Should I run Tor in a VM?
There are several anonymity concerns when you use your main machine for communication. Running a separate secured OS will give you advantages when you use other software with Tor than just the Firefox in the Tor Browser Bundle which is considerably secured. The separate secured OS can also help you against possible information leak vulnerabilities in Firefox.
- Your machine contains and collects information which could be used for your identification. Examples are: host name, IP address, state information and configuration of various applications. This should not be a problem if you use the Tor Browser Bundle properly as in most cases it should not leak the information which is stored outside of the bundle package.
- Various versions (and default configuration) of your software including operating system can be possibly identified from your communication. It is advisable to use least possible customized software. The Tor Browser Bundle already solves this for the included software (Tor, Firefox, Vidalia Bundle). To be more secure you should use a complete secured operating system with unified configuration so that you cannot be identified when versions of various parts of it get revealed. Example of such OS is Tails.
- OS like Tails makes information leaks less probable by not allowing clear-text communication. If it is possible it is transparently redirecting all traffic to the Tor network regardless of used applications and their possible vulnerabilities. Furthermore Tails is able to separate unrelated traffic into different Tor circuits.
- By reverting the state of the OS after each use either by using a live OS without permanent data storage or a virtual machine with non-persistent storage you avoid long-term storage of the information which could lead to your identification.
- Various hardware information can leak through your communication. (display resolution, size of RAM...) When you use an unified OS running inside a virtual machine you can prevent discovering most of the hardware related information.
- By using a separate OS you lessen probability of leaking information from your Tor sessions in you open communication. (e.g. requests to the
- You can safely control the communication from the virtual machine while your main OS is running.
- You can easily encrypt the virtual machine image and in case of emergency you can eventually destroy the encryption key.
Ideally when all the Tor users would use the same OS running in the same virtual machine on the same virtualization platform they can be almost indistinguishable each from the others.
You say "the Firefox in the Tor Browser Bundle [...] is secured relatively well enough." Alas, I disagree. I think putting Firefox in its own VM, and making it much harder for it to make any connections on its own, or interact with the local system, would be a huge security improvement. So far, various law enforcement groups have found Tor so hard to break that they resort to exploiting the browser -- we should find some usable ways to make those exploits much harder. (Please help!)