[nikcub]

I built a custom VMWare install of Windows Embedded (well, they're all custom) running just Chromium. I think it's pretty secure - the footprint is tiny, I was actually more concerned about switching off some of the fancier features of Chromium (such as Canvas and WebGL).

In theory it would make an excellent thin client to use with an OpenBSD isolating proxy - i'm actually curious to hear what others would think about using embedded Windows (XP or 8 or 10) in this way.

[bcook]

A proxy cannot anonymize encrypted traffic.

[nikcub]

Isolating proxy:

https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWT...

meaning the only way to route out is to proxy via Tor. IMO it's the only safe way to run Tor and remain anonymous.

[bcook]

That only tunnels traffic through Tor, right?

If the browser leaks identifying client information through HTTPS or other encrypted protocols, the proxy (torify) will not be able to help. That is why Tor Browser is important.

[nikcub]

yep, the way it is setup is you create a private network in VMWare, the proxy/router box has a live IP address on one end and is running a DHCP server on the private network. The client VM's connect to the Tor daemon on the proxy/router using SOCKS or HTTP

I don't use torify or anything else - if the app doesn't support SOCKS or HTTP then I don't use it. Any browser leaks will just hit a wall against the router VM.

It's the whonix architecture - except I use my own router (wasn't comfortable with whonix's 1.6GB+ router) and client.

[jmnicolas]

Well apart from Chromium you're relying on a closed source "stack", I'm not sure it's pretty secure.

You didn't mention it, but you should revert to a clean VM snapshot after each time you use your VM (like they do in Qubes).