How would you setup your computer to work on a project that may be seen as threatening by state-level actors?<p>See: situation in Russia, China, ... What are your tips?
If your threat model is the same as an intelligence service, which it basically would if in effect you wanted to protect against state intelligence services, then you would need to follow similar procedures.<p>AFAIK, it's a common practice to have critical systems disconnected from the internet or external networks and located in rooms protected against human intrusion (duh) but also against remote sensing, which these days includes pretty much anything (RF, sound, light, etc).<p>You'd also need to take special measures to avoid equipment from being tampered with before it reaches you.<p>I read articles that the Russians were banning computers altogether in some circumstances and using typewriters instead.<p>But of course if this is indeed "threatening" you'd be as likely to have an 'unfortunate accident' in any case.
The first step would be to not store any confidential information electronically.<p><a href="https://www.theguardian.com/world/2013/jul/11/russia-reverts-paper-nsa-leaks" rel="nofollow">https://www.theguardian.com/world/2013/jul/11/russia-reverts...</a> for example.
Don't talk about it, and don't give them any reason to look to closely at you. You can't defend yourself from a huge organization as an individual, so you have to avoid catching their attention.
Use phishing resistant 2FA everywhere! (FIDO etc.) - avoid SMS<p>Limit admin privileges<p>Install an up-to-date antivirus/HIPS/EDR solution (with web protection)<p>Keep your OS and apps up-to-date (apply patches)<p>Periodically scan your system with tools like Loki, Thor Lite scanner etc.<p>Be careful about your browser extensions and their privileges<p>Make sure you don't expose any public service to internet (RDP etc.)<p>Try to avoid Windows (if possible)<p>Implement application allowlisting<p>Use file-integrity apps to protect critical files<p>Monitor continuously (via NSM and EDR), respond ASAP (isolate etc.) when you see a sus. thing on your system/network before they complete their objectives<p>Read about latest threats, evaluate your posture since threat landscape keeps changing<p>Read about threat/incident reports regarding state-level actors targeted your industry in the past
Can't be done. The state is the one that produces the chips (Intel is just another branch of the government). Software is just a layer on top that can always be subverted with hardware by someone who knows the sequence of operations that will give them access.