For most, it ain't gonna happen - which was my point.
Yup, but I'm not trying to help the universe right now, just someone interested first hand in the topic be it you or someone else reading
Besides I used myself as an example because I'm pretty much the average person when it comes to math. A mechanic may learn some accounting tricks because he has a need for them, that's what I meant. Journalists are learning to use Tails and PGP even though their technical background is naught, because they have a need for it.
Now I guess the real average person who has no need to learn this can still use Tor Browser and private browsing easily... (Private browsing is basically an inferior alternative to having separate profiles)
I probably feel less secure using Tor to login to my bank, than using my ISP - because of potential malicious exits.
You don't need to hide your IP from your bank anyway, it's the reverse: Show it one IP and your real identity, but show it only to your bank. (and eventually your business partners, i.e. it's up to you to group your activities under whichever identities you feel like)
The main problem is that static IP. I can't really help here because I never ever had one nor did anybody around me, so I never had a need to look into that issue. I think static IP is pretty much unacceptable and no ISP should do that (I would change ISP outright). Unfortunately I hear that it's common practise in the US so yeah, that's a problem to think around.
As you seem to know Tor is to be used for sensitive stuff that you don't want related to your real identity in any way. It can be serious stuff like making shameful business secrets public or trivial oddities like wanting to learn how to heal your haemorrhoids
Thanks. It may help others reading this, but I didn't need help manipulating profiles. I asked how would the business profile be made differently from an everyday one, that would enhance security?
It would have much less chances to be compromised because you wouldn't surf as large a variety of websites with it. Your NoScript whitelist would be smaller and business focused, storage only allowed to a few sites. You would have only the necessary add ons and no more: e.g. NoScript, ABP, Cookie Controller/Monster. All plugins would be disabled except Flash, which would be protected by a NoScript placeholder. NoScript would btw "apply restrictions to trusted sites" too.
Activate secure cookies in NS, forbid at least IFrames and WebGL. If necessary you can whitelist those permanently for selected sites using noscript.allowedMimeRegExp.
Avoid Google, Facebook and friends whenever possible. i.e. use Startpage for search, don't visit Facebook with this profile unless it's your business Facebook account (in which case if you have a personal account too, you're already screwed due to your IP)
Because you can run several Firefox instances at once as several profiles, it would not hamper your ability to surf. Just switch window if you want to watch some Youtube video. Your business profile would only go to websites that fit your business identity. (what you do is just as important as your security setup)
A banking profile would be even more restricted: Only do banking on it. Block everything you can in NoScript except for your bank's website.
That won't be enough but it's an incremental process anyway. You can later figure out how to differentiate the fingerprints of your various profiles, but meanwhile just separating profiles is already a security gain and a small privacy one as well. (i.e. both attacks from your first post won't work anymore if your Gmail account is open *right now* on a separate profile)