All known law enforcement attacks against Tor have involved some kind of exploit (e.g., in Tor Browser) that creates a non-Tor connection to collect the user's IP. Tails does not protect against this. Whonix provides much stronger protection against practical, real-world attacks, since the entire operating system is forced through a Tor connection.
It’s probably important to note that as I understand it, these attacks have generally been Firefox zero-day exploits that have made its way in because the Tor Browser is based on Firefox ESR with patches.
Tails includes an "Unsafe Browser" which connects in the clear. So on top of a Firefox exploit, you would need another exploit to launch that browser or an exploit to escalate to root and tamper with the firewall rules. At least one Tails user has been successfully targeted like this ("an exploit taking advantage of a flaw in Tails’ video player to reveal the real IP address of the person viewing the video").[1] With Whonix, even an attacker with root would not be able to make a non-Tor connection because the firewall runs on a separate virtual machine.
wow! that story is wild I totally missed that during the pandemic. now I'm no longer annoyed at always having to update tails the few times I boot it up.
but yeah probably going to prioritize Qubes and whonix again.
administrator/root is turned off by default, and even if the user turned it on during boot, they would still have to be tricked into approving or putting in their password again, am I missing something about the veracity of possible exploits?
