alt Hacker NewsQubes OS is a great solution for this threat model. By my (admittedly cursory) understanding of this attack, one would have to chain the attack to escalate to dom0 to get around it.
Having said that, fsflover exhibits a poor grasp of how this stuff works and all should be aware that even in Qubes OS, one would need to spawn new disposable VMs for each identity; relying on the Tor Browser's new identity creation within the same disposable VM would be little different from running Tor Browser on a traditional OS.
> one would need to spawn new disposable VMs for each identity
This is by design how everyone should always be using Qubes OS for any task, according to its documentation and approach to security.
> relying on the Tor Browser's new identity creation within the same disposable VM would be little different from running Tor Browser on a traditional OS
Yes, if you use a single VM on Qubes OS for everything, then all security you get is from the OS running in this VM. This is not how you use Qubes, https://doc.qubes-os.org/en/r4.3/introduction/faq.html#how-d...
I run Qubes as a daily driver according to the docs, and my workflow was not vulnerable to the discussed attack.