Tails OS for Financial Privacy: A Practical Guide

OPSECGuidesPrivacy ToolsMarch 2026~9 min read

Tails runs from a USB drive, sends all traffic through Tor, and writes nothing to the host by default. Shut it down and the session disappears.

Key points

Tails routes all traffic through Tor automatically and writes nothing to the host machine - every session starts and ends with a clean slate.
Use Tails Persistent Storage (LUKS2 encrypted) to save your Feather Wallet file between sessions; without it, you must restore from seed every boot.
Tails is not an everyday tool - it is for high-risk operations: border crossings, shared hardware, or high-value anonymous swaps.

Use it for high-risk tasks: a no-KYC swap on borrowed hardware, wallet access during travel, or any session where local traces matter.

What Tails Is (and Is Not)

Tails is amnesic by design. It keeps session data in RAM, not on the host drive. When you shut down, that state is wiped.

It also routes all traffic through Tor with no opt-out. Your ISP can see Tor use, but not the sites or services behind it.

Tails merged with the Tor Project in September 2024, which sped up security updates.

What Tails cannot protect: Your ISP sees Tor connections. Hardware keyloggers, BIOS implants, and BadUSB attacks operate below the OS. Logging into any personal account (Gmail, Facebook, exchange account) de-anonymises your Tails session immediately. Never mix personal accounts with a Tails privacy session.

traces left on host hardware after shutdown

RAM wiped on shutdown - no swap, no disk writes

8+ GB

USB drive required (16 GB recommended)

Extra space needed for Persistent Storage setup

100%

Tails traffic routed through Tor automatically

Every app, every DNS query - no opt-out

Installing Tails on a USB Drive

Requirements: A USB drive of 16 GB or larger (8 GB minimum without Persistent Storage). At least 4 GB of RAM in the host computer. Tails 7.0+ requires 3 GB RAM minimum.

Download from tails.boum.org. Download the USB image and verify the OpenPGP signature or the browser extension verification. Tails publishes signing keys at tails.boum.org/tails-signing.key.

Write to USB: Use the Tails Installer on Linux or macOS, or balenaEtcher on Windows. This destroys all data on the USB drive.

# Linux command-line alternative:
dd if=tails-amd64-6.x.img of=/dev/sdX bs=16M oflag=direct status=progress
# Replace /dev/sdX with your USB device - confirm with: lsblk

Boot from USB: On startup, press the BIOS/boot menu key (typically F12, F2, or Del depending on manufacturer) and select the USB drive. Tails boots in about 30–60 seconds.

Setting Up Persistent Storage

Without Persistent Storage, nothing survives a Tails shutdown - including your Monero wallet. Set up Persistent Storage to save your wallet file between sessions.

Applications → Tails → Persistent Storage → Create Persistent Storage. Enter a strong passphrase - this is a LUKS2-encrypted partition. Use 6+ random unrelated words. Write them down and store the backup separately from the USB drive.

Enable what you need:

✓ Personal Data - saves your wallet file in /home/amnesia/Persistent
✓ Tor Bridge - saves your bridge configuration (for anti-censorship setups)
✗ Browser Bookmarks - optional, lower privacy benefit
✗ Application State - avoid unless needed; maintains app state that may identify patterns

Running Feather Wallet on Tails

Download Feather Wallet AppImage. On your first Tails session with internet access, download the Feather AppImage from featherwallet.org. Save it to your Persistent Storage folder.

Make it executable and run:

# In Tails terminal:
chmod +x ~/Persistent/feather-2.x.x-linux.AppImage
~/Persistent/feather-2.x.x-linux.AppImage

Configure Feather to use Tails' Tor: In Feather → Settings → Network → SOCKS5 proxy → 127.0.0.1:9050. This routes Feather traffic through Tails' built-in Tor (the system Tor daemon). All node connections, broadcast transactions, and sync activity go through Tor.

Create or restore your wallet - save to Persistent Storage. Save the wallet file to /home/amnesia/Persistent/. On next session, open Feather and point it at the saved file - sync resumes from the last block rather than from scratch.

For more on Feather Wallet settings and coin control, see our dedicated Feather Wallet setup guide.

Doing a No-KYC Swap on Tails

Tails includes Tor Browser by default. Use it to access swap services:

Open Tor Browser (pre-installed in Tails). Navigate to a no-KYC swap service - Trocador, SideShift, or Godex. Use .onion addresses where available for full Tor routing.

