How do you draw the line? If I just browse clearnet sites for greater anonymity than a hardened Firefox can provide, on safest setting, is there a point to use a full anon OS?
Not really, IMO. Anonymous OSes are for people with a really high threat model. You are probably good just using one of the recommended Linux distros
When you are concerned about your life or getting arrested, then you probably should consider Whonix/Tails.
Only you can answer this question as only you know your threat model. Honestly this is the best answer:
If you’re just a curious individual with a penchant for researching bizarre stuff then perhaps Tor browser or even a VPN is sufficient. If you are a whistleblower or an enemy of the state you better have a much more in depth security plan (physical and digital) than just “Is Tor browser good enough”.
Telling people to use privacy focused OS only if their threatmodel is high enough is as stupid as telling others i don’t need encryption, because i have nothing to hide.
If you are very interested in privacy and dont want to share your information with others who have no right to receive this information, you SHOULD use this given tools every time you can.
There is a difference between using an extreme privacy focussed OS such as Tails or Whonix (which come with extreme tradeoffs in usability) and using standard privacy focussed solutions which don’t have those tradeoffs such as encryption. Using a recommended Linux distribution (which already provides privacy) is enough for most people. When considering solutions, one needs to take into account their threat model… The knowledge base has more info about this topic.
What can go wrong with a standard Tor Browser that Tails/Whonix would save me from? Does it have to be malware that can either escape the web browser’s sandbox or bypass Tor and make clearnet connection? Is the real-life likelihood of something like this happening large enough to be concerned?
Firstly, Tails provides similar security to Tor Browser, Whonix provides much better security. The (only) advantage of Tails is that it leaves no trace on the computer you are using after the fact.
Yes, for certain people, see: When is Tor Browser Bundle not enough, and you need Whonix or Tails? - #4 by deadorbit & also see:
A real life example of Facebook hacking a Tails user which wouldn’t have been possible if they were using Whonix: Facebook Helped the FBI Hack a Child Predator
Tails attempts to provide an operating system that appears uniform for all users, boots from a USB flash memory and leaves no trace on the host device. It also routes all traffic through Tor (except for captive portals) and provides Tor Browser.
My naive view about a standard operating system in comparison to Tails:
- Tor Browser is potentially fingerprintable because of the OS characteristics (fonts, installed apps, etc.). Tor Browser does a lot to resist fingerprinting, but had vulnerabilities in the past and should not be assumed to be invulnerable.
- The user’s uniquely-identifying data, sensitive information and operating system logs that persist (whether or not by user’s permission) on their device are compromised if any browser or other app is hacked.
- A lot of work must be done to harden a fresh install of a standard Linux operating system against security/privacy risks: restrict root access (the default might be sudo everything works!), disable logging, restrict the firewall (the default might be accept all traffic!), MAC address randomization, disable IPv6 or prevent IPv6 MAC address leakage, disable automatic connecting to WiFi, secure APT, install Tor and related software, etc. Tails does some of these things out of the box.
Aside to your question, what reasons are there not to use Tails or Whonix? If Tails or Whonix satisfies your use case, whether you have a “high risk threat model” or not, just use it.