This is why I run a 1-task only Windows VM inside a Linux VM on a Mac. Ain’t nobody ripping through x3 0-days for my chats.

If you're a targeted journalist, they'll go through more than three to get you. Full chains are fairly long these days.

lmao bro does all that in front of his IoT Samsung toaster, that has a speaker...speakers are microphones.

Macwinux

There's no such thing as a perfect solution, only solutions that improve a bad situation.

I'm not so much saying it's a bad idea as that what my parent comment described was a logical contradiction. It isn't possible to run "anything that is susceptible to outside data" in sandboxes, because that makes the sandbox susceptible to outside data. If you're genuinely assuming that anything susceptible is already compromised, then the sandbox is accomplishing literally nothing.

I always remember a quote from a sci fi I read about the "multi planet Internet" there.

It was layer upon layer upon layer of protocols and software.

Because it wasn't possible to remove old layers (because some satellites or wormholes or whatever would stop working.)

So, it was super easy to hack...and sending spam. Well you will get killed for that though.

Would be interested in the name of he book ?

It sounds like Vernor Vinge’s A Fire Upon The Deep (& sequels), well worth finding.

It depends on which sandbox you are using. In Qubes OS on desktop, you rely on hardware virtualization, which is virtually unbreakable.

I thought Spectre and Meltdown also allowed host data leakage from a compromised guest?

Yes, microcode vulnerabilities is a problem indeed. Hopefully Qubes Air (next version 5.0) will compartmentalize even that by using separate devices as qubes: https://www.qubes-os.org/news/2018/01/22/qubes-air/.