What you're describing is likely overkill. Just buy a used laptop on Craigslist. Drive about 50 mi away. Park at a motel and take a yellow cab to a moderately busy Starbucks. Hack away, and then leave via yellow cab. Leave your phone in your car. Pay for everything in cash. Throw away the laptop.
There's a chance that you'll get caught on camera at Starbucks. But the cameras there, if any, aren't set up to provide full coverage and are rotated every few days.
Don't involve any other people , don't wear a disguise. If you're going to alter your appearance in any way, do it when you meet the seller to pick up the laptop.
added: You might want a burner phone to call the cab. But normally a motel desk will do that if you ask nicely.
When they trace the activity back to that starbucks I imagine the fact that you happened to be in the area that day, 50 miles away from your home, stopping at a hotel that requested a cab to that same starbucks would stand out rather quickly.
If you leave your cell phone at home that would help, but you still risk being tracked by your car or being caught on any number of cameras and identified via facial recognition.
I assume they'd be looking at everyone who was in the area and isn't following their usual routine. That's what I'd do anyway. I'd look into the owners of each device logged that isn't normally around.
Walking and driving without a mobile device on your person is sufficiently unusual that it's a form of metadata in itself. Look at the Kohberger case - they're using the fact he turned his phone off as evidence. In fact, this kind of pattern was even used by the Obama administration while targeting humans in the Middle East for extrajudicial killings. It's even more precise when coupled with traffic analysis: if every Tuesday, an IMEI disappears from the network shortly before another IMEI comes online, then those two devices are likely related. In your scenario, the phone disappearing from the network could be coupled with your car showing up on a traffic camera leaving your house. Ironically, you draw attention to yourself by _not_ advertising your metadata.
At a certain point, the world is full of so much metadata that you really can't control your own. Want to turn off location services? Make sure you turn off WiFi too, because a list of nearby access points and SSIDs is enough to pinpoint you down to a few meters. Want to spoof your location when using an app with network services permission? You'll need to spoof nearby access points and their transmission power to match them to somewhere in the real world. And you better make sure to do it inside a Faraday cage. Because no matter how careful you are, if someone else is walking by your clever hacking nest, and they do have location services enabled, then their phone will be able to pair their geolocation with your unique access point topology. Oh, and even with the Faraday cage, the fact your phone is seeing access points that no other phone has seen is a unique data point in itself.
Point is, you can be compromised without any action on your own part. Traffic analysis is hard to defeat, but you can mitigate against it by not committing crimes that motivate the government to spend resources on tracking you across disparate systems like mobile networks and traffic cameras. Or if you must commit those crimes, then you'll need to make sure everything you do is in the fattest part of the bell curve for every possible statistical test the government can use to analyze common behaviors.
Interesting post. Regarding Kohberger, you would think a PhD in criminology would have left his phone on and at his residence during and leading up to the crime. I read that he had a pattern of taking his phone with him on the same route for several months leading up to the murders... Along with the rest of the sloppiness, that seems to be fairly damning evidence and is low hanging fruit IMO.
Before the internet and mobile phone age I can only imagine how much harder crimes like this were to solve.
> Want to turn off location services? Make sure you turn off WiFi too, because a list of nearby access points and SSIDs is enough to pinpoint you down to a few meters.
Not just wifi, bluetooth is used for location tracking as well.
Barista talking to news after person is arrested by FBI: "As soon as they ordered the brewed coffee with no customizations after standing in line for 10 minutes, I knew something was suspicious. Who comes to Starbucks, stands in line for 10 minutes, and then orders boring coffee?"
Somehow your comment reminds me of Head First: Design Patterns, where decorator objects wrap each piece of the beverage order: SugarFreeCreamer around Vanilla around Vanilla around Caramel around Macchiato...
- tor + cubesOS set up by somebody you deeply trust (person A)
- on a USB bought by a different person (person B)
- with a network card bought by a different person (person C)
- many miles away, wearing generic clothes in a cafe where people go to work
- different hairstyle and facial hair
- mask
- without having a phone (obv)
- navigating there by changing multiple cars with minimal electronics
- ordering the most boring coffee
- persons A, B, C don't know each other. You don't know personally B, C, but a person(s) D, (and E) can vouch for them.
My gut tells me that the more people you involve, the easier it is to trace you because you will be at the intersection of those people's radii.