As long as I can think I have been using Windows for my computing tasks. However with the rise of surveillance, the NSA debacle and governments willingly failing to protect the demands for privacy from their people I am thinking of a set up that will allow people to continue to use Windows but with the reassurance in mind that no user data is being sent back outside for any sort of purpose. How could this be achieved? (Please read till the end to better understand my thinking.) Just recently I started using VirutalBox and am delighted. Very plain thinking I am suggesting something like a chain of guests in each other on a secure Linux host. In details, perhaps a secure Linux distro (which one?) hosting Windows as a guest where the guest has no access to the outside web but only to shared folders on the Linux host as well as the printer, CD drive and the USB connectors. Like this works with Office, Acrobat, Photoshop, Illustrator etc could be done on the Windows guest and data securely saved to the shared folder on the Linux host. Ideally the Linux distro would have an incorporated firewall like Pfsense (or any other?) to be able to at least get email and browse the web with the local physical network adapter connected to the outside BUT clearly keeping the Windows guest from a zero tolerance leak to the outside world. As I understand Pfsense is a distro in itself, is that right? Can Pfsense NOT be used as a "software" that can be installed onto a secure (secure in the sense that NO user data whatsoever is sent back to ANY server for user behaviour analysis or marketing purposes) distro? Can multiple guests be chained in a path to have multiple layers of protection? I am plain thinking: Secure Linux distro as host -> inside that Pfsense as guest or included in host (if possible) -> and inside that (as illustrative flamboyant user data sharing) Windows guest. So for the Windows guest in question one would have to pass Pfsense and the underlying Linux distro, likewise Windows would have to "find a way out" past these two what I think it highly unlikely with settings like "Enable Network Adapter" unticked or if ticked then "Attached to host-only adapter" and naturally "cable connected" unticked. Would be fun to see packets magically flying through space with the network adapter disabled and the cable disconnected. I am sure this could somehow be done and I am sure people do it already, just how, is it wise to choose this path, are there better approaches, it is logical to do this in a computing sense and how much more protection could one want if the only task really is to be able to work with Windows without having to worry that Windows or any of the apps installed in the Windows guest can send user data to any server outside. I would be happy about discussion about this, various ways of doing this, keeping in mind that I am not interested in having Windows connected to the outside web, since the few tasks I do with the outside web, email and browsing can securely be achieved with a solid Linux host and should not be too difficult to set up. Many thanks for your insights or thoughts on this.