Right, I forgot to mention that when you create the Lubutu (or whatever) VM that will be the Workstation, change the networking to internal bridge and select Whonix, which should be a drop down option after you import the Gateway. Then when you boot Lubuntu or whatever live distro, go to the ethernet network settings and enter that info. Should work instantly. You don't have to mess with anything on the Gateway. Yes, start the Gateway and 20-30 seconds later, start the Workstation. No, the applications or malware running inside the VM see a virtual machine with fake serial numbers for the virtual hardware. That is why they recommend running the Workstation in a VM even if you use physical isolation, ie running the Gateway on a separate computer. That's a Tor relay: http://torstatus.blutmagie.de/router_detail.php?FP=6225fcfd48db3ddc78405f2e6af4cb15b056d846 It also has the entry guard flag, so it was most likely one of your Tor Gateway's entry guards. Are you absolutely SURE the Gateway wasn't running, because whenever people tell me they are 100% sure of something, it turns out that 95% of the time they are wrong. You are well protected even if you run JavaScript, Java and Flash, but you should still disable them anyway unless you really need them. It's also a good idea to add NoScript and HTTP Everywhere to the browser, and change the user agent to the same thing as TBB so you don't stick out from the crowd. Change your start page to check.torproject.org or wtfismyip.com. That way you can always check that it's working, but if it's configured properly, you won't be able to connect to anything except through Tor. Late you might consider using the stream isolation feature for different apps.