virtual or physical VPN-Gateway.

If you run the VPN software directly on the same machine as also the client software such as web browser runs, Active Web Contents can read your real IP address. This can be prevented, if you use a virtual or physical VPN-Gateway or your router. However, please note that active contents may still read a lot of data about your computer and network configuration.

Mean by that, can setup vpn on host and run guest on kvm?* then Active Web Contents can read your real IP address if browsing with host browser , and can’t read if browsing with guest browser?

  • i write guest here, mean not whonix guest but another ‘clearnet guest’

Good day,

sorry, but I really have a hard time trying to understand, what you want to accomplish. Could you elaborate a bit? Are you talking about things like “WebRTC leaks”? Because those have been abolished by most VPN providers a long time ago and if yours still suffers from them, I’d recommend changing provider all together, even though it may still be avoided by changing a few settings in your browser.

Have a nice day,


I have not such good studies\skills for computing and english so i dont understund so much your post, but i wand just to avoid web tracking (i speak for out of whonix stuff now) i have allready openvpn in my fedora host (free vpnbook provider) , so i see my ip shows in that caint of sites that show your ip online when visit them online , when i connect on vpn shows the vpn ip , and when i disconnect shows my real ip, that is ok i believe for just avoid web tracking right?
or can still tracking me that caint of companies do the tracking?

Good day,

still not sure what you mean, though if you are asking wether there is still any way of tracking you, after you’ve started using a VPN, then yes, via browser fingerprinting.

Have a nice day,


It can be dangerous to have your browser and vpn client on the same machine because an attacker who gains root access can re-route your traffic around the vpn and discover your real IP address. Example: FBI Admits It Controlled Tor Servers Behind Mass Malware Attack

If you put VPN on host and browse from a guest VM, it might be more difficult to discover your real IP. The attacker would have to compromise your host, which would be difficult since it would not be running any executables or interpreting web traffic. Or the attacker would have to find a VM escape exploit, which may or may not be difficult - I don’t know. Xen, KVM are probably more secure than VirtualBox since they are much more attractive targets for zero-day attackers. But remember, if your guest is compromised, your IP might be safe but all of your traffic is vulnerable.

This question is too broad. As Ego said, many ways to track you besides IP.

@Ego FYI, somehow we wound up in (closed) Off-Topic forum…

Thanks everyone for reply’s ,

This topic have infos for online web tracking do the companies that collect everyone user of the internet , the tracking basically done through the ip of user , that caint of companies collect the movements of users , the sites that visits , the downloads of them , and builds profiles of users , then sell it to other commercial companies .

So if not connect a user with vpn , or tor , or possibly proxy, they collect infos of user , and for example when that user connect to youtube and search for a video , the results of search will show a result right by the profile of the specific user , that is against human rights.
THAT IS THE ILEGAL LEGALITY TODAY MUST STOP , and one very good reason to use whonix !

Good day,

Thank you for the hint, didn’t even notice that, just changed it.

I’m sorry to tell you, but as long as there isn’t a law against this kind of tracking (which there isn’t in any country I visited, it sadly is legal.

Have a nice day,


yes there isn’t a law against this kind of tracking , i wite for laws aren’t ‘‘laws’’ because are against human rights.

That topic is not for fbi\nsa tracking -for such tracking can use tails\whonix, Not logically to connect for example to one account created for shoping on e-shop through tor , but aren’t safe to connect just with clearnet connection , so can use vpn.

We like to villify the NSA as “the bad guys” but truthfully, for 99% of the population, our greatest privacy violations will come from the companies “we love” - Apple, Facebook, Google, Amazon, ad companies, email providers, e-shops, media content providers, and so on. These companies are at the forefront of tracking technology - browser fingerprints, super-cookies, etc. If you value your privacy, very few places on the Net are safe to browser without at least Tor Browser.

Yes that is standard for security but again: not good idea to connect to clearnet e-mail account with tor browser , or shoping , or connect to clearnet facebook acount , that will show the fact we are use tor , we use obfs3 bridges for hide the fact that we use tor , and generaly we keep secret that the fact we use tor ,so not at all good idea to connect with tor if must use that known allready clearnet accounts , on the other hand , if we want to browse sites or media content online and not connect on any of our clearnet account or make shoping yes, tor using is the best option.

I see… I understand what you’re saying. If your ISP is willing to share Tor usage with the NSA, why not Google? This is not easy.


  1. You are known (or at least) pseudonymous to the destination website.
  2. You want to hide the fact that you are using Tor from the destination website.
  3. You want to maintain your privacy and only reveal details of your choosing to the destination website.

Some (light) brainstorming:

If you are known (not pseudonymous) to the destination (ie payment details, friends, etc) and you don’t mind your ISP snooping, then Tor provides no anonymity benefit, so you could connect over clearnet using Firefox + privacy addons. But you don’t want your browser to be tracked around the Net. So you need a separate browser or at least a separate browser profile.

If you are pseudonymous, then you still want to use Tor. But you’ll need a final non-Tor node before the destination to hide Tor usage. In order to stay pseudonymous, you must ensure that your pseudonym is completely independent from any other uses. Meaning separate IP address, and a browser fingerprint that never appears anywhere else. Separate proxy and browser profile used only for this pseudonym.

Browser can be spoofed, portable installations can be made. Don’t know how hard it is to detect a spoofed browser or artificial fingerprint… Very difficult to get that last proxy right.

If you are anonymous, then what we discussed in your other thread: vpn after whonix (inside workstation) Not work anymore with TBB

If in a normaly operating system (host , not virtualized) we have the tbb , If remove proxy settings , then will connect on clearnet?
if yes , that will have the most privacy from clearnet browsers because of fingerprint protection , or not good idea because not many will use such a browser ?

Don’t think so. Probably needs TOR_TRANSPROXY=1. Haven’t tried.

Likely not a good idea to use TBB because using TB over clearnet will make you close to pseudonymous. Therefore, TB fingerprint protection won’t help. In this situation, Firefox + addons is better than TB because even though you will get a unique fingerprint, you can alter (somewhat randomly) your fingerprint intentionally. TB will always have a consistent fingerprint.

how i will do that please?

There’s an entire industry of devoted Firefox tweakers out there. Not my specialty.
Some search keywords: firefox privacy addons tweaks about:config user-agent spoof leaks
Just to name a few.

Aha , yes i know if you mean that , i thing i am sutisfacted with fedora host and openvpn there for clearnet connections (if i want to just browsing\ live streaming i use whonix) if i must to do e-shoping for example or to connect to my clearnet email , then i use the clearnet browser with vpn ,