"Tails or The Amnesic Incognito Live System is a security-focused Debian-based Linux distribution aimed at preserving privacy and anonymity. It is the next iteration of development on the previous Gentoo-based Incognito Linux distribution. All its outgoing connections are forced to go through Tor, and direct (non-anonymous) connections are blocked. The system is designed to be booted as a live DVD or live USB, and will leave no trace (digital footprint) on the machine unless explicitly told to do so. The Tor Project has provided most of the financial support for development. Laura Poitras, Glenn Greenwald, and Barton Gellman have each said that Tails was an important tool they used in their work with Edward Snowden"
This also has some good information about some practical uses of Tails. Not sure much about the claims of the article and their truths (was an entertaining read though), but it gives some further details about Tails for the inquiring mind.
Unless an examination revealed otherwise it is wise to assume that the write protection media is a software protection, not a hardware protection.
For example, there's a project that provides replacement firmware for Canon cameras - http://chdk.wikia.com/wiki/CHDK - stored on the SD card. The new firmware is selected by moving the write-protect switch on the card. In either configuration, the camera can still save new photos to the storage.
I agree that this seems like the best compromise: Have the bootloader load the squashfs (or whatever) to RAM, and then unmount and prompt you to remove the media before executing the kernel. In order to compromise that, you'd have to corrupt the process which creates the flash drive originally; if that's been achieved then it's game over regardless.
That's how the Debian boot image works by default. You actually have to jump through some hoops to enable persistence.
So unless tails actively tries to be stupid it should be safe to remove the drive after the squashfs has been loaded during boot.
Also as SystemRescueCD does a load to RAM so it's certainly doable :)
Not all of them will boot for you though. Mine doesn't.
They could also make it so that your route all information through their nodes, or eavesdrop through a built-in microphone or camera.
All sorts of nasty things, all with persistence between boots.
I was talking about using a USB drive as the medium for your Tails Live"CD."
The point of Tails is that unless you explicitly take action to make changes or save files, nothing that you do will be persistent across restarts. The memory of the PC you were using is wiped, and the medium on which you store the Tails OS has not been modified. The next time you start Tails you will have a fresh copy. No personal information, no settings that could distinguish you from any other vanilla Tails user. You'll be presented with the same toolkit tailored to privacy and security every time.
If an attacker is able to compromise one session it is a problem, but maybe they didn't gather the intelligence they needed to de-anonymize you. Now, if they can make it so that your copy of Tails boots with their exploits already loaded, then there's a major problem.
Then again, a malicious actor may just go through the trouble of bypassing the protections.
If you boot into tails, it's read-only.
Tails is excellent for posting anonymous information to the internet, as long as it is a one time thing. If you first browsed reddit, read your (g)mail or looked at facebook, you are still quite easily identifiable!