That’s a nifty and cheap idea. Now I am wondering if I should make the standard juicy targets (eg ~/Documents, .config, .ssh) complete decoys and put all of my real data just off to the side. Could still be hit by a generic attack, but targeted data extraction attempts would initially fail.
Hmmm, settings things like `~/.ssh` to non standard locations too would probably block a lot of the standard dependency-chain-malware coming around as well.