This is the use case for Tails. . . . [T]here are no writes to storage, unless users configure [otherwise] . . . .
Sure, but this isn't a _Tor_ issue. It's just about Tor browser, which is just (heavily) modified Firefox. And although I'm no software expert, I'm guessing that it's impossible to guarantee what some code will or won't leave behind when it crashes. Even if you tweaked the browser to never write temp files to disk, and keep everything in RAM, you couldn't guarantee that the OS won't write stuff to disk.
That is, unless there _is_ no disk, as in Tails. Even with Whonix, traces likely remain in the virtual disk.
There is never "no" disk, just a matter of which ones are plugged into the box, physically, or remotely. Only old SCSI, optical, some floppy / tape mediums had functional hardware write protect. Even burnables could conceivably have more bits burnt, or burnt down, later. USB and SD are software honor system write protect. Most people don't even know they can disable swap and keep system mounted read-only, that's basic. Uid 0 can write to all firmware and user areas on all media. Some flash chips and controllers can be soldered / cut per docs to enable write protect lines. No media lasts forever, is bug free, or bitrot proof. Kanguru does make a hardware write protect USB series. Transcend Jetflash, PQI, and others might. Some claim to offer additional protections such as signed firmware loads, etc. Any firmwares involved may or may not be protected against BadUSB... ask them how their write protect etc works... if you're brave / dumb enough to believe their non #OpenFabs , non #OpenHW marketing lies about it. Same goes for any claims about integrated AES encryption hardware, PKI sticks, crypto key modules, hardware enclaves, and all other backdoored junk you can't see, etc. Including from the likes of Intel, Apple, Trezor... Even from opensource OS that refuse to implement block storage opcode command filtering to help prevent at least some user level propagation common with shared / public systems. https://www.kanguru.com/ https://www.youtube.com/watch?v=nuruzFqMgIw https://www.youtube.com/watch?v=xcsxeJz3blI https://adamcaudill.com/2014/10/02/making-badusb-work-for-you-derbycon/ " Blaze speculates that the USB attack may in fact already be common practice for the NSA. He points to a spying device known as Cottonmouth, revealed earlier this year in the leaks of Edward Snowden. The device, which hid in a USB peripheral plug, was advertised in a collection of NSA internal documents as surreptitiously installing malware on a target’s machine. The exact mechanism for that USB attack wasn’t described. “I wouldn’t be surprised if some of the things [Nohl and Lell] discovered are what we heard about in the NSA catalogue.” The alternative is to treat USB devices like hypodermic needles. Nohl says he and Lell reached out to a Taiwanese USB device maker, whom he declines to name, and warned the company about their BadUSB research. Over a series of emails, the company [Phison] *repeatedly denied* that the attack was possible. " Remember, BadUSB porn got Bin Laden :) ... maybe. Rubber up your duckies, check hashes, backup, be insane! #OpenFabs , #OpenHW , #OpenSW , #OpenDev , #OpenBiz When will you ever learn... it's not that hard. Cc the biased and censored metzdowd list because... https://www.youtube.com/watch?v=tQQFA9YXCZ0 ;)