Which part in specific did you have trouble to understand? If you isolate firefox from Tor with virtualization, even if the firefox VM is rooted the attacker can not determine your external IP address. Instead they will only be able to determine the internal IP address assigned to the VM, something like 10.0.0.1. The only way an attacker can go from being root of the VM to getting the external IP address is if they find a vulnerability in the virtualbox hypervisor and break out of it or if they find a vulnerability in the code of Tor or anything else that is bound to the virtual network adapter. Tor browser bundle provides zero isolation and if aurora is pwnt the attacker can trivially get IP address. Tor browser bundle includes a security hardened browser that should be used, but it isn't isolated. No shit it is the OS being virtualized with virtualbox? I had no idea. Guess what operating systems contain within them. Applications! Some of them need to communicate with the internet to, and those are network facing applications! I am well aware of the different types of virtualization, but right now I am talking about full hardware virtualization systems like virtualbox with host only routing (although there are other networking methods that can get the same result). Yeah I know about networking too we are so leet Why do you talk in an authorative fashin, like I am wrong, when I know what I am talking about and it is you who is failing to understand the technique? The ability of the guest OS to determine your external broadcast IP address has nothing to do with the browser or tor client or proxy settings , and this is a technique that forces every application to use tor or have no internet access also, in addition to making it so if the vm is rooted the attacker can not use their root position to immediately deanonymize you on the application layer