#Arch, Tails — react with a snail!

When travelling away from home (i.e. when not using my own computer) I boot Tails from a USB and have any sensitive information kept in the Persistent Storage.

By ‘sensitive information’ I am referring to bookmarks, stored passwords, account information, etc. – I am not referring to illegal material, large swathes of cryptocurrency or the secret recipe for Frogbank. That is to say: my threat model isn’t Assange/Snowden‐tier, though I’d still like a reasonably strong level of security when using public devices.

Tails works… passably, but I’m far more comfortable using Arch and I like having persistent UI settings, shortcuts, configurations, etc.

I understand that all of this is possible in Tails with scripts, but it’s not perfect, very clunky and, if ultimately securely feasible, I’d just like to use Arch – and so here’s what I’d like to know:

What is the (meaningful) difference between a LUKS‐encrypted Arch session booted from an external USB, and a Tails session booted from an external USB of which the Persistent Storage is also LUKS‐encrypted? I understand that Tails uses Tor, however I can also run Tor within an Arch boot if necessary.

Perhaps I’m misunderstanding the purpose of Tails, and that it’s designed for those who aren’t particularly technically knowledgeable ‐ but I honestly can’t identify a (meaningful) difference.

Both are vulnerable to peripheral‐compromised keyloggers, does Tails protect against, say, clipboard data interception which naked Arch lacks, perhaps?

I understand the likely response will be: “just use Tails, why complicate things”, all the same I’d still like to know (if only for technical curiosity and learning) what the actual difference is.

Thank you for reading.

for all i know tails is ultimately just a transparently torified live debian ISO with optional persistency and some tooling to go along with it all

you could probably achieve something similar with arch but it'd be janky, which is not to say less secure

yeah you are generally set withlive usbs as long as you set them up correctly. For instance by default arch has no firewall which is rather non-ideal. Same with secure boot etc (not sure what exactly tails has but you could set it up with arch if you know how)

if you arent snowden/shoot on site journalist level of security you are probably fine with an install of most distros by default with some security features turned on

@tender bobcat

you don't really need a firewall if you don't have any ports open on your machine either way do you

how did you install tails?

letting any application running on your computer open ports and listen for information is not a great idea imo.

Plus you can set up specific blocking rules for regions, ips, etc depending on how paranoid you are being.

without a firewall you are open to all sorts of attacks and unnecessary internet traffic

Yeah, just as I’d suspected, thanks for the responses everyone

Just the ‘standard’ method, if I remember correctly (i.e. downloading an image from the Tails website and using Balena to set it on a USB)