Expand or change the persistence section

[grazzolini]

When talking about TAILS, in the persistence section, nothing is mentioned about other operating systems which can be used instead of TAILS. There is Qubes and Whonix that can be used in this context. With the benefit that, configured properly, they won't reveal your real IP address if you get compromised. Micah has recently wrote about them: https://theintercept.com/2015/09/16/getting-hacked-doesnt-bad/

I think they deserve a mention, specially when you need day to day usage of tor, and the other tools. I can create a pull request talking about them, if necessary.

[psivesely]

This guide is aimed towards readers new to encryption. Most people would consider Qubes too difficult to use.

With the benefit that, configured properly, they won't reveal your real IP address if you get compromised.

First, it depends what you mean by compromised. If the VM you run Tor in is compromised or Xen is compromised, then your IP will be directly accessible. Further, if you can access someone's data via a compromise, you often do not need their IP address to determine their identity.

I think they deserve a mention, specially when you need day to day usage of tor, and the other tools. I can create a pull request talking about them, if necessary.

If you want to create a one-line addendum that mentions Qubes + Whonix is for advanced users already familiar w/ GNU/Linux, we may consider merging it.

[grazzolini]

This guide is aimed towards readers new to encryption. Most people would consider Qubes too difficult to use.

It certainly is not for beginners. It's hard even for people familiar with Linux.

First, it depends what you mean by compromised. If the VM you run Tor in is compromised or Xen is compromised, then your IP will be directly accessible.

This certainly is true. But you'd need to compromise the VM used for tor browsing, and then compromise the VM running tor to get the real address. There is of course the risk of the hypervisor getting compromised, but again, you'd need to compromise the VM first. Whereas with TAILS, all is needed is to compromise the browser, and you get access to the bare metal.

Further, if you can access someone's data via a compromise, you often do not need their IP address to determine their identity.

Yes, and this is the main reason why there are plenty of advice to not use anything personally identifiable within the VM.

If you want to create a one-line addendum that mentions Qubes + Whonix is for advanced users already familiar w/ GNU/Linux, we may consider merging it.

I certainly will.

Thanks

[psivesely]

But you'd need to compromise the VM used for tor browsing, and then compromise the VM running tor to get the real address.

No, you can directly exploit the VM running Tor or you can exploit it via a NetVM. Tor is really solid though, so it should not be easy to compromise a VM where it is the only networked process running, regardless of what "angle" you're coming from.

There is of course the risk of the hypervisor getting compromised, but again, you'd need to compromise the VM first.

There are actually exploits that have directly compromised Xen and other hypervisors w/o first compromising a VM process or guest kernel.

Yes, and this is the main reason why there are plenty of advice to not use anything personally identifiable within the VM.

This is not always possible, but with good opsec and compartmentalization you can very much so minimize data/ privacy losses with a system like Qubes. Doing this properly though requires a lot of vigilance and technical expertise. Definitely out of scope for this guide, but again, still feel free to send that one-liner.

P.S. I love Qubes.