Have a really small 4g hotspot hotglued to a tiny Linux computer running the Tails distribution read-only with a removable SD card with all your data and no executable code on it if you're a real cypherpunk.
We really ought to push for something better than Tails. I'd love to run something like it on an aarch64-linux or riscv64-linux board. I'd love to run something that doesn't have a hacked, nearly broken debian boot process, which broke the ability to kexec it many versions ago, etc.
The 4g is in the hotspot that you're connecting to via wifi from the mini-computer. That way you don't have baseband firmware exploits to deal with on the linux machine like you would now with a traditional android phone. 4G firmware are all binary blobs that probably have backdoors.
So am I to understand that from an OpSec perspective, connecting a machine to a known compromised system, is ok to do, “because you want internet”?
Maybe because I’m not opsec and don’t know my ass from a hole in the ground, but my security recommendation would be, no, do not purposely connect your machine to a known compromised system regardless of its advertised purpose, attack vectors, attack surface, probability of unwanted exploitation, or justification as to why it’s necessary to do so, because you’re exposing yourself, and possibly corporate machine and network, to compromise. Find a trusted system (aka audited and considered reasonably low risk while acknowledging no system can ever be deemed fully secure and trust, or zero trust is a large determining factor) and consider the compromised machine as not existing at all, therefore not being an option at all, because connecting to it would go against common sense and 8th graders practice better security habits
Edit: yes, I guess you're concerned about sim-resident malware exploiting the modem, exploiting the rest of the machine via USB.
Also, if you're that paranoid, you should probably be running something seL4-based to better compartmentalize compromises.