[mirimir]

Huh? Against Google and Facebook, it's not at all impossible. Or against the FBI. Against the NSA, it's hard to say.

I have not seen any reported pwnage that didn't involve obvious OPSEC failures. You just need to compartmentalize, and avoid creating associations.

[Khaine]

Which is easier said than done. All it takes is one slip up for your hard work to be undone. One tiny mistake.

Advertisers are looking to de-annoymise you, three letter agencies are trying to de-annoymise you and all it takes is one minor slip upper being too unique (i.e. your combination of web browser, addons, screen size, IP address, etc).

It is almost impossible for a regular user to be anonymous, to have good opsec, for extended periods of time.

[mirimir]

Sure, people screw up. So systems must fail nonfunctional/closed. Whonix is an excellent example. Tor runs in one VM, and user apps run in another VM. The Tor VM is not a router. There's no forwarding. It merely exposes Tor ports on a private network. So apps can have no Internet access except through Tor.

Regarding uniqueness, using personas that must remain unlinked on the same physical machine is very risky. Given the risk of guest-to-host breakout. And because hardware signatures may be visible remotely. If WebGL is enabled in VMs, Internet sites can link VMs on a given host (graphics card) that use the same virtual graphics driver. In particular, ones meatspace identity should never share a physical machine with any personas that's at all risky. They should also be compartmentalized on separate LANs.

So Debian and the Ubuntu family have the same signature. But Windows, OS X, Centos/Fedora, Arch/Manjaro and PC-BSD have different signatures. So one can use VMs with different WebGL signatures on the same hardware. But only for personas where linkage would be survivable.