Encryption can be done in a matter where the private keys are stored in the user's end, making it far harder for the likes of the NSA to break the encryption.
One example of this is Jitsi's implementation of Off The Recording chatting. When using an XMPP server through Jitsi, the NSA may be able to read the cipher text sent but not the plaintext because the keys are stored on the chat participants computers. Not even the chat server owners know the chat plaintext.
In my opinion, Google's activities are "evil" because they intentionally profile their consumers through parsing all their personal data (email, shopping history, etc). Furthermore, Google chooses to spy on their users through a matter that allows the NSA to collect entire profiles for Google's users. Google does this mainly for the money involved.
hmm having Google extend more effort after finding out that their data pipes to their servers were being spied upon by NSA seems to discount part of this
Compare Google and USPS..whereas the USPS has stated in public that their customer is the mass mailers(spammers) ..Google attempts a balance between two different customer groups..
If you just run tor inside the VM, the above is true. If all the traffic out of the VM is routed through tor, then the IP address they will get is a tor (not clearnet) IP address. In order to get a clearnet IP address off a VM, you'll need to exploit the VM itself, a task clearly much harder than misusing javascript in a browser.
One example of this is Jitsi's implementation of Off The Recording chatting. When using an XMPP server through Jitsi, the NSA may be able to read the cipher text sent but not the plaintext because the keys are stored on the chat participants computers. Not even the chat server owners know the chat plaintext.