diff --git a/debian/control b/debian/control
index 4a3352f..5ab1eb0 100644
--- a/debian/control
+++ b/debian/control
@@ -109,3 +109,6 @@ Description: enhances misc security settings
  DMA (Direct Memory Access) attacks.
  .
  IOMMU is enabled with a boot parameter to prevent DMA attacks.
+ .
+ A systemd service mounts /proc with hidepid=2 at boot to prevent users from seeing each other's processes.
+ .
diff --git a/lib/systemd/system/proc-hidepid.service b/lib/systemd/system/proc-hidepid.service
new file mode 100644
index 0000000..c7feada
--- /dev/null
+++ b/lib/systemd/system/proc-hidepid.service
@@ -0,0 +1,27 @@
+[Unit]
+Description=Mounts /proc with hidepid=2
+Documentation=https://github.com/Whonix/security-misc
+Requires=local-fs.target
+After=local-fs.target
+
+[Service]
+Type=oneshot
+ExecStart=/bin/mount -o remount,nosuid,nodev,noexec,hidepid=2 /proc
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateMounts=true
+PrivateDevices=true
+PrivateNetwork=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+RestrictRealtime=true
+SystemCallArchitectures=native
+RestrictNamespaces=true
+SystemCallFilter=mount munmap access read open close stat fstat lstat mmap mprotect brk rt_sigaction rt_sigprocmask execve readlink getrlimit getuid getgid geteuid getegid statfs prctl arch_prctl set_tid_address newfstatat set_robust_list
+
+[Install]
+WantedBy=multi-user.target