AuroraOS is a bootable-from-USB Linux distribution in the Tails tradition. Carry it in your pocket, boot it on any machine, and choose at startup whether to persist, vanish, route everything through Tor, or combine encrypted persistence with Tor routing.
Every power-on, the boot menu asks how private this session should be. Persistence and Tor are independent flags, so you can keep them separate or combine them when the job calls for it.
Files, settings, and apps are written to an encrypted (LUKS) partition on the USB and restored on the next boot. A genuine daily-use OS that travels with you.
The whole OS runs from RAM. The instant you shut down, every byte evaporates. Pull the stick and the host computer holds no trace you were ever there.
All traffic is forced through the Tor network in an amnesic session. A firewall kill-switch drops anything that can't be torified, and DNS resolves over Tor.
Unlock encrypted persistence and apply Tor routing in the same session. Your files survive reboot while network traffic goes through the kill-switch path.
Built on Debian bookworm — the same base Tails uses — with a modern GNOME desktop and a curated, privacy-first application set.
804b7b1843c7…0432168098
· checksum
Click Download ISO above to fetch the prebuilt AuroraOS image (~2.4 GB). Save it
somewhere you'll find it, then verify it against the published
SHA256 checksum before flashing.
Use Rufus (Windows) or balenaEtcher (any OS) to write the ISO onto a
USB stick of 8 GB or more. This erases the stick — back it up first.
Plug into any PC, enter the boot menu (F12 / F10 / Esc), and select AuroraOS. If the
custom boot menu appears, pick Amnesic, Persistent, Tor, or Persistent + Tor. Default user is
aurora (no password to log in), and auto-lock is disabled so it won't strand you.
Once, from any boot, run sudo aurora-persistent-setup. You'll choose a
passphrase you must remember (there's no recovery). On the next Persistent-mode
boot, type it at the prompt to unlock your files.
Prefer to build it yourself? AuroraOS is built with Debian's live-build — the full
build configuration and build.sh are available in the source repository.
# Inside WSL2/Ubuntu, project root
./build.sh # full build
./build.sh clean # wipe & restart
./build.sh config # validate config onlyaurora-status # show current mode
sudo aurora-persistent-setup # create persistent volume
sudo aurora-set-password # enable screen locking
aurora-tor status # show Tor kill-switch state
aurora-upgrade # install signed updatesNo, and it doesn't claim to be. AuroraOS borrows Tails' ideas — amnesia and Tor routing — but is an independent, unaudited personal project. For genuine high-risk anonymity, use the real Tails.
AuroraOS is a live USB system by design — it runs from RAM and an optional encrypted partition on the stick itself. In Amnesic mode it doesn't write to the host's internal drives; like any OS it can see them if you choose to mount them.
No. It's configured in good faith (transparent proxy + firewall kill-switch + DNS-over-Tor) but has not been traffic-leak audited. Browser leaks, app telemetry, and fingerprinting can still de-anonymize you. Treat it as stronger than normal browsing, not magic.
Not as the normal live user. That is deliberate: if a desktop session is compromised, it should not be able to drop the kill-switch and leak your real IP. To leave Tor mode, reboot and choose Amnesic or Persistent.
Any amd64 (64-bit x86) PC that boots from USB. AuroraOS includes UEFI Secure Boot support, but firmware can still be awkward; if boot fails, test with Secure Boot disabled.
With Debian's live-build, the same toolchain behind Tails, Kali, and Parrot. The repo holds the config; build.sh assembles a hybrid ISO.
Like Tails — not with apt, but by replacing the whole system image with a cryptographically signed one. The built-in AuroraOS Upgrader notifies you when a new version exists; one click verifies the signature and SHA-256, then atomically swaps the image on the USB (keeping the old one as a rollback). In Tor mode the download routes over Tor. An unsigned or tampered update is refused.