// Classified · Personal Use · Field-Grade

An operating system
that forgets
on command.

AuroraOS is a bootable-from-USB Linux distribution in the Tails tradition. Carry it in your pocket, boot it on any machine, and choose at startup whether to persist, vanish, route everything through Tor, or combine encrypted persistence with Tor routing.

Acquire the ISO → Read the manual
Boot modes
04
Base
Debian 12
USB min
8 GB
License
Open
aurora@bootloader:~ tty1
§01 — Boot Modes four choices · one stick

Four ways to boot. You decide each time.

Every power-on, the boot menu asks how private this session should be. Persistence and Tor are independent flags, so you can keep them separate or combine them when the job calls for it.

aurora.persistent

Persistent

Files, settings, and apps are written to an encrypted (LUKS) partition on the USB and restored on the next boot. A genuine daily-use OS that travels with you.

storageLUKS2 · AES-256
KDFArgon2id
survives rebootyes
aurora.amnesic

Amnesic

The whole OS runs from RAM. The instant you shut down, every byte evaporates. Pull the stick and the host computer holds no trace you were ever there.

storageRAM only
survives rebootno
host footprintnone
aurora.tor

Tor

All traffic is forced through the Tor network in an amnesic session. A firewall kill-switch drops anything that can't be torified, and DNS resolves over Tor.

routingtransparent proxy
kill-switchnftables
DNSover-Tor
aurora.persistent + aurora.tor

Persistent + Tor

Unlock encrypted persistence and apply Tor routing in the same session. Your files survive reboot while network traffic goes through the kill-switch path.

storageencrypted
routingTor
amnesiapartial
§02 — Manifest what's loaded

A complete desktop on a solid foundation.

Built on Debian stable with a modern GNOME desktop and a curated, privacy-first application set — modeled on Tails.

01GNOME ShellModern desktop environment with Mutter compositor and GDM display manager.Desktop
02ThunderbirdEmail client with built-in OpenPGP encryption.Mail
03Tor BrowserFetched from the Tor Project and GPG-verified at build time for anonymous browsing.Privacy
04LibreOfficeFull office suite — documents, spreadsheets, presentations.Office
05GNOME SecretsEncrypted, offline password manager (KeePass format) — same as Tails.Security
06GIMPLayered raster image editing.Media
07MAT2Metadata anonymisation — strips identifying data before you share.Privacy
08Encrypted messagingPidgin (OTR) and Dino (OMEMO) chat, routed over Tor.Privacy
09Hardware firmwareWi-Fi, GPU, and CPU microcode bundled for broad machine support.System
10Scoped sudoThe live user can run Aurora helpers, but not a blanket root shell that could disable Tor protection.Security
§03 — Acquisition Procedure download → flash → boot

From download to bootable in four steps.

AuroraOS v0.58 · amd64 ISO
Prebuilt image — SHA256 loading… · checksum
Download ISO
⚠ The download itself is not anonymous

This ISO is served through Cloudflare. That means Cloudflare — and any network between you and it — can see the IP address, time, and file of every download, exactly the way any website sees its visitors. This is unavoidable: you have to fetch a privacy OS over the open internet from some host before you can boot it. The same is true of Tails and every comparable project. AuroraOS protects you after you boot it — not while you download it.

To get it privately:

  • Open this page in the Tor Browser ↗ or over a trusted VPN — Cloudflare then sees the Tor exit / VPN address, not your real IP.
  • Or download from a public / shared network that isn't tied to your identity.

Note: the published SHA256 and signature prove the file wasn't tampered with — they do nothing for privacy. Don't confuse the two.

01DOWNLOAD

Get the image

Click Download ISO above to fetch the prebuilt AuroraOS image (~2.4 GB). Save it somewhere you'll find it, then verify it against the published SHA256 checksum before flashing.

02FLASH

Write to USB

Use Rufus (Windows) or balenaEtcher (any OS) to write the ISO onto a USB stick of 8 GB or more. This erases the stick — back it up first.

03BOOT

Power on & choose

Plug into any PC, enter the boot menu (F12 / F10 / Esc), and select AuroraOS. If the custom boot menu appears, pick Amnesic, Persistent, Tor, or Persistent + Tor. Default user is aurora (no password to log in), and auto-lock is disabled so it won't strand you.

04PERSIST

Enable persistence (optional)

Once, from any boot, run sudo aurora-persistent-setup. You'll choose a passphrase you must remember (there's no recovery). On the next Persistent-mode boot, type it at the prompt to unlock your files.

Prefer to build it yourself? AuroraOS is fully open source (MIT) and built with Debian's live-build — the complete build configuration and build.sh live in the source repository on GitHub ↗.

§04 — Command Reference operator quick-card

The commands you'll actually run.

$ build.shhost
# Inside WSL2/Ubuntu, project root
./build.sh           # full build
./build.sh clean     # wipe & restart
./build.sh config    # validate config only
aurora@ live shellguest
aurora-status                  # show current mode
sudo aurora-persistent-setup   # create persistent volume
sudo aurora-set-password       # enable screen locking
aurora-tor status             # show Tor kill-switch state
aurora-upgrade                # install signed updates
§05 — Operator Questions caveats & clarity

Frequently asked, honestly answered.

Q1Is this a replacement for Tails?+

No, and it doesn't claim to be. AuroraOS borrows Tails' ideas — amnesia and Tor routing — but is an independent, unaudited personal project. For genuine high-risk anonymity, use the real Tails.

Q2Can I install it to a hard drive?+

AuroraOS is a live USB system by design — it runs from RAM and an optional encrypted partition on the stick itself. In Amnesic mode it doesn't write to the host's internal drives; like any OS it can see them if you choose to mount them.

Q3Is Tor mode guaranteed anonymous?+

No. It's configured in good faith (transparent proxy + firewall kill-switch + DNS-over-Tor) but has not been traffic-leak audited. Browser leaks, app telemetry, and fingerprinting can still de-anonymize you. Treat it as stronger than normal browsing, not magic.

Q4Can I turn Tor off from the terminal?+

Not as the normal live user. That is deliberate: if a desktop session is compromised, it should not be able to drop the kill-switch and leak your real IP. To leave Tor mode, reboot and choose Amnesic or Persistent.

Q5What hardware does it support?+

Any amd64 (64-bit x86) PC that boots from USB. AuroraOS includes UEFI Secure Boot support, but firmware can still be awkward; if boot fails, test with Secure Boot disabled.

Q6How is it actually built?+

With Debian's live-build, the same toolchain behind Tails, Kali, and Parrot. The open-source repo ↗ holds the config; build.sh assembles a hybrid ISO.

Q7How does it update?+

Like Tails — not with apt, but by replacing the whole system image with a cryptographically signed one. The built-in AuroraOS Upgrader notifies you when a new version exists; one click verifies the signature and SHA-256, then atomically swaps the image on the USB (keeping the old one as a rollback). In Tor mode the download routes over Tor. An unsigned or tampered update is refused.

Q8Can whoever hosts the download see that I got it?+

Yes. The ISO is served through Cloudflare, so it can see the IP address, time, and file of each download — the same way any website sees its visitors. There is no way around that: you have to fetch the OS over the open internet before you can boot it, and Tails and others are in exactly the same position. To avoid it, download over the Tor Browser or a VPN, or from a network not tied to you — then the host sees the Tor exit / VPN address instead of your real one. The published checksum and signature protect the file's integrity, not your privacy — and AuroraOS only makes you anonymous after you boot it, not while downloading.