In my opinion it would probably be using Qubes certified hardware with Qubes on it and then routing everything through whonix VM.
Curious to know if anyone has anything else that is more secure than Qubes - I mean like does anyone know what darknet vendors use opsec wise?
Also I heard Snowden used Tails OS when blowing the whistle - so perhaps using tails would be up there.
Qubes is currently the best option, but you also need to choose well which OSs you use inside of Qubes. I highly recommend a combination of Whonix, OpenBSD and Kicksecure.