[mtgx]

I disagree. Tor/Firefox do indeed have significantly worse security (right now), but that can be mostly mitigated by using easy-to-use third-party sandboxing tools (Sandboxie, Firejail, a VM).

For Linux, there's now a "hardened" version of the Tor browser as well (still alpha, I believe), and if you really care about this, you can also use TAILS, Qubes/Whonix, etc. It would probably be best not to use Windows if you want to be anonymous anyway (certainly not Windows 10, which looks like it was designed after a law enforcement wishlist - there are probably dozens of ways in which law enforcement can identify you by using Windows 10's tracking "features").

I don't think there's a way to "easily" make "Chrome over Tor" anonymous and private...

[indolering]

> I disagree. Tor/Firefox do indeed have significantly worse security (right now), but that can be mostly mitigated by using easy-to-use third-party sandboxing tools (Sandboxie, Firejail, a VM).

Now that they have moved to multi-process Firefox, they can finally start sandboxing everything. There are already plans in place to start reusing Chrome's sandboxes profiles.

> I don't think there's a way to "easily" make "Chrome over Tor" anonymous and private...

You literally have to fork the browser, they won't maintain the internal APIs required by the Tor team. Hell, they refuse to respect basic SOCKS5 proxy settings [0].

[0]: https://trac.torproject.org/projects/tor/wiki/doc/ImportantG...

[hackuser]

> that can be mostly mitigated by using easy-to-use third-party sandboxing tools (Sandboxie, Firejail, a VM)

We also need solutions for typical end users. In the case of SecureDrop, the users will include people with near-zero technical capability, and little time or motivation to learn something new.