I run Windows 10 on my PC and occasionally use Tails. Recently I shut down my laptop and booted into Tails as usual, then shut down Tails and booted back into Windows 10. Before I shut down my Windows laptop I had two apps running including a VPN app, neither of which are set to launch on startup. When booting back into Windows I saw that both applications were open and my VPN connection was still active. Even when I close my laptop lid and return, usually the VPN connection needs to re-establish, but not this time.
It’s possible I accidentally put my laptop in hibernation rather than shutting it down while using Tails, but I thought Tails wiped all the memory when it shut down? Does anyone have any other ideas as to how Windows would’ve remembered its state? Wouldn’t this be a threat to my security or anonymity on Tails if Windows is loaded into memory at the same time as I’m using Tails?
Do you have fast startup enabled in your Windows settings?
Fast Startup combines elements of a cold shutdown and the hibernate feature. When you shut down your computer with Fast Startup enabled, Windows closes all applications and logs off all users, just as in a normal cold shutdown. At this point, Windows is in a state very similar to when it’s freshly booted up: No users have logged in and started programs, but the Windows kernel is loaded and the system session is running. Windows then alerts device drivers that support it to prepare for hibernation, saves the current system state to the hibernation file, and turns off the computer.
I’m not sure how this would be the case if you haven’t noticed this issue before. Was this the first time you shut off the laptop with the VPN connection active?
Windows no longer shuts down properly like in the olden days. It takes so long to boot it up properly, also like in the olden days, I would say even more so now that the OS is complex and massively bloated.
I think Windows compresses the RAM contents and writes it to disk. During wake, it rapidly uncompresses the files to disk from the RAM.
So what likely happened is that Windows has your memory state written down during your “fake shutdown.” that got restored.