How can Whonix be private when Oracle VirtualBox shares information with the US Gov

Hi everyone,

I would like to install whonix on my Windows 10 OS. But when I downloaded Oracles Virtualbox, the user agreement VirtualBox extension pack states of sharing a user’s data to the US govt. including the hardware information and so on.

I would like to know if my Whonix is private or if Oracle or anyone else has the power to view and access them. If I did it right the User Agreement states, that information is shared with the US Government.

How can Whonix be safe if virtualbox is working with the US government? Does not seem so private at all. Or where I am wrong?


Citation required.

Btw: Optional. Only needed for very specific features.

1 Like

Dont use it!
Spoiler: no such thing is being said.

This forum thread seems like utter nonsense. It’s originating from here. This phrase is copied and pasted from here:

The user agreement VirtualBox extension pack states of sharing a user’s data to the US govt. including the hardware information and so on.

Probably someone with poor legalese reading skills got a standard phrase from the EULA wrong which talks about cryptographic export laws or made it up from thin air.

Then turned this wrong understanding into a slanderous statement of fact in some forum. Zero evidence, citation was provided.

If this had any truth to it then it would be easy to find a reliable source such as a news report or comment by security researcher. VirtualBox is very popular. The privacy community would have criticized this.

Don’t take random slanderous claims from any forum and then repeat them as it was a fact. You’re spreading misinformation.

Try to ask it as a question instead of statement of fact.

Is it true that you’ve been convinced of …?

Still slanderous to ask that way. Try an open question.

Are there any privacy / security issues with VirtualBox guest extensions?

Extraordinary claims require extraordinary evidence. Please don’t repeat slanderous claims without providing evidence or at least the original of the claim.

And why even ask in a forum? Why not use search engines, AI? Do you think if there’s an issue it wasn’t asked before on the internet? Do you expect an investigative journalist or security researcher is going to do original research because you asked in a forum?

Please read the hackers manual on smart questions to avoid the spread of misinformation on the internet.


I am not aware of any evidence for that.

If downloading VirtualBox from Debian, then Debian has built it from source code and uploaded the binary packages to the Debian repository.

Guest additions are optional as already said.

If a backdoor of the purpoted magnitude was inside the VirtualBox Open Source code, that would likely have been spotted by now.

Dev/VirtualBox - Kicksecure chapter VirtualBox Unavailable in Debian main due to Licensing Issues in Kicksecure wiki

Windows is an issue generally. Unrelated to VirtualBox. Windows is best avoided, see:

1 Like