Subgraph is still alpha version and it even says on the site: 'Not for real use'. Until SG is more fleshed out I'm sticking with TAILS.

Subgraph was started in part based on concerns with Tails that the authors might be too nice to pursue publicly. I'd personally be wary of both projects.

Why is that? What would you recommend to those of us who use TAILS frequently?

Subgraph is meant to be used as an installed OS with hardened containers/grsecurity while TAILS is a live Debian system maintained by anonymous developers without any of the grsec patches or containerization.

If you really need to not have your ID leaked, like the UAE recently going after dissidents with state malware, you'd want to use something like Subgraph with a seperate firewall/NAT internal address as insurance (pref running OpenWRT or a BSD not the default proprietary lighthttp server 'admin portal' firmware running with full privs).

Huh? Which NCC consultant would that be? Neither Bruce Leidl nor David Mirza have ever worked with NCC, or, for that matter, iSEC or Matasano or Intrepidus.

On their twitter they linked a container whitepaper by "fellow NCC consultant Jesse" guess I am mistaken.

I think that was a retweet of https://twitter.com/dyn___/status/738079794689019904 , which was tweeted by someone at NCC.

This is what happens when you write your own twitter.el and botch the UI

Is there some further info you could point to?

Is it easy to get a reproducible build? Has anyone tried?

> as there is no traditional DNS system available to provide easy to remember hostname addresses

I think in future reworkings of TOR a decent DNS apparatus will be one of its features. Usually 'hacks' like this are made obsolete if the hack is repeatedly used and has reached a saturation point. One example of that is how ICANN now allows for any number of novelty gTLDs and I rarely see domain hacks now because of this (Think of using .delicious instead of del.icio.us).