https://www.torproject.org/projects/torbrowser/design/#firefox-patches Some specific ones that address linkability: Block Components.interfaces Make Intermediate Cert Store memory-only Add a string-based cacheKey property for domain isolation Disable SSL Session ID tracking Limit Device and System Specific Media Queries Limit the number of fonts per document Randomize HTTP pipeline order and depth Add mozIThirdPartyUtil.getFirstPartyURI() API Do not expose physical screen info to window.screen Do not expose system colors to CSS or canvas Isolate the Image Cache per url bar domain Isolate DOM Storage to first party URI I was more concerned about an attack from the other direction, where malware on the Windows host can attack the VM, figure out what you're doing, etc. That's not an excuse. Nice! Not really. If the clearnet site you are visiting is in the US, as most English speaking web sites are, you're better off with an exit node in the US, since the chances of being surveilled by the NSA are higher at the borders. If you are in the US and using a non-US entry guard along with a non-US exit node and a connection that comes back into the US to a clearnet site, then you may really be screwed. Yep, I know, but the majority of clearnet sites that people are likely to visit are in the US, so you are slightly safer by using a US exit node. It's better for the NSA to sniff the encrypted circuit between your middle and exit node then the unencrypted circuit between your exit node and the destination web site, just as it's better for the NSA to sniff the encrypted circuit between your entry and middle node than between your home and the entry node. Thus it's better for US citizens to use US entry guards or better yet bridges. It depends on the network topology and where exactly they are watching, of course. If your connection between the exit node and the web site traverses an IX that is tapped by the NSA, you're screwed anyway. It is my understanding that crossing the US border increases your chances of being surveilled, so US citizens are better off with a US entry node, or even better would be a US bridge.