
Being privacy-aware in 2016 - maglavaitss
https://vox.space/blog/89/being-privacy-aware-in-2016
======
nikcub
Distilling tips down for regular users who don't use SSH or are intimidated by
compiling KeePassX for Linux themselves, my tips would be:

1\. Use a user-friendly password manager like Dashlane or 1password with a
long unique password and a second factor (that isn't SMS based). Password re-
use is the #1 way accounts are being compromised at the moment and there are
now good password managers that are easy to use with a low barrier to entry

2\. Use an extensive ad blocker like uBlock Origin and use _multiple profiles
in your browser to separate your serious accounts like webmail and banking
from general web browsing_. The other common way of being exploited is drive-
by malware and web-based exploits. A combination of blocking third-party
content and separating your browsing profiles will prevent a lot of it. Don't
feel guilty about blocking ads - most publishers are extremely negligent with
what they allow on their sites via ad networks. Bonus: switch to Chromium[0]
(firefox isn't sandboxed and exploits are too common) (but alert yourself to
Chromium updates with an IFTTT of the release blog to <pick your notification
method>) or alternatively remove Google, Flash, Java etc.

3\. Get a VPN subscription and set it up on your laptop & mobile devices.
Seriously, don't use open WiFi networks or shared networks without wrapping
your connections in encryption. sslstrip is extremely effective and many apps
either don't verify/authenticate SSL connections or don't pin certificates.
IVPN, PIA, the Sophos VPN product - take a pick.

4\. Most home routers are super shit and full of holes. Upgrade to a router
that supports open firmware and pick one of openwrt, dd-wrt, monowall, pfsense
etc. bonus: run an UTM like Untangled (commercial) or Sophos (free up to 50
CALs iirc)

5\. Encrypt your stuff - VeraCrypt is a decent TrueCrypt fork but most
operating systems now have support for volume encryption - your local disk,
USB sticks[1], or a file-based volume. Backups should be to encrypted media

6\. Be anonymous - create a disposable email with a fake name to signup to
services with. even better sinkhole a random domain name you register. No
service outside of banking, insurance, health, etc. _really_ need to know your
actual identity details.

[0] [https://download-chromium.appspot.com/](https://download-
chromium.appspot.com/)

[1] [http://www.theinstructional.com/guides/encrypt-an-
external-d...](http://www.theinstructional.com/guides/encrypt-an-external-
disk-or-usb-stick-with-a-password)

~~~
kobayashi
Your comment is the first time I've ever read someone recommending a browser
over Firefox (when discussing security and privacy). I find it even more
surprising because you're recommending possibly highly unstable
Chrome/Chromium releases. I'd like to hear more from you and the HN community
on this topic.

Firefox seems to be the only browser in which one can maintain privacy and
security (e.g. all the privacy tweaks from privacytools.io). Chrome doesn't
allow for most of the tweaks, for example WebRTC can't be disabled.

~~~
redwards510
not to mention, _many_ Chrome extensions are completely compromised by
adware/malware and sniff your traffic. The only one I trust is uBlock Origin.
Firefox addons have somehow managed to avoid this fate. Also, Firefox has the
best security addon, NoScript.

~~~
Spivak
Don't forget Policeman and uMatrix for alternative content and script
blockers.

~~~
kobayashi
Might I also add, Random Agent Spoofer, Decentraleyes, and Web of Trust

~~~
corndoge
FWIW, uMatrix includes randomized user agent spoofing.

~~~
kobayashi
It doesn't appear to work properly. I read a thread on Gorhill's Github page
and the whole thing seemed really convoluted. I activated the function but
when I tested it my UA wasn't spoofed. Also, the list from which to
choose/randomly assign is pretty short, though I think Gorhill made it so by
design.

------
georgehotelling
> Use unique SSH keys for each service (sharing a SSH key on your
> GitHub/Gitlab account, network router and AWS/Azure instance is a very
> stupid idea); use ssh-keygen -t rsa -b 4096 to generate a 4096 bit RSA SSH
> key.

I tried this. Turns out to be a bad idea. SSH will walk through each private
key and attempt to authenticate with it in order. That means a lot of bad
login attempts which in turn leads to getting locked out. SSH public keys are
public for a reason.

What attack is this even preventing - that someone will be able to reverse ssh
public keys and get the private? A better approach is to generate a unique key
per client so that if you lose access to a device you can remove only its
public key.

