[FDSGSG]

Huge difference. Whonix consists of two VMs, one where you actually work and another which acts as a "router" sending all of your traffic out over Tor.

Code running in the work VM can't leak your IP even with root access.

[vmception]

That didn't answer their question.

Nobody is advised to run Tails in a VM, only as the host OS, so the dual VM part isn't that relevant.

I've used both, only pointing out how your response didn't match

The article does briefly mention Tails and how it does a RAM rewrite upon shutdown for you

> If you're planning to use TAILS, it will scrub the RAM for you automatically when you shut down.

[eightysixfour]

The dual VM part is the essential difference - if someone were to gain root to your Tails installation with a zero day they could decloak your IP. If you are running whonix that is not possible without also breaking out of the VM into the hypervisor.

[vmception]

okay, can't argue that, a 'zero day' is always a threat, especially given how much trust is required in the Tails updates which are like every month

odd and unlikely attack vector, but always a target

[FDSGSG]

>odd and unlikely attack vector, but always a target

??

The FBI has publicly burned firefox 0days to deanonymize Tor users at scale.

We're having this conversation under a post titled "So, you want to be a darknet drug lord".

If you want to be even a small time DNM vendor, you should not use Tails but Whonix.

[vmception]

yes we know its always a target like I already said, I know the FBI and others are actively researching and attacking

But a browser escape is different than obtaining root on an OS that doesnt even enable root by default

like I said, different harder attack vector, likely under research

save the argument for someone more in denial about that?

[boring_twenties]

> an OS that doesnt even enable root by default

This is a meaningless statement. Just because there is no way to log into the root account doesn't mean there isn't a kernel that treats uid 0 specially.

[FDSGSG]

>But a browser escape is different than obtaining root on an OS that doesnt even enable root by default

A linux LPE is worth a small fraction of the money a Firefox escape is. Far easier to come by, far weaker defences.

At least tails seems to use network namespaces now, so deanonymization without root might not be as trivial as it was before.

[FDSGSG]

>That didn't answer their question.

It did. Whonix can defend you against malicious code running inside your work environment, Tails can't.

>Nobody is advised to run Tails in a VM, only as the host OS, so the dual VM part isn't that relevant.

This is why it's a bad idea to use Tails at all unless you aren't actually that worried about being deanonymized.

>The article does briefly mention Tails and how it does a RAM rewrite upon shutdown for you

This is meaningless security theatre.

[tablespoon]

> Huge difference. Whonix consists of two VMs, one where you actually work and another which acts as a "router" sending all of your traffic out over Tor.

Honestly, it seems like it'd be safer just to run two different machines. IIRC, I saw some instructions a long time back for turning a small travel router into a OpenWrt-based Tor router.

[FGDSD]

That can be much better, but you should take care to not get deanonymized based on your hardware serial numbers. Less of a concern when working with VMs.

[digianarchist]

Correct. Whonix could be cloaked via a 0day in QEMU.

[Melatonic]

Couldn't you also just run a VM inside of Tails and do all your work inside of that?

[rosndo]

Maybe possible? Not supported, don’t do this, lots of room for misconfiguration.

I haven’t touched Tails in years, but they used to have a pretty exotic network stack. I wouldn’t want to try to make that work with VMs.