Private Web Development Using Tails OS, VSCodium and Node.js
October 22, 2023
Last updated: October 22, 2023
In an age where digital privacy and security have become paramount, the demand for truly private web development environments has grown. Enter Tails OS, a unique and security-focused Linux distribution designed to offer unparalleled anonymity and data protection. While Tails is renowned for its applications in fields such as investigative journalism and activism, it can also serve as a platform for web developers who want to prioritize their online privacy.
In this blog post, we'll delve into how to get a basic web development environment up and running using Tails OS, VSCodium and Node.js. The end result is a development environment where all internet traffic is routed through the Tor network, even when downloading npm packages.
Disclaimer:
I am not a security expert.
Although, logically speaking, I do not see any anonymity or security issues in the following approach, following the steps in this blog post might result in unforeseen anonymity or security risks when compared to a clean Tails installation. For example, it might be possible to install an npm package that leaks sensitive information.
Proceed at your own risk.
Prerequisites
- Working Tails Installation: Ensure that you have a functional Tails installation.
- Persistent Storage Enabled: Activate and configure Tails' persistent storage feature.
- Dotfiles Enabled: Enable the 'dotfiles' feature, so that certain configuration files can be restored on each reboot.
Let's first install VSCodium, and create a shortcut for it so that we can launch it easily. Shoutout to roneo.org for providing the following steps:
- Visit the release page of VSCodium
- Download the package named VSCodium-linux-x64-XXX.tar.gz (where XXX is the last version number — make sure to select the package ending with .tar.gz)
- Once the download is finished, move the archive to the Persistent folder
- Right-click on the file and select Extract here
- Rename the created folder to vscodium
We'll create two files: a bash script to launch VSCodium and a launcher
Create the bash script
Open a terminal and paste gedit ~/Persistent/vscodium-start.sh (Hint: to paste in the Terminal, use Ctrl+Shift+v). Hit enter.
Gedit is now open, paste the following two lines:
Save the file and close.
Back in the terminal, make the script executable:
chmod u+x ~/Persistent/vscodium-start.sh
Create the launcher
Create the persistent folder, if it does not yet exist
Create and edit the launcher with Gedit
and paste the following lines
[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
Terminal=false
Exec=/home/amnesia/Persistent/vscodium-start.sh
Name=Code
Icon=/home/amnesia/Persistent/vscodium-icon.png
Last step, save the following icon in your Persistent folder:
Congratulations! You now have a fancy launcher in your Applications menu.
If you want to save your VSCodium settings, such as UI preferences, extension settings, etc., follow these steps:
- Make the desired changes to VSCodium settings.
- Copy the
~/.config/VSCodium
folder to the dotfiles folder:
/live/persistence/TailsData_unlocked/dotfiles/.config/VSCodium
All settings will now be restored automatically on each boot.
To install VSCodium extensions, you can do so manually by:
- Visiting the Visual Studio Marketplace for VSCodium
- Selecting an extension and clicking the "Download Extension" button under "Resources."
- Navigate to the extensions tab in VSCodium, click the three dots (...) in the upper right, and select "Install from VSIX."
- Navigate to the .vsix file you downloaded and install it.
To persist the installed extensions, copy the ~/.vscode-oss folder into your dotfiles folder.
Now let's install the Node.js linux binaries.
- Download the Node.js binary from the Node.js website (Linux binaries, x64, with a filename ending in .tar.gz).
- Move the downloaded archive to the Persistent folder.
- Right-click on the file and select "Extract here."
- Rename the created folder to nodejs
In order to add the npm and node binaries to the path, create a .profile file with the following commands:
- Open a terminal and navigate to the dotfiles folder:
cd /live/persistence/TailsData_unlocked/dotfiles - Create and edit the .profile file:
gedit .profile - Add the following code to the file:
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
umask 077
# if running bash
if [ -n "$BASH_VERSION" ]; then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/.local/bin" ] ; then
PATH="$HOME/.local/bin:$PATH"
fi
# Nodejs
export PATH=/home/amnesia/Persistent/nodejs/bin:$PATH
The first 27 lines are the default terminal profile for Tails. In the last two lines, the Node.js binaries are added to the path, so that we can run npm and node commands in the terminal.
You might need to restart Tails in order for the profile to be applied.
If you attempt the npm install command in the terminal, you may notice it fails because the npm binary is not allowed to communicate over the normal internet. Instead, Tails forces each application to use the TOR network, or be without internet access.
In order to allow npm to download packages, we will have to let npm know how to connect to the internet through the TOR network. Luckily for us, Tails has a SOCKS5 Tor proxy running on socks://localhost:9050
The easy way to set up the proxy connection is to create and edit the .npmrc file in the dotfiles folder:
- Open a terminal and navigate to the dotfiles folder:
cd /live/persistence/TailsData_unlocked/dotfiles - Create and edit the .npmrc file:
gedit .npmrc - Add the following two lines:
- Save and exit.
Alternatively, you can run the following commands to configure the proxy connection for npm:
Then, copy the .npmrc file from your home folder to the dotfiles folder to ensure it is persisted and restored on each boot.
You should now be able to create a folder, run npm init, and use npm install to install packages, albeit with slower download speeds due to the Tor network.
Congratulations, you now have a basic web development setup, with all traffic routed through Tor, including the downloading of packages using npm.
Let us know in the comments if you try it out and have any questions or suggestions.