Does it suggest to use virtualbox or FreeBSD jails, I can't remember? Apparently virtualbox from your comments though. Jails are pretty well audited for security and I would not have any problem to use jails for security critical things, Theo be damned. Virtualbox seems like it is not a good idea to use in many circumstances, including most that require security, however it has worked in the past to save hidden services from feds deanonymizing them. Layers and layers of security and there is pretty much always someone who has a better technique than the next guy, and someone with more skill than him. I suggest that you write an article. CryptDB looks interesting, have not looked much into it but I have been doing some research of encrypted keyword search and private information retrieval and have seen it mentioned. Have never heard of Resin before. The Russian cyber crime hosts are pretty good at not taking anything down, even highly illegal shit like botnet CNC to CP hosting. I would lean towards having that extra layer of resistance, particularly since hidden services are so easily deanonymized (actually I would probably lean towards hosting in some non-sketchy place and using Tor through Tor). The conclusion I have come to regarding virtualbox is that it is much easier to pwn a guest VB OS than an OS running on real hardware, but it still does require the attacker to break out of the VM to get to the host (or your IP address if you have it configured correctly). How are they going to find the IP address without breaking out? Opening Lynx will not do shit for them if it is using host only routing with Tor on the host. Also you can have ASLR on the host so they will have a hard time to overflow out of the VM to the host, and you can have mandatory access controls locking the VM user down on the host, adding further protection. At the end of the day I lean against using virtualbox these days though. However I think it is kind of insane to run a server that is automatically deanonymized as soon as it is hacked, some level of isolation is required and using virtual machines is the easiest way to obtain this. For a client though, the risks of having the VM rooted outweigh the benefits of adding an additional layer between the attacker and your real IP address, they will just spy on your plaintexts and steal your address when you make an order. FreeBSD jails though do not have the weaknesses of VB in this respect. Your best bet would be to run Tor on a dedicated machine and then have a machine running the web server that routes all of its traffic through the Tor machine and is itself assigned only an internal IP address. That is pretty much the platinum standard for how hidden services should be configured (and how ultra l33t clients should be configured). Throw Tor on an otherwise 'out of the box' OpenBSD machine and it should be pretty fucking hard for someone who roots the web server (or firefox) machine to get its real IP address.