I've never understood the Tails threat model, and this comment does not really help. You say that it will prevent the attackers from learning any information, except the real IP address of the user. But hiding the IP address of the user is the whole point of Tor.
If you give that up, then what's even the point? The state can simply drive a black van to your house and get the rest of your information at their leisure.
If you're using Tor from a coffee shop, so an IP address alone isn't enough to identify you.
Or if you're in a country oppressive enough that they'll raid your house for using Tor, but free enough that they'll let you off if they don't find evidence you were doing something illegal over Tor, and they didn't compromise the site you were visiting just asked your ISP to look for Tor users.
Definitely ignorant on the subject, but are there ANY nations that would meet that requirement? I would assume any that are savvy enough to detect tor AND care about it would probably not just say "Oh you crazy kids. Be more careful next time"
After thinking about this, I agree with your point, but it's past me being able to edit my original comment to address this issue there.
OK, now you have an IP. Now what? You get a warrant and search the place. What do you find? A computer, maybe an amnesic virtual machine. No actual access to the website/onion in question. IMO Tails promotes better opsec when using Tor - you don't leave any traces behind of your browsing activity, and you can't gain persistence on the victim without a sandbox escape, since the Tails VM wipes itself. It is still a defense, but maybe not a good enough one.
You look at this from the privacy perspective of someone who wants to hide something within the constraints and confines of a working - and at least somewhat ethical - legal and judiciary framework.
The original use case for Tor is for people who actually need to be able to use the net and hide. If their location and they get it with the equivalent of their local government's "search warrant", it's more likely a raid, interrogation, threats, harassment, censorship, and possibly torture and death.
TL;DR: A plurality of Tor users are from Western countries with arguably decent judicial frameworks. Those that have life-or-death consequences to network anonymity will need a lot, lot more than the Tor Browser Bundle or Tor itself.
> If their location and they get it with the equivalent of their local government's "search warrant", it's more likely a raid, interrogation, threats, harassment, censorship, and possibly torture and death.
This is not who is primarily using Tor. 1/5 directly connecting users of Tor are in the United States. See:
So, the majority of Tor users are in places I think we'd consider have somewhat working judiciary frameworks. And I'm highly skeptical of even the American judiciary framework, if you read some of my past posts.
You are correct, my original threat model was those Tor users and their use cases; if they are in FVEY territory they are probably already lost as Tor does not protect against "passive global adversaries" that FVEY IC has proven to be and may be able to be probabilistically deanonymized as was shown in the Snowden slides. [1]
Yes, I admit I should have been thinking more deeply, and my original advice isn't good enough. I have a tendency to not think things through fully before posting here, and then I edit/evolve my thoughts as time goes on, as one does in a verbal discussion.
Like you stated, clearly there are situations in which users rely on Tor for more than simple anonymity. They are already misguided in using the Tor Browser Bundle for this purpose. Use Qubes or Whonix on dedicated hardware, follow the grugq's "Opsec for Hackers" [1]. If the threat of information is torture and death, Tor alone is not going to save you from your adversary. Your threat model requires a hell of a lot more precautions than anonymity over the wire. You need to assume your tools are compromised and defend in depth as much as possible to make yourself a lot, lot harder to track.
If you are using Tor Browser Bundle on Windows, you fucked up already. If you are only using Tor Browser Bundle, you fucked up too. If you are using Tor on your home connection, nope. If your device leaks identifying information to your access points (MAC addresses, hostnames), negative. If you are not using FDE on the device when they come for you, you are toast, etc etc.
If your adversary is a powerful nation state or an organization with the ability to purchase exploits to use against you and they are willing to fuck you up physically, you have a big problem and you need bigger solutions. No anonymity project will be enough. You need to frustrate your adversary as much as possible and realize that your security comes from making you very expensive to track down, and hope they don't care enough. You are playing the game where you are angering the bear and attempting to be faster than the other guy, so that the other guy who didn't care as much is the one that is eaten.
If they do care enough to come for you, and they have the resources to break a lot of layers to get to you, and you do not have any meatspace power to fight or flee, you are highly unlikely to win.
If that's the "whole different ball game" you are playing and are just using TBB, you will lose. If your adversary is that strong or you have your life to lose, and you are likely being targeted, it is clear at this point that Tor Browser Bundle should be considered harmful without a better strategy of defense in depth.
Regarding the beginning of your answers: note that nowhere in my comment did I make an assumption about the distribution of the TOR users by use-case. I spoke of the original intent. I don't really care what the vast majority of users use it for and in what context. I care about its original goals.
Regarding needing more than TOR, not necessarily so. There are many oppressive states (on different points of a large spectrum, from basic censorship to actual physical oppression), and though we read many stories about their crackdowns on privacy rights and monitoring facilities, very often we over-estimate their capabilities (e.g. the GFW of China is rather sad joke, technically speaking). So if you're not your state's Public Enemy Number 1, you're within a risk range that's most likely acceptable using TOR, so long as you use it correctly and carefully (and that you accept that risk...). Basically, it boils down to what you said: "if they do care enough to come for you, and they have the resources".
Indeed, I was also probably a bit over-simplistic in my previous answer: there are different leagues with different ball-games.
Also it should be noted that whenever someone raids my home, they'll find the qubes laptop which my ISP will be able to identify as the whonix computer, and therefore I will probably be tortured until I spill out the f*cking hard drive encryption password. That's useless for the tails computers.
If you give that up, then what's even the point? The state can simply drive a black van to your house and get the rest of your information at their leisure.