pull down to refresh

I think Ross Ulbright should be on the list because his arrest contains a lot of important security lessons, such as:
  • Don't directly connect (via clearnet) to your server hosting a Tor hidden service. Instead, setup a second hidden service on the same server, through which you login via SSH. Tor was built to support SSH from the beginning, so take advantage of that.
  • Don't administer your server while in public (library, coffee shop, etc). Anyone can grab your laptop while you aren't looking; and they can grab you when you aren't expecting it.
  • Install something like USBKill [0] or Silk Guardian [1] on your computer, which will turn off your computer when a new device is plugged in or removed.
  • Setup full-disk encryption.
  • Lock your computer the instant you hear commotion or a loud noise. Learn the button combination for your OS (e.g. Windows + L), and practise it 10-20 times per day until you can do it with your eyes closed. If you have a laptop, set it to shutdown when you close the lid (NOT suspend, hibernate, or lock).
To be clear, I don't think Ross was an idiot. He was among the earliest people to setup a high-profile Tor hidden service, so it was natural that he would make mistakes. If you think Ross's prison sentence is unjust, then you should do nothing less than learn from his security mistakes.