If you truly wanted anonymity why wouldn't you buy a $35 raspberry pi and stuff it between your computer and the internet and route all traffic through it through tor? Too many zero days out there in browsers, flash, java, office not to mention configuration slip ups that could nullify your tor protection.
"buy a $35 raspberry pi and stuff it between your computer and the internet and route all traffic through it through tor? Too many zero days out there in browsers, flash, java, office"
How does Raspberry Pi help here? If it routes traffic at IP level, it will be transparent at an application level. Firewall/IDS won't help against zero days either.
It's trivial to use iptables to block all traffic except to the SOCKS proxy port on Tor, or even forcibly redirect it all through Tor directly using the transparent proxying support.
If the host PC is pwned then it can still disclose useful information about itself (files, Geo locations, mac addresses) - it will just be routed over TOR.
True. So it must not contain anything that's associated with you, in any way. Buy with cash. No geolocation data. Dedicated LAN. No sneaker net sharing. Compartmentalization.
