[mirimir]

In my opinion, Hernandez screwed up by not appreciating the risk profiles for Tails and Whonix. Tails is a LiveOS, which doesn't leave traces in RAM or on disk. Whonix is a pair of VMs, one with the Tor process, and the other with user apps. Using Whonix, exploits like this are impossible, because the apps VM has no public IP address, and can hit the Internet only via Tor.

[coolspot]

I can imagine for high-value target there are stacking exploits:

1) escape from browser into VM

2) escape from VM into host

3) run exploit on host

[mirimir]

True. However, such high-value targets would be isolating the Tor process and apps at the hardware level. It's over my head, but I can imagine elements from Tinfoil Chat and Qubes Air.

And yes, vulnerabilities in Tor have been exploited. So it's prudent to hit Tor via nested VPN chains, just in case.

[aspenmayer]

Could you use a ring of VPSs spawning independent VM sessions, which are randomly connected to as needed, and puppeted by scripts or ML, used by others in the meantime, and torn down randomly and on a schedule. Cloud hop in the noise.