For a supposed hacker community, knowledge of Tor sure is low. Perhaps the privacy and anonymity people don't feel too keen on commenting.
Here is a good talk by Roger Dingledine, the original author of tor dispelling common myths and giving some statistics on its real world usage: https://inv.nadeko.net/watch?v=Di7qAVidy1Y
The woes of supporting an "I don't want to leave any crumbs" threat model. There are countless of pro-privacy projects who call themselves that simply because their service can be used to increase privacy, but they do not actually do much to protect privacy beyond that. Many even use Google Analytics.
For B, simply support both. This site is popular enough for there to be no risk sharing: Guerrilla Mail.
> Made this privacy conscious temporary mail extension
> Enable JavaScript and cookies to continue
It's not privacy conscious. Privacy conscious would mean A) does not use Cloudflare as a CDN B) does not require JavaScript C) does not discriminate against Tor users.
There are a few services like this already, which I'm not going to spoil for cred on HN, but my rating of this site as of now is 0/10, unusable in the literal sense.
> How is booting your encrypted partition in a VM within Tails more secure than booting it directly?
There will be no proof of an operating system existing at all, just random data. If you use VeraCrypt along with a hidden partition normally, you would still have the VeraCrypt bootloader or an apparent Windows installation on the drive.
Unfortunately, it looks like this version is no longer maintained.
"HiddenVM is a futuristic tool powered by KVM designed to combine the powerful amnesic nature of Tails and the impenetrable design of Whonix with the unbreakable strength of Veracrypt."
It's highly unlikely that any operating system can be as secure as Qubes OS[1], simply by considering the model itself. Especially if using Whonix[2] VMs to browse the internet. It is based on GNU/Linux and Xen.
Each piece of software can be separated into its own VM. It uses read only templates for the root filesystem, making it difficult for malware to persist.
Templates have no access to networking or hardware making it difficult for them to be compromised, AppVMs where you run software can be treated as throwaway and be trivially destroyed after each use.
Dom0 has no access to networking, USB devices and runs no software. Total compromise would require a hypervisor escape.
It is designed with the assumption that you will be owned start to finish.
Luckily I never have to use Windows these days, but with tiling window managers and package managers being a thing now, it might not be as horrible usability wise.
Tails uses a less secure model because it relies on the system firewall to block any non-Tor connections. This means that any user to root vulnerability will leave you naked, deanonymized. Additionally, protocol leaks, or unintentional leaks are more likely to happen. Both of which have happened in the past and are not mere speculation.
I've commented in this thread that at one point, such a vulnerability was left unpatched in Tails for years despite being documented and a PoC existing.
Whonix on the other uses two VMs, one of which runs Tor and the other applications, and connects via an internal network. This means that non-Tor connections are impossible, as the VM where you run software is completely unaware of the real, external IP.
This raises the level of exploit needed substantially, from user to root, to remote kernel exploits or hypervisor escapes.
> where the fact that you are connecting to a Tor node is extremely obvious
Yes, additionally, it has been concluded that it is impossible to hide the usage of Tor from the ISP, VPNs do not help. The usage of Tor is obvious.
> but don't want you to use a VPN
If you can't use Tor safely, it would be unlikely that you can use a VPN safely either.
> That may give you privacy, but it hardly seems like it makes you anonymous.
What makes you say that? There are millions of Tor users connected at any time, if you believe the number of users is an issue. I suggest you read more about Tor on their website - https://torproject.org
> Rather, wouldn't that send up a giant beacon for anyone at your ISP who cares to look at connections they (or the authorities) might want to pay more attention to?
No, I don't believe so granted that you live in a western democracy.
Here is a good talk by Roger Dingledine, the original author of tor dispelling common myths and giving some statistics on its real world usage: https://inv.nadeko.net/watch?v=Di7qAVidy1Y
And for good measure,
It's Tor not TOR: https://support.torproject.org/#about_why-is-it-called-tor