Install Element Desktop on TailsOS

This guide has been tested with TailsOS 7.0 as of 2025-09-20.

This guide uses Flatpak to install Element Desktop and keep it confined in the Persistent Storage volume of TailsOS.

Notes

An active Internet connection is required at every step of this guide.
This is an HTML only guide - with no Javascript, so no copy buttons.
To copy from this guide, highlight the text and press Ctrl +C
Many steps happen in the TailsOS Console (previously called Terminal).
To paste into the Console, right-click → Paste or press Ctrl +Shift +V (not Ctrl +V)
Do NOT use the Root Console unless specified—or instructions won’t work.
The packages included in Tails are carefully tested for security. Installing additional software might weaken built-in protections.

Persistent Storage

If you want to keep Element Desktop persistent, set up Persistent Storage accordingly. (If you plan to use Element only once and discard everything on shutdown/reboot, skip to Install.)

Make sure you are using an up-to-date TailsOS. See: https://tails.net/doc/upgrade/.
Create Persistent Storage: https://tails.net/doc/persistent_storage/create/. (Skip if you already have one.)
Configure Persistent Storage with Additional Software enabled and any other features you need (mail, PGP, etc.): https://tails.net/doc/persistent_storage/configure/. (Skip if already configured.)
Restart Tails. Unlock Persistent Storage, and set an Administration password: Administration password.
Open Applications ▸ System Tools ▸ Root Console and use the admin password from the previous step.
To create persistence for Flatpak data and launchers, run:

sed -i '$ a /home/amnesia/.local/share/flatpak source=flatpak
/home/amnesia/.var/app source=var_app
/home/amnesia/.local/share/applications source=applications' /live/persistence/TailsData_unlocked/persistence.conf

Restart Tails.

Install

Flatpak

Note: If you already have Flatpak installed and the Flathub repo configured, skip to Element-Desktop.

Starting with Tails OS version 6.14, Flatpak comes pre-packaged with Tails. This complicates the saving of our Flatpak settings, because they must be re-loaded from Persistent Storage after every restart. To resolve this, simply uninstalling the pre-packaged Flatpak, and then installing it again will allow Persistent Storage to recognize it properly. This is a one-time operation, and is detailed below.

Start Tails with Persistent Storage unlocked and set an Administration password.
Open Applications ▸ System Tools ▸ Console.
Update existing packages:

sudo apt update -y

Uninstall the pre-packaged version of Flatpak:

sudo apt remove flatpak -y

Install a fresh version of Flatpak:

sudo apt install flatpak -y

When prompted by Tails, click Install every time to make it Persistent.
Add the Flathub repository to Flatpak:

torsocks flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

Note: Ignore this warning if shown: torsocks[PID]: [syscall] Unsupported syscall number 315.

Element-Desktop

Install Element Desktop:

torsocks flatpak install -y flathub im.riot.Riot

Note: If the installation fails or times out, simply execute the install command again.

Create a launcher to run Element via Tor with Wayland flags and audio access:

cat > ~/.local/share/applications/Element-TOR.desktop <<'EOF'
[Desktop Entry]
Type=Application
Name=Element (TOR)
Comment=Matrix client via Flatpak with Wayland flags and Tor proxy
TryExec=/usr/bin/flatpak
# Pass %U through Flatpak file-forwarding to the sandboxed app
Exec=/usr/bin/flatpak run --user --file-forwarding --env=ALL_PROXY=socks5h://127.0.0.1:9050 --env=HTTPS_PROXY=socks5h://127.0.0.1:9050 --env=HTTP_PROXY=socks5h://127.0.0.1:9050 im.riot.Riot --proxy-server=socks5://127.0.0.1:9050 --enable-features=UseOzonePlatform,WebRTCPipeWireCapturer --ozone-platform=wayland @@u %U @@
Terminal=false
Icon=im.riot.Riot
Categories=Network;
StartupWMClass=element
Keywords=Matrix;Element;
EOF

A new application named Element (TOR) appears in Activities Overview. Use this launcher to run Element over Tor.

(Optional) If it doesn’t appear, refresh the desktop database:

update-desktop-database ~/.local/share/applications 2>/dev/null || true

Create a “Flatpak Refresh” launcher to update apps and prune unused runtimes (with logging):

cat > ~/.local/share/applications/Flatpak-Refresh.desktop <<'EOF'
[Desktop Entry]
Type=Application
Name=Flatpak Refresh
Comment=Update user Flatpaks via Tor; log to ~/Persistent/flatpak-refresh-logs
TryExec=/usr/bin/flatpak
Exec=/usr/bin/env bash -lc 'set -Eeuo pipefail; LOGDIR="$HOME/Persistent/flatpak-refresh-logs"; mkdir -p "$LOGDIR"; TS=$(date +%Y%m%d-%H%M%S); LOG="$LOGDIR/flatpak-refresh-$TS.log"; echo "== Flatpak Refresh: $(date) ==" | tee -a "$LOG"; /usr/bin/torsocks /usr/bin/flatpak remote-add --user --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo 2>&1 | tee -a "$LOG"; /usr/bin/torsocks /usr/bin/flatpak update --user -y --appstream 2>&1 | tee -a "$LOG"; /usr/bin/torsocks /usr/bin/flatpak update --user -y 2>&1 | tee -a "$LOG"; /usr/bin/flatpak uninstall --user --unused -y 2>&1 | tee -a "$LOG"; command -v notify-send >/dev/null 2>&1 && notify-send "Flatpak Refresh" "Success. Log Created: $LOG"; echo "Success. Log Created: $LOG" | tee -a "$LOG"'
Terminal=true
Icon=system-software-update
Categories=System;
Keywords=flatpak;update;uninstall;unused;log;refresh
EOF

A new application named Flatpak Refresh appears in Activities Overview. Run it regularly to update your Flatpak applications.

(Optional) Refresh the desktop database if needed:

update-desktop-database ~/.local/share/applications 2>/dev/null || true

Start

Start Tails with Persistent Storage unlocked, and set an Administrator password.
Wait until additional software installs successfully.
(Optional) Open Activities (Super/Windows key), type Flatpak, and click Flatpak Refresh to update applications.
Open Activities, type Element, and click Element (TOR) to start.

Note: If you see the following Error: "Your system has a supported keyring but encryption is not available." you may disregard this, and click "Use no encryption". This is a bug in the Flatpak distribution of Element Desktop. You will still be able to send and recieve encrypted messages, but this error means that locally stored messages will not be encrypted. This is technically safe, since your Element data (including messages) are stored in the encrypted Persistent Volume in TailsOS. So the risk for this issue is mitigated. This will hopefully be patched in future versions of the Flatpak distribution of Element.