[irrationalidiom]

This advice is dangerous, because the author fails to mention other precautions the user can and should take, such as:

* Use a Linux live CD on the "burner laptop" -- don't trust the preinstalled OS

* Change the MAC address of the Wifi used to connect at the internet cafe

* Use Tor, most easily via the Vidalia browser bundle

The author also does not mention that leaking documents can expose the whistleblower via watermarking and user information embedded in the file (most infamously in MS Word documents with versioning).

Edit: update formatting

[DanBC]

> Use a Linux live CD on the "burner laptop" -- don't trust the preinstalled OS

Tails is a Linux distribution aimed at privacy and anonymity.

(https://tails.boum.org/)

[adlpz]

I know I'm being paranoid, but I feel uneasy using a privacy-aimed distribution for privacy. The whole obvious target thing.

[steveklabnik]

This is where the 'many eyes' things comes into play; if the whole distro is OSS, then you can be pretty sure that it's good.

[anonyfuss]

Most people never review source code, and they certainly don't disassemble and review all the binaries. 'Many eyes' is a security fallacy in cases like this.

[steveklabnik]

Tails is ridiculously well known; if something was bad in it, it would be big news.

[mseebach]

If it was found. Which is the point.

Debian, which is much better known and in much wider circulation than Tails generated weak SSH keys for two years. Yes, it was indeed very big news. When it was found. After two years.

Oh, and tin-foil-hat on: Do we know (actually know-know, not just assume, think, trust) that the weakness wasn't planted there?

[wslh]

Buy a long-range WiFi antenna and connect from a distant location instead of going to an Internet cafe where you can be recorded by a lot of cameras in the way.

[Swannie]

This! Who cares if the laptop is a "burner" if you were caught on Starbucks cameras opening a laptop minutes before the communication was sent, in a place you'd never normally go?

Or parking up and walking past the bank next to the coffeeshop a few more minutes before entering the coffeeshop?

You have to be even more paranoid if you are on a short list of people with access to the information - they will pull up all of your movements, possibly check traffic cameras for your care movements, etc.

Long range Wi Fi just makes so much more sense.

[smackfu]

Fears of watermarking is probably why the leaked documents are what they are. A court order and a training slide deck are the kind of thing that people are authorized to distribute internally.

[sitkack]

Which is why you need a co-leaker. Dangerous yes, but you can at least compare documents between each other. Extract the text, strip the UTF down to ascii and fix the whitespace...

Hell, even have it transcribed by a typist. Full air-gap. This whole leaking business needs to be turned into an SEO optimized translated wiki page.

[hawleyal]

Agreed. The author obviously knows little about opsec.

[AdrianRossouw]

you can get distros for the raspberry pi that hack wifi networks these days.