> Also, you should download the source code, compile it (using a Linux
> machine) and always look over the source code for rogue functions

So I becoming an Underhanded C Contest judge is the price of admission to
using the internet? Can anyone really be expected to do that? Can we blame
anyone who gets owned because they didn't?

~~~
radialbrain
The solution to that is to use the IdentityFile directive in your
~/.ssh/config with username / hostname expansion. I use:

    
    
        Host *
            # Disable SSHv1
            RSAAuthentication no
    
            # Only use a key explicitely provided by an IdentityFile directive
            IdentitiesOnly yes
    
            # %h expands to the hostname, and %u to the username
            IdentityFile ~/.ssh/%h/%u.key
    

This ensures that at most one key is used, and prevents me from having to
modify my config every time I generate a key for a new host.

~~~
josho
The point remains, there isn't much benefit to using a different key per host.
What attack vector is this extra effort protecting you from?

------
jgrahamc
_I highly recommend using KeepassX as a password manager, secured using a key
file and not a password._

I like KeePassX as well, but prefer to unlock using a password. I have a
Yubikey programmed to output a 32 random password that I generated and I
append to that a 16 character password that's in my head. I keep the Yubikey
and the SD card on which I have the password vault separate. The SD card
itself is encrypted* and the version of KeePassX I run is on the card and is
one I compiled myself.

Not sure I'd be getting additional protection with a key file. But perhaps I
am wrong.

*I did that so that someone couldn't just copy the KeePassX database off it when I wasn't looking and run some offline attack against it. The SD card also has a kind of social engineering defence mechanism on it to dissuade the curious from playing with it... I wrote the word INFECTED on it.

~~~
Loic
I am security conscious but not as conscious as jgc, I am doing the same with
the database on the drive and the drive is encrypted. I have a "smaller"
password in the head plus a Yubikey password which is appended to my smaller
password. For each website I am using a randomly generated password.

What is important is that in my daily life, this is working perfectly well and
I do not feel at all the annoyance of the added security against using the
same dadada password on all the websites.

I really recommend a _head stored + hardware generated password_ too, this is
working wonderfully.

~~~
jsingleton
Sounds like a good system. Having something easy that you will actually use is
the most important thing.

There is no one-size-fits-all solution and it should clearly depend on the
threat model. I can imagine why someone who could be expected to have the keys
to CloudFlare's infrastructure might want to take extra care.

~~~
jgrahamc
Actually, I don't have the keys to CloudFlare's infrastructure. I don't have
access to our production systems at all.

~~~
jsingleton
I thought this might be the case, but it doesn't stop people from believing
you may be a high value target. So the good security practices are very
prudent.

------
zeroxfe
> Also, you should download the source code, compile it (using a Linux
> machine) and always look over the source code for rogue functions, you
> CANNOT afford a vulnerability inside the password manager.

I'm not sure that this actually possible in any reasonable sense. Its not that
hard to throw in an obfuscated back door into source code, especially in a
complex system (ignoring the build chain and the whole trusting trust thing.)

Even if there are a small number of people who have the time and expertise to
audit such systems, it just doesn't scale.

~~~
vladharbuz
Of course doing constant code reviews for every single piece of software you
use is preposterous. I have trouble keeping up with my employees' code
reviews.

~~~
jjnoakes
This is why security-conscious folks prefer open source software.

No one wants to audit every line of code they use (nor is that possible).

But if one relies on relatively popular open source software, just the fact
that someone else _could_ have audited it helps a lot. Add on to that the fact
that you can use a linux distribution which keeps an eye on the
vulnerabilities reported in the wild and updates the packages for you, and you
are much better off over someone who only uses closed-source software and
hopes and prays.

------
globisdead
Nice list of browser extensions. Just to add on a few that I use that might
not get a lot of exposure but is still very comprehensive

Privacy Settings: [https://addons.mozilla.org/en-US/firefox/addon/privacy-
setti...](https://addons.mozilla.org/en-US/firefox/addon/privacy-settings/)

Decentraleyes: [https://addons.mozilla.org/en-
US/firefox/addon/decentraleyes...](https://addons.mozilla.org/en-
US/firefox/addon/decentraleyes/)

------
jeffreyrogers
This is overboard and paranoid for the average user. You are almost certainly
not a target for your government and probably not a criminal and so don't need
to worry about full disk encryption, your google search history, a judge
compelling you to unlock your phone, etc.

