It is important to note that these conversations specifically related to the security benefits of virtualization in regards to isolating applications from the external IP address. If you take other attack scenarios into account, such as an attacker pwning your firefox VM and spying on your messages when you decrypt them (assuming you decrypt messages in the same VM you have firefox on) using full hardware virtualization may actually be an overall hit to security. Yes, it will likely make you significantly harder to trace via hacking / proxy by pass attacks, but if the attacker will have a significantly easier time to pwn the guest OS (versus it being on hardware) it may not matter if they can not trace you on the appication layer if they can spy on all of your plaintexts and communicate them back to themselves via the Tor network. When I take this scenario into account, I actually am forced to change my opinion to as follows: 1. If you use full hardware virtualization you shouldn't decrypt messages on a VM that has internet access at any point in time after you have sensitive info (plaintexts, passphrases, etc) on it 2. Failing this, you should not use full hardware virtualization and should instead use nothing (although if you want to use something you should use either paravirtualization, OS virtualization or best of all physical hardware isolation) It should also be noted that you can probably use snapshots / cloned virtual machines to make only decrypting messages / writing plaintexts / entering key passphrases on VMs that have no internet access after / before (context dependent) they are used a lot less complicated than it sounds. Oh yeah one more thing about virtualization solutions, if you are using guest addons and sharing folders with the host etc you are compromising your own isolation, all of that shit should not be enabled