It's a terrible idea to route all your traffic over tor. If you have any expectation of anonymity you'll be disappointed. Since tor does not do any application level filtering, it is easy for exit nodes to track you.
It's a neat idea but has the same problems as network wide tor routers.
Exactly. Good implementations like Whonix take steps to isolate your circuits between different applications and profiles[0].
Further in those cases you're isolating your identities with virtual machines by default, which helps enforce good compartmentalization.
Forcing all traffic into one environment and then over a single circuit means everything you ever access is linked together. The other story on the front of HN is the accused stalker who was caught partly for doing exactly this (would access his real Gmail and then "stalker" Gmail over the same connection)
Whonix also provides a model of enforcing Tor by using an isolated proxy - which doesn't require kernel modules and also allows firewall policies
I'd classify this as a naive approach that sounds like a good idea at first inspection - but the Whonix developers have really thought this through and their Wiki[1] is a tremendous resource that explains why they use the model they do.
nikcub|8 years ago
Further in those cases you're isolating your identities with virtual machines by default, which helps enforce good compartmentalization.
Forcing all traffic into one environment and then over a single circuit means everything you ever access is linked together. The other story on the front of HN is the accused stalker who was caught partly for doing exactly this (would access his real Gmail and then "stalker" Gmail over the same connection)
Whonix also provides a model of enforcing Tor by using an isolated proxy - which doesn't require kernel modules and also allows firewall policies
I'd classify this as a naive approach that sounds like a good idea at first inspection - but the Whonix developers have really thought this through and their Wiki[1] is a tremendous resource that explains why they use the model they do.
Qubes OS is another similar approach[2]
[0] https://www.whonix.org/wiki/Stream_Isolation
[1] https://www.whonix.org/wiki/Main_Page
[2] https://www.qubes-os.org/