On Fri, Oct 4, 2013 at 2:01 AM, Adam Back <adam@cypherspace.org> wrote:
... For my taste the Tor connection and code and physical device identifiers (physical MAC addr, HD serial etc) should be OUTSIDE of a VM and all client software should be inside the VM.
a better approach is putting them all in constrained guest virtual machine instances. i'm fond of Qubes for this purpose, although there is much ongoing discussion around the best configuration. even better make your Anonymous Tor Browser VM disposable, and frequently re-instantiated. then when your rich attack surface browser gets pwned you've significantly limited the duration and scope of impact. check out: http://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking... https://www.whonix.org/wiki/Comparison_with_Others https://groups.google.com/forum/#!forum/qubes-devel