Address copy-paste discipline: Copy the deposit address from the swap service, paste into Feather. Before confirming, always verify the first 6 and last 6 characters on screen - clipboard hijacking malware exists and replaces crypto addresses in the clipboard. On Tails, this attack vector is reduced but not eliminated.

New Tor identity between swaps. If doing multiple swaps in the same session, use Tor Browser's "New Identity" function (Shift+Ctrl+U) between each. This creates a new Tor circuit and prevents the swap services from correlating multiple transactions to the same Tor exit.

Hiding Tor Usage from Your ISP

In countries with Tor blocking or surveillance of Tor connections (Russia, China, Iran, and increasingly Australia and the UK), connecting directly to the Tor network is visible to your ISP. Use Tor bridges to disguise the connection.

During Tails startup, select "Configure a Tor bridge." Request bridges at bridges.torproject.org (use WebTunnel or obfs4 type). WebTunnel makes Tor traffic look like standard HTTPS - the most effective for defeating Deep Packet Inspection.

Save bridge configuration to Persistent Storage (enable the Tor Bridge option in Persistent Storage settings). Your bridge addresses will load automatically on next boot.

The Tails + Monero Combination: Who Needs It

Most people do not need Tails for day-to-day transactions. Tails is the right tool for:

Journalists and activists receiving source payments or funding sensitive operations - nothing on their main machine, nothing on the host
People in high-surveillance countries where device searches at borders or during protests are documented
People who share computers - partners, flatmates, family - and need financial transactions to leave no trace
One-time high-value operations - setting up a large cold storage wallet, doing a large anonymous swap

For everyday use, GrapheneOS on a Pixel + Feather Wallet + Mullvad VPN is the more practical stack. Tails is the tool for when leaving zero trace on the hardware matters more than convenience.

Cunicula receives no funding from the Tails Project or Tor Project. Both are open-source, non-profit, privacy infrastructure.

Follow the Money

Tails is one of the few privacy tools in this space with no venture capital, no government backdoor pressure, and a fully transparent funding model - worth understanding given that several US State Department-linked organisations fund competing privacy tools.

$Tails Project funding - non-profit, transparent, no institutional conflicts

Tails funding: Access Now (human rights NGO), Open Technology Fund (US State Dept/BBG), Mozilla Foundation, Freedom of the Press Foundation. Budget: ~$300K/yr. French non-profit (SOS).
Tor Project merger: Tails merged with Tor Project (Sept 2024). Tor funding includes US State Dept (BBG), NSF, DARPA. Open-source and audited code mitigates the risk.
Commercial contrast: VPN industry: $50B+ market. Kape Technologies (Israel) owns ExpressVPN, CyberGhost, PIA. Many "privacy" VPNs are private equity owned.

Frequently Asked Questions

What is Tails OS and why is it useful for financial privacy?

Tails is a live operating system that runs from a USB drive and stores nothing on the host computer by default. Every session starts completely fresh - no browser history, no wallet files, no logs remain after shutdown. All traffic is automatically routed through the Tor network. This makes it useful for financial privacy in specific scenarios: using a shared or borrowed computer without leaving trace evidence, operating in an environment where your main machine may be seized or searched, or accessing no-KYC swap services anonymously. Tails merged with the Tor Project in September 2024.

Can I save my Monero wallet on Tails?

Yes, using Tails Persistent Storage - an encrypted (LUKS2) partition on the same USB drive. You can save your Feather Wallet file to Persistent Storage so your wallet and sync progress survive between sessions. Without Persistent Storage, your wallet file is lost on shutdown and you must restore from seed each time (slow sync). Persistent Storage requires a strong passphrase - the only authentication factor protecting your wallet. Use 6+ random words as a passphrase, never a dictionary phrase.

What does Tails NOT protect you from?

Tails does not protect against: (1) Tor traffic correlation by an adversary watching both your internet connection and the destination - your ISP can see you're connecting to Tor even if they can't see what you do. Use Tor bridges (obfs4 or WebTunnel) to hide Tor usage from your ISP. (2) Hardware-level surveillance - BIOS/UEFI implants, BadUSB attacks, keyloggers attached to the keyboard. (3) You logging into personal accounts while on Tails - this immediately de-anonymises your session. (4) An attacker who has physical access to your Tails USB and knows your Persistent Storage passphrase.

← PreviousSEC Crypto Privacy Roundtable: Zcash and Monero Developer Risk Next →Tor .onion + ENS + IPFS: Censorship-Resistant Website Hosting