Does Liberte use a 32 bit OS? If it does you are not getting the advantages from ASLR since 32 bit ASLR can be brute forced. I also don't know if they have implemented mandatory access control profiles even though I know they have the ability to do so with hardened Gentoo. At least they use persistent entry guards, unlike Amnesia. What I am trying to say about Liberte is that even though they are using a good base OS (hardened gentoo) that has a lot of security features, I am not sure if you are actually getting the advantages it offers with Liberte because many of the security features have requirements and I am not sure if Liberte meets them (64 bit? preconfigured MAC? etc). Also Liberte has no isolation of the browser from external IP address and pretty much everyone I talk with about security agrees that it is pretty vital for some isolation mechanism to be used. If you don't isolate firefox from your external IP address your anonymity hinges on firefox not having any exploitable remote code execution vulnerabilities, I personally know that I don't want my entire anonymity to hinge on that. By the way, running Liberte or Amnesia in a full hardware virtualization environment is going to make them less secure just as much as running OpenBSD or anything else in such a VM. Really if you are using a windowed environment without isolation ALL of your security hinges on NONE of your applications having remote code execution vulnerabilities because the x window system and all other mainstream window systems have no isolation, if a single windowed application is pwnt the attacker can spy on all keystrokes sent to all windows. This means after any of your windowed applications are pwnt the attacker can spy on your password when you SU to root and then they can EOP to root. This is true with Windows OS as well. Graphical desktop environments themselves are insecure (although not inherently). If you run the X window system on OpenBSD you are just ask weak to this attack. Isolation protects from this, it protects you from being traced if one of your network facing applications is pwnt, there are two *huge* security benefits that I personally would like to have. When Theo is talking about OpenBSD and suggesting against isolation he is probably assuming that you are using CLI only and operating a server, ask him about his opinion on the lack of isolation in X and the EOP to root attack I just mentioned. He will probably reply saying that you should be using CLI only. I don't know what is more important to me, the isolation of firefox from external IP address and protection from known EOP attacks or the significantly enhanced OS security that comes from not using full hardware virtualization. But I do know that I would rather take a minor hit to my OS security and get the previously mentioned major security advantages, than not use isolation at all. And I know that I can achieve this with paravirtualization or OS virtualization. I could also take *no* hit to my OS security and get the same advantages by using isolation on the physical layer.