Sure, people screw up. So systems must fail nonfunctional/closed. Whonix is an excellent example. Tor runs in one VM, and user apps run in another VM. The Tor VM is not a router. There's no forwarding. It merely exposes Tor ports on a private network. So apps can have no Internet access except through Tor.
Regarding uniqueness, using personas that must remain unlinked on the same physical machine is very risky. Given the risk of guest-to-host breakout. And because hardware signatures may be visible remotely. If WebGL is enabled in VMs, Internet sites can link VMs on a given host (graphics card) that use the same virtual graphics driver. In particular, ones meatspace identity should never share a physical machine with any personas that's at all risky. They should also be compartmentalized on separate LANs.
So Debian and the Ubuntu family have the same signature. But Windows, OS X, Centos/Fedora, Arch/Manjaro and PC-BSD have different signatures. So one can use VMs with different WebGL signatures on the same hardware. But only for personas where linkage would be survivable.
Regarding uniqueness, using personas that must remain unlinked on the same physical machine is very risky. Given the risk of guest-to-host breakout. And because hardware signatures may be visible remotely. If WebGL is enabled in VMs, Internet sites can link VMs on a given host (graphics card) that use the same virtual graphics driver. In particular, ones meatspace identity should never share a physical machine with any personas that's at all risky. They should also be compartmentalized on separate LANs.
So Debian and the Ubuntu family have the same signature. But Windows, OS X, Centos/Fedora, Arch/Manjaro and PC-BSD have different signatures. So one can use VMs with different WebGL signatures on the same hardware. But only for personas where linkage would be survivable.