[Tails-dev] Virtual appliance for the browser

Tails's sandboxing secures it against deanonymization via a simple TBB
vulnerability, but both firefox holes and linux privilege escalations are
relatively common, and it seems likely that as Tails gets more popular it
must be getting more attractive to try to combine the two. Sandboxing the
browser in a virtual machine would make this much more difficult. I'd like
to know whether this seems like a worthwhile thing to do to people here, of
any work currently being done in this direction, and any difficulties
people anticipate with it.

Here is what I know about the project so far:

- Whonix works this way, but I think people don't use it because it's
pretty clunky compared to tails.

- Most current computers don't cope well with nested virtualization, so the
Tails testing suite would run very slowly for most people if Tails depended
on a virtual machine. There are new CPUs for which this isn't a problem.

- There is a privacy-oriented chromium-based browser, seaturtle, which
would aims to serve the same niche as TBB currently. Currently it only
runs on android. Since it's chromium-based, it may be much more secure
than TBB.

I'm imagining this would be a fairly straightforward project: install TBB
into a barebones debian virtual machine with TBB configured to connect to
the "clearnet" from the VM's perspective, build Tails with virtualbox
included, and with this VM wired up to tor. I don't yet know exactly how
to configure TBB in this way, or how to connect the VM to tor. Either
problem could turn out to be messier than it looks to me at the moment.
But it seems like doing this would head off a fairly significant risk for
people.

Best regards,
Alex