Weaknesses in this anonymity setup

To beat evercookies, it is suggested that one uses a live CD that is used by many people, such as tails.

And to make it even harder to uniquely identify the browser PC, run the live CD in a vmware virtual machine so the hardware is identical to millions of others. And randomly change the virtual MAC address with a script in every power-up so even native execution (like ActiveX or trojans) is hopeless.

And of course access the internet only through TOR, and do it via another PC that is set up as a gateway (non-TOR gateway) and firewall so that Flash and all active content is forced through TOR too.

Are there weaknesses not accounted for in the above anonymity setup?

Notice it is desirable to survive intrusions due to security holes in the browser or operating system. Is this achieved above?

 

If you would like to be anonymous, you would also have to disable most active content on webpages (scripts, trackers, even referrer). In theory you (as a user, not computer) could be identified by your browsing habits. Though, I don't know how probable that is.

Regards, hqsec

 

If one site only is visited per session, is the referrer problem solved?

Why disable active content on webpages (scripts, trackers) if everything is erased in every reboot?

What is the deal with browsing habits, what can be done about them? Surely they are not very unique, are they.

 

If user visits sites which don't have many daily visits, they could be "identified". Navigating from site with 100 daily visits to another site with another 100 daily visits on daily basis, would probably identify you. But that's just in theory. One site per session would probably solve the "problem".

Regards, hqsec

 

Here is an old article, but IMO still valid: http://www.cryptogon.com/?p=762

Regards, hqsec

 

Could also run several virtual machines simultaneously, all previously booted and with the browser started. You enter a link, browse the site, shut down the virtual machine and move on to the next virtual machine for the next site. Could tell TOR in the gateway to change IP too, with every change of virtual machine.

Or is there some other behavioural pattern that is close enough to unique that an individual site can pick?

 

Could also try and persuade as many people as possible to do the same anti-tracking tactic, and at the same time run a wget spider to add low-entropy noise in the behavioural pattern seen by a single site.

 

I guess it could work but that would be too paranoid for me Single site per session would be easier if such level of anonymity would be necessary. I think that your setup described in first post is more than enough, unless you really want to hide something from Big Brother

Regards, hqsec