For a supposed hacker community, knowledge of Tor sure is low. Perhaps the privacy and anonymity people don't feel too keen on commenting.
Here is a good talk by Roger Dingledine, the original author of tor dispelling common myths and giving some statistics on its real world usage: https://inv.nadeko.net/watch?v=Di7qAVidy1Y
> Made this privacy conscious temporary mail extension
> Enable JavaScript and cookies to continue
It's not privacy conscious. Privacy conscious would mean A) does not use Cloudflare as a CDN B) does not require JavaScript C) does not discriminate against Tor users.
There are a few services like this already, which I'm not going to spoil for cred on HN, but my rating of this site as of now is 0/10, unusable in the literal sense.
The woes of supporting an "I don't want to leave any crumbs" threat model. There are countless of pro-privacy projects who call themselves that simply because their service can be used to increase privacy, but they do not actually do much to protect privacy beyond that. Many even use Google Analytics.
For B, simply support both. This site is popular enough for there to be no risk sharing: Guerrilla Mail.
Take a look at your network requests though, there isn't a single third-party script running on the site.
I understand what you mean, but it has to apply to the use-case.
If the service I was running was to support journalists, then I would agree with you, but taking these measures would help promote spam as users would be able to get around the rate-limiting that I've set.
> How is booting your encrypted partition in a VM within Tails more secure than booting it directly?
There will be no proof of an operating system existing at all, just random data. If you use VeraCrypt along with a hidden partition normally, you would still have the VeraCrypt bootloader or an apparent Windows installation on the drive.
After truecrypt 7.1a (I think), the canary vanished. After that, didn’t it become veracrypt? Did they ever add a canary or has there been research in showing it’s not backdoored?
While it’s never been officially proven, there is a interesting story behind truecrypt. It was allegedly written by one guy (Paul Le Rou) who was a programmer turned cartel boss/gun/drug runner.
But back to your question, truecrypt was professionally audited and deemed “secure”, some issues were found but none that were back doors or significant. Shortly after(might have even been during) the audit truecrypt deleted all old versions and posted a weird message telling people to use bitlocker.
After some time veracrypt picked up the torch and has continued developing what was truecrypt.
Unfortunately, it looks like this version is no longer maintained.
"HiddenVM is a futuristic tool powered by KVM designed to combine the powerful amnesic nature of Tails and the impenetrable design of Whonix with the unbreakable strength of Veracrypt."
It's highly unlikely that any operating system can be as secure as Qubes OS[1], simply by considering the model itself. Especially if using Whonix[2] VMs to browse the internet. It is based on GNU/Linux and Xen.
Each piece of software can be separated into its own VM. It uses read only templates for the root filesystem, making it difficult for malware to persist.
Templates have no access to networking or hardware making it difficult for them to be compromised, AppVMs where you run software can be treated as throwaway and be trivially destroyed after each use.
Dom0 has no access to networking, USB devices and runs no software. Total compromise would require a hypervisor escape.
It is designed with the assumption that you will be owned start to finish.
Luckily I never have to use Windows these days, but with tiling window managers and package managers being a thing now, it might not be as horrible usability wise.
Here is a good talk by Roger Dingledine, the original author of tor dispelling common myths and giving some statistics on its real world usage: https://inv.nadeko.net/watch?v=Di7qAVidy1Y
And for good measure,
It's Tor not TOR: https://support.torproject.org/#about_why-is-it-called-tor