Team Tails is excited to announce on their News Page the release of 5.8, which includes the completion of "two years of work" on an update to the persistent storage that might be regressive or counterproductive depending on the perspective you see it from.

Tails has always been very focused on appealing to non-english speaking communities and those possessing little technical accumen. This is a laudable focus, as these people are the least likely to be capable of utilizing or learning of any tech that they could safely use for solitude or dissent, among other things.

Tails is a unique and beautiful OS in this sense, but sometimes in their attempts for expanded outreach, and easier usability, questionable compromises are made and issues effecting larger swaths of their userbase are created, then often ignored.

A few years back, for instance, the prolonged dismissal of Tails to a vulnerability in electrum caused a number of users to have their wallets cleaned out, then when tails disabled electrum in an update and people had to resort to appimages to keep using electrum in Tails, malicious appimages cleaned out more wallets. There was obviously a correlation to the likelihood of someone getting their bitcoin stolen and how good that person was with tech and/or english.

Tails claims they never intended to appeal to the DNM community with their OS in the first place, which begs the question why they decided to add the electrum wallet, and continue to update it to this day, in the first place? Let's just say that there has always been a glaring ommission on this particular Tails page.

New Persistent Storage

After 2 years of hard work, we are extremely proud to present you a complete redesign of the Persistent Storage.

Let's just stop here for a moment to recall what glaring issues existed in the persistent storage to begin with? None. Now read ahead as the virtues of "if it ain't broke don't fix it" reverberate in your head

The Persistent Storage hasn't changed much since its first release in 2012 because the code was hard to modify and improve. But, we learned from users that the Persistent Storage could do a lot more for you if it had more features and was easier to use.

Remember these claims: "could do a lot more for you" and "had more features" and "was easier to use." Only one of them is true

You don't have to restart anymore after creating the Persistent Storage or each time you activate a new feature.

You can change the password of your Persistent Storage from this new application.

You can choose to create a Persistent Storage directly from the Welcome Screen, if you don't have one already.

Ok right off the bat, I regret to inform you, as you can plainly see: no new features were added, so that utterance might be a good example of cognitive dissonance, and this "update" might be better describe as a "redesign"; because I assure you, though there is a bit more that changed, that without stretching the term "feature" to its furthest lengths, there are no *new* features.

Some features were *moved* in easier places to find. Like I said before, great for for people who don't understand tech or speak english, but some changes are just as bad or worse for them to.

The addition of a password change button to the Persistent Storage dialog is not a new feature, it just combined the separate password change program that already existed with the persistent storage program, combining two features does not create a new feature. Features don't procreate.

But lets look at the first change again real quick:

You don't have to restart anymore after creating the Persistent Storage or each time you activate a new feature.

You don't have to restart each time you activate a new feature? That sounds convenient, but as my colleague, dicklicker40@cumallover.me, points out, most of us were under the impression that the requirement to restart when adding a new Persistent Storage feature was a security measure to prevent someone from enabling a feature and explotiting it while someone left their unlocked Tails unattended.

The least tech-savvy and and most unfluent in english among us will be the most vulnerable to attack vectors created by this "feature."

If you don't know what ssh is because you don't understand tech, or don't know what "Additional Software" means because you don't understand english, this makes it far easier to take advantage of you, because if I don't need to restart and enter your password after enabling a feature on your persistent storage, all I have to do is wait for you to leave your persistence unlocked and unattended in order to, for instance, enable ssh, and ssh into your tails.

With dotfiles enabled, it could be easy to trick someone into starting ssh every time they log onto tails by hiding an executable in a file that looks similar to another one the tails user uses regularly.

How many times have you pressed the super button in tails, typed tor, then pressed enter and accidentally opened the tor connection assistant instead of the tor browser or vice versa? With dotfiles enabled, a less tech-savvy individual could be tricked much more easily and with far worse consequences