Most people should just use an adblocker and strong passwords.

~~~
whamlastxmas
People get their electronics stolen all the time. I use FDE despite knowing
that if law enforcement ever seized my computer, they'd probably force me to
unlock it or throw me in prison for contempt for the rest of my life. I use
FDE simply because I don't want to worry about some asshole stealing my stuff
and getting access to all my files.

------
amq
It is scary to realize that there is no realistic real-life way to be at least
close to keeping information secure. We are just closing holes in a sieve.

~~~
pavel_lishin
It's impossible to keep your house burglarproof, too, but I still lock my
door.

~~~
RodericDay
When I was a kid, watching american media, I thought it was incredible that
people in TV shows would just leave their houses unlocked and trust their
neighbours.

I don't know whether there is any place where people still do this, but in a
community where everyone feels they belong and aren't driven to desperation, I
could imagine an "open lock" policy working really well.

Everyone locking up their own stuff and blaming people who did not lock theirs
down if they get robbed is in itself a form of arms race, which aren't usually
optimal.

~~~
pavel_lishin
The idea behind locking doors is to make things slightly challenging for a
casual burglar.

My parents live out in a rural area, and they never lock their doors, house or
car. The odds of someone driving to their house and burglarizing it are just
too low to worry about it - and if someone _were_ specifically targeting their
house, they could just break a window and get in that way.

In denser areas, however, that logic doesn't make sense; it's trivial to case
dozens of houses in five minutes just by driving down a street.

~~~
feklar
Locking doors isn't just to prevent burglars, especially if you live around
bars. I don't know how many times a group of aggressive drunk football
hooligans has got off the elevator on the wrong floor, then tried to get into
my apartment thinking it is theirs or a friends. If my door wasn't locked I'd
be confronted with 6-7 violent goofs in my living room @ 3am.

------
vladharbuz
If you're seriously concerned that someone will break into your house and
remove the screws on your laptop to mess with it, you have problems way beyond
what strong passwords and ad blockers can solve.

~~~
wongarsu
A lot of people regualary take their laptop through American airport security,
where there are multiple reported cases of laptops being messed with.

Regarding hibernation/locking: many people leave laptops unatteded in more
risky situations than at home and at the office. As a trivial example, imagine
somebody going around a university library, infecting any unatteded laptop
with a virus.

------
mavhc
I'd rather a fingerprint to lock my phone and always lock on screen blank,
than a pin so complex I'll hardly ever lock my phone.

If you're living as some kind of enemy of the state maybe it's just time to
stop developing software. And do you really need to holiday in North Korea?

~~~
Tepix
Ideally you have both: Unlock the phone with the fingerprint and unlock more
private data with a passphrase.

Same for password managers: Are there any that allow you to split your data
into two categories: Protected by fingerprint and protected by passphrase? I'd
love to see that feature.

~~~
zeveb
A fingerprint cannot protect data, since it's both public and low-entropy. It
can authenticate identity to someone who holds the data.

I.e., you cannot securely encrypt something with a function of your
fingerprint: anyone can cycle through fingerprint representations and
eventually get decrypt the data (or the key to the data). You can, however,
authenticate yourself to someone (or something) which holds a plaintext
encryption key, and once you have been given the key, decrypt the encrypted
data. This only works if you can trust the person or thing to never give the
key to an unauthenticated part. _That_ only works with hardware, since any
software which holds a key in plaintext can be examined to extract the key.

~~~
Tepix
A fingerprint can offer some protection for your data, many times it will be
sufficient protection and sometimes it will provide better protection than a
weak password.

------
Tepix
The part about the browser is a bit too short.

If you are privacy conscious you should configure your browser to

a) block 3rd party cookies (all browsers except Safari have them enabled by
default, even Firefox)

b) delete all cookies when the browser is closed.

Make it a habit to close the browser every now and then.

~~~
peteretep
Self Destructing cookies plugin will delete them even more quickly

~~~
xviia
How do we know which plugins are secure? If I wanted access to people's
browsing info, a plugin would be the way to get it...

------
barking
Some people are advising that duckduckgo can say that they are not tracking
you but being based in the USA could be made to do so by the NSA.

~~~
Tepix
use startpage.com then. They're based in the Netherlands.

~~~
lnalx
[https://ixquick.com/](https://ixquick.com/) is the same ?

