Tails is excellent on a USB stick, but to use it that way, you need to restart your computer, which if you only have one system can be annoying. Using Tails inside a VM in Virt Manager could solve this problem, while also encrypting the tails partition (I’m not talking about the persistent storage) if the tails image is on an encrypted partition, which AFAIK is impossible to do on a USB stick. However I am unsure if this comes with any consequences like it not running on RAM exclusively. I choose Tails specifically, instead of something like Whonix, because Tails comes with Ublock Origin and runs exclusively on ram.
The tails documentation mentions stuff like MAC address and a compromised host, which in this case shouldn’t be an issue, however, it also mentions "Only run Tails in a virtual machine if leaving traces on the hard disk is not a concern for you. " but it doesn’t explain if the disk image is simply on the disk, or if the system doesn’t run on RAM, which would defeat the whole idea of using tails.
Traces of your Tails session are likely to be left on the local hard disk. For example, host operating systems usually use swapping (or paging) which copies part of the RAM to the hard disk.
There would also be traces of the fact that you ran Tails on your disk because of the Tails disk image you’re booting from, VM configuration files, etc.
Whonix is by far the more preferable solution in this case because its security is significantly better, and you benefit from anonymization features like long-lived Entry Guards which Tails lacks. You could also just do this:
Traces of your Tails session are likely to be left on the local hard disk. For example, host operating systems usually use swapping (or paging) which copies part of the RAM to the hard disk.
True, swap is an issue, but if you permanently remove any swap partitions and swap files from the host, then that shouldn’t be an issue right? (Assuming swap is the only issue here).
There would also be traces of the fact that you ran Tails on your disk because of the Tails disk image you’re booting from, VM configuration files, etc.
Also true, but if the host disk is encrypted (which you can’t do on a regular USB stick), then it shouldn’t be possible to know Tails was utilized on that system without decrypting it first.
Whonix is by far the more preferable solution in this case because its security is significantly better, and you benefit from anonymization features like long-lived Entry Guards which Tails lacks. You could also just do this:
I didn’t know Whonix could be run in live mode, that’s nice to know.
However it still doesn’t have Ublock origin like tails does, which in my use case is not desirable at all. If it was possible to add Ublock on Whonix’s Tor (I mean, you technically can), then that would’ve been the best from both worlds, but from what I read, doing so won’t give you the same fingerprint as Tails, so I guess that isn’t an option.
It wouldn’t, but it would give you the same fingerprint as everyone who installs uBlock Origin in regular Tor Browser, which is a very common configuration. Not as common as not having it, but probably in the same realm of commonality as “people who use Tails,” so I honestly wouldn’t sweat it, either way you’re narrowing yourself down to a smaller subset of users, no way around that.