actually turn to such an attack if they need to find your identity.
Unsafe Browser disabled by default
“An attacker could exploit a security vulnerability in Thunderbird by sending you a phishing email that could start an invisible Unsafe Browser and reveal them your IP address. Such an attack is very unlikely but could be performed by a strong attacker, such as a government or a hacking firm,” the Tails team says.
Last month, it was revealed that Facebook helped the FBI break into Tails using a zero-day discovered in the pre-installed video player in an attempt to track down a child predator.
Tails developers explain that Unsafe Browser can be used to reveal your IP even if the app isn’t running, and this is the reason the app has been disabled by default. The app should only be used to log in to captive portals, the team says, and you should always close it after logging into to make sure you’re not using it by mistake.
Tails 4.8 also includes TOR Browser 9.5.1, Thunderbird 68.9.0, and Linux kernel 5.6.0, as well as a bunch of fixes that you can check in full in the box after the jump.