I almost find it suspicious how heavily Tails is promoted over Whonix. Tails focuses on largely imaginary scenarios that only happen to people named Bob or Alice, while Whonix fixes the actual attacks that come up in subpoenas.

Apple's and Oranges; tails is designed for storing sensitive files amongst many other features whereas Whonix is a live CD that doesn't offer storage and is focused only on secure browsing.

I think you're backwards. Tails is the LiveCD with a browser (that can beacon straight out). Whonix is the VM based system. I think it's capable of more than just browsing, but I use it as the "secure browser" in Qubes as a disposable VM, because it just automatically does the right stuff with the gateway VM and such.

It is an complex idea but in theory one could produce a live-image that spins up the Whonix 'gateway' and 'workstation' virtual-machines into RAM. Boom, probably better than Tails.

The most obvious concern is the RAM-usage (because of tmpfs and each VM having allocated RAM on top of that) and if disk-usage between the gateway and workstation images could be de-duplicated to save space in the live-image.

Modern browsers should really be treated like operating systems because they have so many capabilities and are so complex. I try to run all of mine in separate virtual machines on Debian Linux using virt-manager. Additionally, they're sandboxed with firejail (looking at moving to bubblewrap) and apparmor. I'm less concerned with my IP address and more with a website being able to access random files on my computer.

> Tails browser on [almost anything] is one browser exploit away from beaconing out directly from your IP

as far as I am aware Tails use IP tables to force all network connections through tor. You would require an escape from the browser and then a privilege escalation to get around this.

Local privilege escalations are about a dime a dozen. If you're executing arbitrary code, root isn't a far jump.

So that's not a single exploit away then

I knew about Tails but not Whonix. This is really nice. No live system like Tails though?

then why not just use Whonix

"Whonix alone" is probably fine against browser exploits in the Tor browser (of which I generally assume there are many, because it's a browser of Very Much Interest to plenty of agencies). However, if you assume a "dirty host," with various bits of nastiness on it, if you're just using Virtualbox or something, it would be easy enough for a compromised Whonix workstation VM to chatter away with the host and have the host beacon out, or have the host modify the disk images for Whonix to add badness, or something of the sort. It's not a high risk, but if you're going to be doing something with Tor where failure of opsec puts you in prison for life (see DPR), it's something to consider.

Qubes adds a few more layers of isolation and security, because you now have a Type 1 hypervisor under everything (currently Xen), with your other isolation VMs separated out. Badness in another VM can't directly impact the Whonix VMs, unless it's compromised Dom0, at which point you've lost with Qubes anyway.

Both are at risk from a hypervisor escape as well, but I generally consider Xen to be a somewhat better inspected and harder to escape from target than Virtualbox or VMWare Workstation, just because there's less to Xen. It's a far smaller codebase, and when you're using hardware virtualization with paravirtualized devices (virtio-type interfaces), there's just not as much surface exposed for attack. It's not impossible, but I would generally consider VMWare/Virtualbox somewhat softer targets to escape from than Xen.

Again, does any of this matter for casual use? No. But if you're going to use Tor for things that have actual consequences, it may very well matter a lot, and at that point, fully understanding the various threats and how they've been used over the years may be a matter of your freedom.

For whatever it's worth, I try to add Tor traffic where I can, just to help with the noise factor.