~~~
cJ0th
They were recently merged: [https://ixquick.com/eng/ixquick-merging-with-
startpage.html](https://ixquick.com/eng/ixquick-merging-with-startpage.html)

------
xgbi
Getting a Yubikey? What about this?
[https://news.ycombinator.com/item?id=11690774](https://news.ycombinator.com/item?id=11690774)

~~~
Dowwie
It's not a strong argument against Yubikey. I don't reject a product based on
whether its vendor hasn't open sourced all of its hard earned work.

------
chinathrow
Very nice read. I would add a subscription to "have i been pwned?" to learn of
data breaches.

[https://haveibeenpwned.com/](https://haveibeenpwned.com/)

~~~
AdmiralAsshat
I'd recommend this as well. When I did my big migration to LastPass about a
year ago (i.e. logged in to every site I ever remember having used and
changing the password to a randomly generated one), I thought I was all set.
But the site has reminded me at least three times that I registered to alot of
BBS-style message boards and maybe only made one or two posts before
abandoning them forever and forgetting I ever registered.

Those are concerning, because I'm positive that something I registered for in
2006 and never used again probably used a weak, re-used password.

------
libeclipse
I don't get the point about marking screws with nail polish. What does that
accomplish?

~~~
bazzargh
Originally it was _glitter_ nail polish
[http://motherboard.vice.com/blog/itll-take-more-than-
glitter...](http://motherboard.vice.com/blog/itll-take-more-than-glitter-nail-
polish-to-stop-snooping) ... the idea wasn't just to mark the screws to show
if there'd been physical access, but to make a mark that's easily verified but
very hard to reproduce, so you also know if your whole laptop has been
replaced by the 'evil maid'. You need to photograph it to check!

The actual bit in the 30c3 talk where this was discussed is here:
[https://www.youtube.com/watch?v=KV4XnvE2p34#t=54m24s](https://www.youtube.com/watch?v=KV4XnvE2p34#t=54m24s)

------
ybroze
_Use unique SSH keys for each service (sharing a SSH key on your GitHub
/Gitlab account, network router and AWS/Azure instance is a very stupid idea)_

I don't see how this makes sense. Assuming your private keys all live on the
same machine (presumably with 0600 in /.ssh), then if your machine is stolen
and your user password compromised, access to one private key is the same as
access to all of them.

~~~
Tepix
It only protects you against SSH fingerprinting done by hostile servers.

~~~
ybroze
I suppose, then, it's for those who don't want to be tracked, and not a "very
stupid idea" per se.

But then again, if you don't trust the remote to know who you are, then why do
you have an identity with them? I mean, the remote service is SUPPOSED to know
who you are. That's kinda the point.

~~~
jjnoakes
I don't think so.

GitHub should know I'm the user who has access to push to repos a, b, and c.

AWS should know I'm the user who has access to update code or data at places
d, e, and f.

But neither needs to know my full identity, or about each other, at all.

~~~
rad_gruchalski
Right. What about paid service. Shall I pay with someone else's CC or ask the
bank for another one just because I don't want to be tracked.

~~~
pavel_lishin
Many banks and credit card companies offer a service that lets you generate a
one-time-use credit card number.

~~~
gruez
But your billing address will still be the same

~~~
jjnoakes
So what?

Paid services necessarily require a higher level of trust (since you are
handing them money) than random internet services. So we are off-topic from
ssh keys and identity.

If you don't want someone knowing your personal payment details (CC #, billing
address), then pay in cash and use services don't deliver things to your home.
And if you can't, then just don't use a service.

But that's living in way too much paranoia for most of us.

------
deanclatworthy
The advice here recommends generating an RSA keys. Mozilla recommend using
ED25519 keys "when backwards compatibility is not required" [1]

[1]
[https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Key_gen...](https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Key_generation)

~~~
vox_mollis
This is not settled. Colin Percival, for instance, is firmly on the side of
using RSA with many decades of cryptanalysis until EC solutions also have many
decades of cryptanalysis.

------
ComodoHacker
The sad thing about this and other otherwise good privacy guides is that it
can be properly applied only by a small fraction of all people who really need
this privacy in their everyday work and life. Especially I like the "look over
the source code for rogue functions" part.

------
veeragoni
What about mobile privacy? which OS? which Phone? which app? the author forgot
there is even more privacy info we could lose via mobile with its built in
sensors and features.

~~~
raldu
I am not trying to be sarcastic but the first thing that came up to my mind is
that, "Mobile privacy" rather sounds like an oxymoron.

------
Mendenhall
I assume everything is hacked/unsecure and any information put on the net will
be able to be accessed by all sorts of bad actors.

