[nikcub]

I appreciate a lot of the work that the Tails guys do - but for a privacy and security focused distribution there are far too many included apps for my liking[1], which increases the attack surface. LibreOffice, Gimp and Audacity are just some of the apps - and many have a horrible history of vulnerabilities[2].

When Tails has had vulnerabilities it is often with one of these included apps[6].

The browser isn't sanboxed (it's in progress[3]), and the machine is still directly connected to the internet, so you're a single Firefox vulnerability and a drive-by download away from being deanonymized.

It is also a shame that both OS X and Windows make it difficult to write an OS to an USB stick and boot from it - the install requires an intermediary Linux OS either on DVD or USB, which a lot of users won't get by.

For a different approach, see Whonix[4] - a virtual machine based approach with an isolating proxy (very popular setup amongst black hats) and Qubes OS[4] which is built on Xen and runs processes in separate VM's

[1] https://tails.boum.org/doc/about/features/index.en.html

[2] https://www.cvedetails.com/vulnerability-list/vendor_id-1143...

[3] https://wiki.mozilla.org/Security/Sandbox

[4] https://www.whonix.org/

[5] https://www.qubes-os.org/

[6] https://blog.exodusintel.com/2014/07/23/silverbullets_and_fa...

[petra]

There's even Qubes-whonix: "Qubes-Whonix is the seamless combination of Qubes OS and Whonix for Security + Anonymity."

https://www.whonix.org/wiki/Qubes

[nix0n]

There's an easy way to write an OS to an USB stick and boot from it... if you're not paranoid.

http://www.pendrivelinux.com/universal-usb-installer-easy-as...

[swinglock]

The Whonix approach is very reasonable. Tails must be considered inadequate when used as a complete solution as long as the browser isn't fully isolated from the Tor underlay.

[dublinben]

>Tails must be considered inadequate

Tails is significantly more secure than the common practice of running the Tor Browser Bundle on a Windows OS.

[nikcub]

I built a custom VMWare install of Windows Embedded (well, they're all custom) running just Chromium. I think it's pretty secure - the footprint is tiny, I was actually more concerned about switching off some of the fancier features of Chromium (such as Canvas and WebGL).

In theory it would make an excellent thin client to use with an OpenBSD isolating proxy - i'm actually curious to hear what others would think about using embedded Windows (XP or 8 or 10) in this way.

[bcook]

A proxy cannot anonymize encrypted traffic.

[nikcub]

Isolating proxy:

https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWT...

meaning the only way to route out is to proxy via Tor. IMO it's the only safe way to run Tor and remain anonymous.

[bcook]

That only tunnels traffic through Tor, right?

If the browser leaks identifying client information through HTTPS or other encrypted protocols, the proxy (torify) will not be able to help. That is why Tor Browser is important.

[jmnicolas]

Well apart from Chromium you're relying on a closed source "stack", I'm not sure it's pretty secure.

You didn't mention it, but you should revert to a clean VM snapshot after each time you use your VM (like they do in Qubes).

[lamby]

One "practical" reason is that its relatively easy to make a Debian-based derivative distribution due to the large amount of prior art, tools and manpower. Now, if we could integrate Qubes-style isolation with Debian then most of this could be ameliorated. :)