It seems to me that most de-anonymizing attacks used human operating errors, physical attacks like snatching a laptop with an open tor browser window from a user, or side-channel attacks based on malware like Finfisher.
Running it from Tails seems pretty secure...but, in the end, who does that consistently?
Running it from Tails seems pretty secure...but, in the end, who does that consistently?