Tails 7.6 Introduces Automatic Tor Bridge Retrieval and Switches to GNOME Secrets Password Manager
What Happened — Tails 7.6 adds a built‑in Tor bridge‑retrieval assistant that automatically detects blocked Tor connections and fetches region‑specific bridges via the Tor Project’s Moat API using domain‑fronting. The release also replaces KeePassXC with the GNOME Secrets password manager as the default credential store.
Why It Matters for TPRM —
- Automatic bridge retrieval reduces reliance on manual, potentially insecure, user‑supplied bridge lists.
- The new password manager tightens integration with the GNOME desktop, improving accessibility and reducing attack surface from legacy components.
- Upgraded kernel, Tor Browser, and removed Qt5 lower the risk of known vulnerabilities in those components.
Who Is Affected — Users of Tails across all sectors (journalists, NGOs, privacy‑focused enterprises, government agencies, etc.) that rely on the OS for secure, anonymized work environments.
Recommended Actions —
- Verify that your organization’s Tails deployments are upgraded to 7.6 or later.
- Review the configuration of the Tor bridge assistant to ensure it aligns with your network‑access policies.
- Assess the impact of switching to GNOME Secrets on existing credential‑management processes; test compatibility with any internal password‑policy tooling.
Technical Notes — The bridge request is sent through the Tor Project’s Moat API and concealed via domain fronting, mitigating deep‑packet inspection. The password manager transition preserves KeePassXC database compatibility, but legacy KeePassXC binaries remain installable for feature‑specific needs. Kernel upgraded to Linux 6.12.74; Tor Browser now 15.0.8 (Firefox ESR 140.9); Qt5 removed entirely. Source: Help Net Security