Whonix gives you Tor isolation by routing one VM's traffic through another. Gateway VM handles Tor. Workstation VM does the actual work. If the Workstation gets compromised, your real IP doesn't leak because it can only talk to the Gateway. Setting it up by hand is tedious. Download VirtualBox, download two OVA files, import them, configure network adapters, allocate RAM, disable USB and audio, boot Gateway, wait for Tor, then boot Workstation. Miss a step and your isolation is broken. I wrote a PowerShell project that does the whole thing. What it actually does Four scripts run in order: . \prereq-check.ps1 . \setup.ps1 . \configure-vms.ps1 . \start-whonix.ps1 Enter fullscreen mode Exit fullscreen mode prereq-check.ps1 validates RAM, CPU cores, disk space, and whether VT-x or AMD-V is enabled. It fails fast if your machine can't run two VMs. setup.ps1 pulls the right VirtualBox version and the two Whonix OVAs (Gateway and Workstation), then verifies SHA-512 hashes before importing.…