If you are doing something that would make the NSA interested in you (and I would highly highly discourage that), you'd need to focus more on tradecraft. Get the laptop from a source that can't be traced to you, like a thrift store in a city where you don't live or normally frequent. Disguise yourself, pay in cash, and either make sure there are no security cameras or wait a good year before you do whatever you are going to do (nobody keeps camera data longer than that). When you do whatever you are doing, use a Live CD like tails. Disguise yourself. Wear gloves. Go to a city you don't live in or frequent regularly, and only use cash during the trip. Park a long distance from your wifi source where there are no cameras and walk to where you will access the wifi. Use a cantenna to hit an open wifi some distance away, preferably a public connection like a busy coffee shop. Do whatever you are going to do. Walk back to your car, drive to a nearby town, smash the laptop and dispose of in a dumpster. Drive home.
The NSA might be able to query their databases for anyone who recently visited the city where the wifi involved is located, and you might match that if there were license plate scanners on the way, even if you paid for gas in cash. If that information isn't collected by the NSA today, it probably will be tomorrow.
The NSA might be able to query their databases for anyone who "went off the grid" for a day or two around the event they're interested in. That's not good enough to id a suspect, but it narrows the pool. If you stopped making google searches from your normal internet connection within a day of the event in the other city, and you normally use your computer every day, or if your phone was off within a day of the event, that's suspicious. Enough of those kinds of data points and you become a suspect.
Even simpler, and a staple of crime fiction, stuff happens that you have no control over that can place you in the vicinity at the time of the event. If you have bad luck and get a ticket or get in a car accident in the city in question, for instance...
Far from suggesting that you simply need to be more careful, my view is that you can't take sufficient precautions to get risk down to a tolerable level if whatever you're doing brings you to the attention of the NSA.
What if you ran scripts on your phone and computer so that it would appear as if you were browsing the internet and using your computer during your regular usage times?
Also using public transportation (and paying for it in cash) will help mitigate the first issue your brought up.
Personally I had the idea a while back for a sort of time-release dead drop. Stuff a Raspberry Pi into a fake power strip, put your seekrit information onto the SD card, and go plug it in somewhere in a city you 'happen' to be passing through, near to a public wifi spot.
Then a year later it wakes up and uploads the data publicly via Tor and self-wipes. Even if it's traced back to the Pi, they'll have to trace the Pi back to you (you bought it untraceably, right?).
I think that what you are saying is true, but there is always a level of risk. It's more about mitigating it than eliminating it - you can't really do that.
Again, this is all hypothetical, don't go and do anything naughty.
Yes, that has always stopped me from doing some things, I would like to do covertly and aren't exactly ok. But there is no safe way to do it. How do you make sure that you won't get into traffic accident when going on mission or returning from it. It would be really nice to hear how you make roads 100% safe.
I'm also too security oriented and been monitoring this field for over 15 years. So I know how hard it is to be absolutely anonymous. I also know that my Finnish & English aren't exactly textbook examples, so I can be profiled easily out even if I would be technically 100% anonymous.
I always surf the web from virtual container which is fully reset after each session. I also don't ever process, email, im, web, archives or what ever on host system. I also have completely separate (hardware), similarly safe configuration for handling PGP/GPG encrypted messages, which is connected only via serial-link so I can view the ASCII armored payload before sending it for processing. Anything else than ascii armored payload isn't being sent over that 7 bit link ever.
It's also obvious that I have prepaid dumb phone(s), one for each identity, which are circulated on random schedule. I only use those phones at single location (without other tracking devices), because moving with those would allow linking my (moving) position with my other phone(s). Making it easy to correlate those. Yes, I know this is non-optimum solution, if you're expecting someone to hunt you down. But it's good for generic privacy as long as you don't expect anyone to be there waiting for you.
Getting rid of habits is also very hard and requires huge effort. That single thing (service, program, password, etc), word or phrase you just used, will single you out from larger group.
This is such random advice. What threats are you defending against here?
"Wear gloves": Why? Are you thinking someone will pierce the veil of all these other precautions but then be stymied when they find a smashed laptop with no fingerprints on it?
"Sir, we followed him for a year, watched him buy a laptop and use it in a park, but when we recovered the laptop from the dumpster, there were no fingerprints on it!"
They find your smashed lappy in the dumpster. "Oh, look, his fingerprints are all over it". There is no national DNA database outside of the penal system (yet) so your dandruff won't do you in. But a print will, if you've ever done something that got you into NCIC.
The idea is not to foil people who suspect you, it's to to keep them from suspecting you in the first place. If you are a NSA targeted suspect and you did something naughty, you've already lost the game.
Yes, you do have a reason: the practice and preparation to be anonymous takes months/years. I don't care if you're Bruce Schneier and Richard Stallman rolled into one, you will slip up the first time you try. 100% guaranteed.
The standard for needing this kind of anonymity is anticipation of a use case. By the time the use case is at your door, it is too late and if you are unprepared your best bet is to bend over / run away (as the situation permits).
Hah, of course not. I don't do naughty things, I just like thought experiments. And anyone who does do such things would be pretty stupid to draw attention to themselves on Hacker News by posting a proposed method for avoiding surveillance.
