This release fixes many security vulnerabilities. You should upgrade as soon as possible.
- We disabled the Unsafe Browser by default and clarified that the Unsafe Browser can be used to deanonymize you.
An attacker could exploit a security vulnerability in another application in Tails to start an invisible Unsafe Browser and reveal your IP address, even if you are not using the Unsafe Browser.
For example, an attacker could exploit a security vulnerability in Thunderbird by sending you a phishing email that could start an invisible Unsafe Browser and reveal them your IP address.
Such an attack is very unlikely but could be performed by a strong attacker, such as a government or a hacking firm.
This is why we recommend that you:
- Only enable the Unsafe Browser if you need to log in to a captive portal.
- Always upgrade to the latest version of Tails to fix known vulnerabilities as soon as possible.
- We added a new feature of the Persistent Storage to save the settings from the Welcome Screen.
This feature is beta and only the additional setting to enable the Unsafe Browser is made persistent. The other settings (language, keyboard, and other additional settings) will be made persistent in Tails 4.9 (July 28).