I will make a more detailed response to this soon, but for now just let me say that it is pointless to argue with the OpenBSD devs because they are religiously devoted to their security philosophy, but just realize that their ideas are not shared by at least some number of other security researchers who are just as validly called leading experts. For example, I would love to see what the Qubes team has to say in response to this. I like to use OpenBSD for the guest because it has 64 bit ASLR, nx bit, and a bare bones highly correct base install. He is absolutely deluded to think that you shouldn't add layers for an attacker to go through, that they otherwise wouldn't have to go through, simply because they may be able to get through them. Of course most hypervisors are not perfectly correct (other than maybe SEL4 if it counts as a hypervisor), but that doesn't change the fact that they add an additional layer for your adversary to penetrate. Is Theo aware that this discussion is in regards to hiding your IP address from an attacker? He really should be aware of the wider topic of discussion before he comments on the technique. Anyway the argument I am seeing here is "virtualization isolation is worthless because virtualization technology is not perfectly correct, and only correctness matters". This is such a shitty way to look at things. OpenBSD hasn't been formally verified so you shouldn't use it because it may have security vulnerabilities that an attacker can exploit if they spend enough time looking for them. I wonder what he has to say in reply to that. First of all this sentence makes little sense to me so it is hard to reply to it. I know little about hardware isolation so I can not really comment on this yet I need to read some papers on it that I have but have not had the time to read. I am thinking of things like the Tor routers that run Tor on a purpose specific device rather than requiring the user to run it on their operating system, however I think he is probably talking about things like AMD-v. Please ask him to clarify this sentence and go into technical detail. I need more time to think on a response to this than I have right now, but I would like to mention that I am not even talking about virtualizing the x86 architecture but rather x86-64, although what he says may very well still hold true for that. Also now is a good time to mention the distinction between virtualization solutions like virtual box (full hardware virtualization) and systems like Xen (paravirtualization). I think that paravirtualization will avoid all of the potential problems Theo mentions here, and this now further strengthens my belief that Xen should be used over Virtualbox or VMware. Also allow me to say that I am not an expert on virtualization or even on computers especially as compared to people like Theo, but I can recognize that as good at security as he is other people who are just as good as him or possibly even better (I can not tell) use different strategies than he does. Well I am not an expert on this matter, but I think sel4 offers a provably correct layer of isolation in addition to using paravirtualization. I need to research this more before I make any definitive claims though. I don't follow his logic of how everything is now an exploitable bug please ask him to clarify for me. Layered approach aka defense in depth is favored by many security professionals. And again please inform him that this discussion is related to a technique for hiding your IP address from an attacker who roots your firefox VM, while using Tor in another VM and host only routing with firewall rules on the host. That is a pretty big claim to make considering there are a ton of world leading security research teams who are focusing on using virtualization in this way for security advantages. Then again, Theo is a world leading security expert. He knows more than I do about computer security. So do people who disagree with him. He thinks it is a worrying trend. The people doing it think it is the future of computer security. I see Theos logic as being that virtualization being used for isolation like this is a bad idea because the virtualization technology is not perfectly correct and can be broken out of. My response to this sort of logic is that people should work on making a correct hypervisor then. Or that you shouldn't use OpenBSD because it isn't formally verified, sarcastically of course. I will make a better more detailed response to this post soon I don't have time right now to spend the time required to think and research on a better post. Arguing with people of this caliber is a good way to look like a dumbass because they are widely recognized as leading experts, but I know that I have logic in my arguments and that others who are equally as impressive as Theo would also argue against him in similar ways as to how I have. However, I wish he was having this debate with the Qubes research team or the SEL4 people instead of me.