Whonix is a pair of linux VMs that route all your traffic through Tor. One VM (gateway) does tor. The other (workstation) has no direct internet at all, only a private adapter that connects to the gateway. If something in the workstation gets compromised, it still can't see your real IP, because it doesn't have a path to it. That gateway/workstation isolation is the whole pitch and it works. The part people don't talk about as much is that the workstation VM itself has a bunch of communication channels back to the host machine, and those channels are not protected by the tor isolation at all. They're configured in VirtualBox, and VirtualBox defaults assume you want a usable desktop, not an isolated one. I built a powershell installer for Whonix on windows. The first version downloaded the OVA, imported it, started the gateway, started the workstation. Done.…