I laugh when websites etc ask for a phone number to help secure. My first
thought is great idea so now when you get hacked you can give up my phone
number too!

Internet has been and always will be Mos Eisley spaceport to me.

------
mitm2mitm
About full disk encryption for Windows: what is the safest bet here? I mean,
what if a single sector of my disk gets corrupted, will I lose my entire data
because of that? What kind of encryption is less prone to data corruption?

I'm worried about this. And how about .tar.gpg backups, if I lose a single
byte I lose the entire file?

------
andrey_utkin
I'd add apparmor or selinux or virtualization (or all at once) for untrusted
closed-source crap like Skype. Well, for things with large attack surface,
like web browsers, it's important, too.

This is hard to recommend to everybody, but I use SELinux and this way I am
more sure that my private keys won't get stolen.

~~~
leni536
I'm curious, do you run Skype on the same X server as your other software?

~~~
andrey_utkin
Yes I do. And yes I know that clipboard content hijacking is piece of cake
with Xorg. By this reason I launch original Skype only when I need it to have
a call with my chief. Fortunately, such occasions are rare now. So I just
avoid copy-pasting anything sensitive when Skype is launched :)

For the rest of time, I use XMPP-Skype transport (gateway) to stay connected
with ~100 of my skype contacts. This XMPP-Skype gateway handles 1:1 and
groupchats, which is ok for me. I host this system as a public service, so if
you are interested, feel free to check [http://decent.im](http://decent.im) .
This is a work in progress on deployment of powerful open source stuff in a
supercharged and easily reproduceable way, so no slack killer yet, things are
dirty, just a handy tool for me (and few other account owners) to aggregate
all one's messaging into one, and very flexible, mechanism.

------
grimaceindex
For those who want to learn more about Duck Duck Go bangs, I regularly update
a blog that showcases useful Duck Duck Go bangs:
[http://wp.me/P7uQ4N-7](http://wp.me/P7uQ4N-7)

------
gravypod
Does anyone know of any good hardware password managers?

I'd love to switch from a software to an offline, open source, and self
maintainable solution that will work for everything, not just websites/when I
have my browser open.

~~~
luxpir
Pencil. Paper.

------
TazeTSchnitzel
I'm assuming OS X's FileVault is fine for full-disk encryption? It only sends
your key to Apple if you choose to, and it's completely transparent from the
end-user's perspective.

~~~
Karunamon
Personally I'd never trust any encryption provided by the OS - absolutely no
one is in a better position to be compromised by bad guys (c.f. Recent Apple
FBI scare).

Would rather use a third party solution that's not so easily coerced.

~~~
TazeTSchnitzel
That's true. On the other hand, Apple are competent enough to implement it
properly.

~~~
majewsky
It's not about being competent enough to implement it properly. Microsoft's
BitLocker is surely implemented just as competently. But because of their
ubiquity, these are the most likely to have government-mandated backdoors in
them that Apple/Microsoft employees are not allowed to tell you about because
of gag orders.

------
wepple
I think it's somewhat negligent to recommend people use the only browser that
doesn't have a sandbox.

You're trading privacy for security, and where you have less security your
privacy is long gone.

~~~
Bellyache5
You could run Firefox in a Docker container. It wouldn't protect between tabs,
but would help isolate from the rest of the system.

------
corv
Is it actually necessary to use both Privacy Badger and uBlock Origin?

~~~
Karunamon
UBlock for the ads, privacy badger for tracking cookies. They compliment each
other nicely.

------
lnalx
_You should be using either Bitlocker (for Windows platforms, warning ahead)
or LUKS (Linux platforms) full disk encryption_

Using encryption on laptop can be very battery-greedy unfortunately.

~~~
amq
All modern CPUs have the AES instruction set, which makes the encryption
almost transparent in terms of speed.

~~~
lnalx
Mobile phones included ?

~~~
floatboth
ARMv8 phones like Nexus 5X/6P definitely do have AES instructions. These
phones in particular have encrypted storage out of the box.

------
ashitlerferad
Amazing the post and no comments here have mentioned the Tor Project.

[https://www.torproject.org/](https://www.torproject.org/)

~~~
Tepix
Tor is mentioned in the original article.

------
secfirstmd
___Begins blatant plug_ __

If your looking for a tool which has a ton of easy security guides all in one
place, you might like to try Umbrella App. It has lessons and checklists on
everything from how to send a secure email to how to deal with a kidnapping.
Built by the human rights and tech community, it 's open source and available
on Android.

