[0xCMP]

If you read through the 10 year old presentation linked[0] you'll see they have ways to break just running over Tor. You really need to be running Tor on the machine, possibly via a VPN (like Mullvad or VPS+Wireguard/SSH), and either using Tor Browser, Whonix/Tails, or QubesOS.

My (updated) understanding is that running all things via Tor is slow without as much benefit as just a normal VPN and that if anything you use throw away VMs or Tor Browser sessions to avoid any way to correlate. Also note that a well known attack is simply knowing a connection is currently happening (preferably a long-running one) and cutting off the internet in suspected areas until the connection drops. So I guess either you need to avoid long running connections (I think you could do this in the local firewall?) or have redundant network connections like Dual ISP or ISP + LTE on something like Opnsense (cause wow, is it difficult to do this on Linux. I intend to blog about it someday soon).

[0]: https://www.theguardian.com/world/interactive/2013/oct/04/to...