Is VirtualBox spying on us?


I experienced something I consider rather disturbing.
I wanted to use the Whonix-Apparmor-profile for VirtualBox. Because some features would’t work (for example VirtualBox wouldn’t connect to the internet) I ran the following command: "sudo aa-logprof ". I’m not an expert in system administration but some of the permissions to read files in my home-folder VirtualBox had asked for really made me raise an eyebrow: It tried to read the folder “Dokumente” (documents in English), than it tried to read a folder containing the German word for secure in its name and it tried to read a file in my home-folder whose title contains the German word for death. Finally it tried to read encrypted files from the “.Private” folder. (In my case the whole home-folder is encrypted but I guess VirtualBox doesn’t know that.)
Except for the documents-folder I created all these folders/files myself. They are by no means system- or configuration-folders nor folders I store virtual machines in or adviced VB to use in its settings.
Is there any plausible explanation why VirtualBox wants to read those files? I think it’s quite remarkable that all folder/file-names VB was interested in contain certain keywords.
I used the current deb-package for Ubuntu Xenial 64-bit for installation. That would be: virtualbox-5.1_5.1.16-113841~Ubuntu~xenial_amd64.deb.
It might be interesting to see if this behaviour is reproducable.

If there should be a logical explanation and no reason to worry at all I apology in advance for any anxiety or inconvenience this post might cause.

All the best and thanks for a great piece of software to the developers.


Good day,

This is very strange indeed. Especially the death part seems rather peculiar and almost directly out of a creepy Pasta.

That being said, I’m not certain where you are trying to install VBox on? Inside a Whonix Workstation or on a specific host?

If you are using Ubuntu, I’d rather use

sudo apt-get install virtualbox virtualbox-qt virtualbox-dkms

and not some deb package.

Have a nice day,



Also not specific to Whonix. Please consider asking about this in the VirtualBox forum and then leave a link here for our interest.


Thanks for the answers. I did this on my host system which is running Ubuntu. I know I should have rather used the Ubuntu repositories for installation. But since I don’t only use VB for Whonix but also run a couple of Windows guests I wanted to use the latest version because the virtualisation has improved a lot lately.
The more I think about it the creepier it gets. I hardly see how this could have a harmless explanation. Still stating what happened on the VB forum is probably a good idea. Maybe the people over there or the developers can clear this up in some way. I’ll leave a link here as soon as I find the time to post in the forum.
(Made some minor changes to the first post.)


You are already made the jump and are on Linux so why don’t you move to a privacy and freedom respecting distro like Debian and use KVM instead?