[https://play.google.com/store/apps/details?id=org.secfirst.u...](https://play.google.com/store/apps/details?id=org.secfirst.umbrella)

 __ _Ends blatant plug :)_ __

------
trollian
This was funny until I got to the part about disable malware detection. Then
it becomes dangerous. Is this idiocy or malice?

~~~
ianpurton
Given that virus checkers only catch about 50% of any malware and recently
there have been zero days in some household name virus checkers anyway. It
might be good advice.

Some people will click on exe's because they believe the virus checker will
protect them.

------
Machado117
Can someone explain to me why should I worry about stopping browser
fingerprinting? Can't they just check my ip?

------
amelius
> you should have all Javascript forbidden

Is it even possible to use the web nowadays without JS enabled?

~~~
sudojudo
| Is it even possible to use the web nowadays without JS enabled?

Yes, but results may vary. I can do 99% of my daily browsing without
JavaScript enabled, and for the sites where it's needed, NoScript can be told
to always allow it (one specific script, or everything on the page). This is
why you constantly see NoScript being recommended, it allows you to toggle JS
on and off, as needed, which is invaluable.

I've been using NoScript for years and how much is blocked never ceases to
amaze me. 99% of the script that most sites run has nothing to do with viewing
content, or usability, and everything to do with tracking (there are usually
multiple instances, sometimes dozens, on a single page; it's astounding).

Another nice feature in NoScript that I just picked up on is the _shift+left-
click_ option in the script list. This allows me to investigate what that
particular script is for, and choose to permanently block/allow it. Very
handy, and also eye-opening in regards to privacy.

------
prettynew
Are Windows RDP connections safe to do on wifi? like hotel wifi? curious.

~~~
gruez
There secured with tls, albeit with self signed certificates. But you can
configure it to use a properly signed certificate.

------
jwatte
Trying to save privacy is like trying to save horses for transportation, or
bows and arrows for warfare. We should figure out how to build a society that
thrives on transparency instead!

------
stirner
uMatrix combines the functionality of every recommended Firefox extension
except HTTPS Everywhere.

~~~
_asummers
Almost positive one of uMatrix or uBlock has that functionality, because I get
redirected to https when available and those are two of my very few
extensions.

~~~
gruez
How do you know it's your browser doing the redirect rather than the server?
The distinction is important because if it's the latter, you're vulnerable to
sslstrip

------
whyagaindavid
Why everyone forgot firefox sync? Why waste time with
clipboard+1password+dropbox?

------
prettynew
is RDP safe on wifi connections?

~~~
wepple
it can be configured to use strong TLS, making it at least as good as a
regular browser. That configuration isn't particularly straightforward,
unfortunately.

------
avodonosov
The browser configuration here (disable various features) seemed too complex
and reminded me of another, simpler, approach: do not power on your computer
ever.

------
gnur
I get it, you probably want to be private and rather not have someone read
everything you do. But if you follow this checklist to the letter, you'll have
a big fat "SUSPECT" warning on your file in no time.

Hiding non-suspect behavior is, for everyone watching, the same as hiding very
suspect behavior. If you do this and make a single mistake (anything really,
speeding could be enough) there could be a red flag on your file that makes
sure your possessions will be searched (and possibly taken) and be prepared to
spend some time in jail.

I get it, everyone should be hiding all their activity online so that hiding
your activity online isn't suspect behavior. But I really don't think that
will ever happen and I'd rather be an open book about all my behavior then try
to hide as much as possible while becoming a target.

~~~
thegp
Then if you believe in the rule of law (in germany we say "Rechtstaat") and
the presumption of innocence, it is kind of a civic duty to follow these
steps. If only to oppose this line of thinking. Or even better, bait those who
would like to control us into openly acting. Especially if you are a lawyer,
have enough money to pay a lawyer etc.

I will probably piss myself and cry if I ever really "become a target" as it
happens in China, cartel controlled parts of south america, dictatorships etc.
But I will be damned if I don't make some kind of token resistance to us going
down that path if all it costs me is keeping my privacy and maybe having legal
hassle+ cost of replacement if my stuff gets seized.

~~~
adrianN
Even if you think you're doing everything right, once you're targeted by LEAs
they'll find something.[1] Even if they find nothing, they can make your life
miserable pretty much indefinitely or until you run out of money for lawyers.

[1]
[http://www.wsj.com/articles/SB100014240527487044715045744389...](http://www.wsj.com/articles/SB10001424052748704471504574438900830760842)

