[lawrenceyan]

You're still vulnerable at the operating system and hardware level. It doesn't matter what you do after booting up if you're computer has already successfully been infiltrated from the Hardware/BIOS/OS initialization that always happens before.

[mirimir]

I have considered those issues.

I don't use hardware that I've purchased using my meatspace identity. The machines mainly come from yard sales and swap meets. Typically nowhere near where I've lived. And all purchased with cash. So I'm pretty confident that they're not backdoored. I have purchased SSDs from stores, but also for cash.

I'm relatively confident that Debian hasn't been backdoored. Windows perhaps, but I rarely use it, and only in VMs.

[antisemiotic]

Do you also browse the web through a daemon that emails you pages, Stallman-style?

[mirimir]

I'm not sure that I see the point. I mean, the daemon would need to run somewhere. And it'd need to render stuff. I guess that there'd be less going on, so less that's exploitable.

But no, I haven't done that.

I mainly depend on compartmentalization. This VM runs on a host that contains no information about my meatspace identity. And the machine with that information is on a different LAN.

Edit: But upon reflection, I have done something like that. Sometimes I run remote dedicated servers. Accessed via Tor (via nested VPNs) and paid with well-mixed Bitcoin. With LUKS and dropbear, of course.

If I run VirtualBox, I can basically do the same thing I do locally. I use pfSense VMs as VPN gateways, to create nested VPN chains. And then Whonix instances, which hit Tor through those VPNs. And I access the remote VMs via VRDP via SSH via Tor etc.

[ParadigmaShift]

I do, and it all goes over nested VPNs/Tor, but my solution is different than the one mirimir uses.