> and suggest an up to date OpSec guide to using Tor?
Use Disposable Whonix VMs in Qubes OS (available in the 4.0-rc4) for the best secure experience that you can get right now. For less security, an alternative would be to use Tails or Subgraph.
You can also control how much attack surface you expose in your browser in the Security Settings in the Tor Button (Medium (now termed Safe) disables JS on HTTP websites, JIT optimization, and sets media files to click-to-play. High (now termed Safest) disables JS everywhere, and SVG...).[1]
In what way are Disposable Whonix VMs in Qubes OS more secure than Tails? I understand that the VM won't have access to the real IP address, but isn't there a possibility of breaking through the VM (while with Tails the entire system is disposable)? Are there other ways that it is more secure?
> In what way are Disposable Whonix VMs in Qubes OS more secure than Tails?
To de-anonymize Tails one needs to exploit Tor Browser first, then get root access. For Disposable Whonix VMs in Qubes OS one would need the additional availability of a Xen exploit to break out of the VM in order to de-anonymize it.
Use Disposable Whonix VMs in Qubes OS (available in the 4.0-rc4) for the best secure experience that you can get right now. For less security, an alternative would be to use Tails or Subgraph.
You can also control how much attack surface you expose in your browser in the Security Settings in the Tor Button (Medium (now termed Safe) disables JS on HTTP websites, JIT optimization, and sets media files to click-to-play. High (now termed Safest) disables JS everywhere, and SVG...).[1]
[1] : https://tb-manual.torproject.org/en-US/security-slider.html