I am not dead. I also no longer suggest that you use virtual machines in this way. Yes, it is a huge benefit to have firefox isolated away from Tor and external IP addresses. However, virtual machines are much easier to pwn than operating systems running on real hardware. If your virtual machine is easy to pwn, the attacker will just hack it and spy on your address as plaintext to deanonymize you, rather than breaking out of the VM after pwning firefox and getting your IP address to deanonymize you. And most people who are using virtual machines are not even using them in a way that offers any real security advantage, they are just running Tor and everything else in one VM. Xen seems better in some ways than virtualbox, it is used by Qubes after all and I do not think the person who made Qubes has no idea what they are doing, although Theo of OpenBSD fame and some other security researchers have said less than favorable things about the technique of isolating with virtual machines. However, even if the isolation by Xen approach is not inherently flawed, Xen lacks ASLR so even if it is less additionally vulnerable to being hacked than virtual box, you are still not going to be able to take advantage of all of the security of using real hardware. So in general, I believe in the majority of cases virtual machines should simply be entirely avoided. The only exception I would maybe make to this is using jails from FreeBSD. Right now I am split between two techniques for isolating firefox and other non-tor network facing applications away from Tor and each other. The first would be to run Tor on one dedicated machine and firefox on another, then use a physical wire to connect them and route the firefox machines traffic through the Tor machine and Tor. This will give the exact same benefits as using virtual machines to accomplish this, without any of the disadvantages of virtual machines. The second technique is using SElinux sandbox for x level isolation and then writing a SElinux profile to prevent firefox from gaining access to external IP address in any way or doing geopositioning. Certainly using the two machines approach is a more all encompassing and foolproof solution though. Additionally, these techniques can be combined for a very high degree of isolation. Failing that you may still choose to use virtual machine based isolation, and it will certainly give you benefits, just be aware that it comes at a high cost and in some use cases the cost could actually nullify the benefits. I think for servers it is more suited than for people using firefox, but it still has the same disadvantages.