All known law enforcement attacks against Tor have involved some kind of exploit (e.g., in Tor Browser) that creates a non-Tor connection to collect the user's IP. Tails does not protect against this. Whonix provides much stronger protection against practical, real-world attacks, since the entire operating system is forced through a Tor connection.

It’s probably important to note that as I understand it, these attacks have generally been Firefox zero-day exploits that have made its way in because the Tor Browser is based on Firefox ESR with patches.

Darknet sites should be on something with a much smaller attack surface like the pages from the Gopher or Gemini protocols.

Tails has the entire OS as Tor connections only, an escape from the Tor browser would still be stuck in a Tor only OS.

What information do you have to the contrary?

Tails includes an "Unsafe Browser" which connects in the clear. So on top of a Firefox exploit, you would need another exploit to launch that browser or an exploit to escalate to root and tamper with the firewall rules. At least one Tails user has been successfully targeted like this ("an exploit taking advantage of a flaw in Tails’ video player to reveal the real IP address of the person viewing the video").[1] With Whonix, even an attacker with root would not be able to make a non-Tor connection because the firewall runs on a separate virtual machine.

[1] https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-h...

wow! that story is wild I totally missed that during the pandemic. now I'm no longer annoyed at always having to update tails the few times I boot it up.

but yeah probably going to prioritize Qubes and whonix again.

I mean yes and no.

Assuming there was an exploit that broke out of the Firefox sand box you are correct that any connection is via tor.

Though tails isn't 100% sure, you could chain a Firefox cve + user land to root and then turn off the to routing rules.

administrator/root is turned off by default, and even if the user turned it on during boot, they would still have to be tricked into approving or putting in their password again, am I missing something about the veracity of possible exploits?

There are some exploits that allow for gaining root access.

One that comes to mind is dirty sock[0]. It uses a vulnerability in the snap api to create a root user.

https://github.com/initstring/dirty_sock/blob/master/dirty_s...

I left a comment in this thread of a non-root deanonymizing, Tails specific exploit that bizarrely went unpatched for multiple years.

There may be a security advantage to using a separate non-bypassable network appliance that puts your traffic on Tor, since then it would be much harder to break into a Tails machine and make it leak your location. However, given that it's meant to be easy to use, I think they probably picked the right balance by having the Tor redirecting occur in the same address space as the computing environment.

Tails didn't patch a non-root exploit that could leak the users real IP by bypassing the firewall without them knowing it for 3 years. I do not understand why Tails is recommended over Whonix (specifically Qubes-Whonix, thus with a trusted TCB).

> The Unsafe Browser allows to retrieve the public IP address by a compromised amnesia user with no user interaction

https://gitlab.tails.boum.org/tails/tails/-/issues/15635

The ''Heads'' distro was meant to address some of the criticisms of Tails. Sadly its development seemed to end in 2018:

https://heads.dyne.org/about.html

https://distrowatch.com/table.php?distribution=heads

I'm wary about even Googling it because I swear I heard you are tracked in the US for even Googling it, or downloading it, or even reading on Wikipedia. It sounds laughable when I type it to be honest, but hey. I feel I have better hills to die on.