I have a pretty well-tested system involving Syncthing, Restic, and rsync.net that causes the data I care about to all be backed up daily to a local and remote store.
For people who are privacy-conscious (and have dirty laundry to hide), outsourcing backups to a third party cloud (especially one of low headcount) will increase the risk of any personal data breach significantly.
It's frankly admirable your conscience is so clean, that this frame never surfaces itself in your post...
I don't think I agree? The contents of the backups are encrypted before they ever go to rsync.net. The cryptography is a little bit fancy because restic is trying to support deduplication of successive encrypted snapshots, so I don't personally understand it, but it seems to have a good reputation.
If you have an alternative you would recommend I'm all ears.
No, you are right. I jumped the gun on commenting and in my ignorance did not realize the security implied by the specific system.
Epistemic status: Programmer and sysadmin but not a security professional. Probably I have some details wrong or incomplete.
tl;dr: The more AI advances, the more you may be subject to supply-chain attacks, remote exploits, and phishing. You should be suspicious of amateurish software and software from fishy sources; employ sandboxes and firewalls as appropriate. Consider hardware security keys for phishing resistance. Make sure you have alerting systems so you can respond to breaches, especially for financial accounts, where it's your responsibility to notice.
Bad news for my computer world
Right now my boxes are a land of freedom and joy. I breezily install software from many sources and run it as my user account, which has passwordless sudo privileges. I let that software go to town doing whatever it wants. Then I use the same computers to do stuff like guard corporate secrets, count my money, and post on LessWrong. This never yet caused me any problem. The largest threat I was concerned about was some random guy physically stealing my laptop or phone.
Unfortunately, the cost of pwning me at a distance seems to be dropping like a rock; thanks a lot, hard-working AI engineers. Phishing scams of every kind have been increasing due to the great ease of using generative AI to impersonate others over voice, video, and text. Supply chain attacks on package managers have been increasing as a consequence. It also seems like superhuman exploit capability is arriving. A Mythos-tier model is likely to be able to find serious exploits in >1%[1] of the software on my box, and common sense suggests that random malefactors may have access to this level of capabilities behind minimal guardrails in the next year or two. Anyone who wants to spend a few thousand bucks may be able to find a way to remotely exploit software I am running.
I'm specifically concerned about all the software made by developers who don't have a big security budget, and where it may not be their full-time job to work on the software. I won't be scared to run software from big budget software teams that are trying to be secure. They will just use the same tools that the attackers have access to in order to find and fix vulnerabilities.
My dream is to fix things up to a state such that
Good ideas I already do
Password manager for most accounts
I'm happy with this, I use Bitwarden and I have a strong passphrase and 2FA. I considered whether I should self-host this, but it doesn't really seem to matter. Since the secrets are end-to-end encrypted, as long as I'm using Bitwarden's client software anyway, it doesn't seem to matter much whether I trust the actual Bitwarden cloud service to be secure.
I store recovery codes for all my 2FA accounts on paper.
Account 2FA via phone TOTP
I think using a phone authenticator app to store TOTP secrets (I use Aegis) is still going to be OK. Phone security will probably look relatively good in the post-Mythos world because the phone OSes are vendored by big tech companies with fancy security teams. The most serious concern is that it is plausible for someone to phish the TOTPs.
It's well known that using SMS for high-value 2FA is risky because of SIM swapping sort of attacks, which may get easier and easier with fancy AI if equally fancy defenses are not implemented by phone companies.
Cryptocurrency hardware wallet
My understanding is that modern malware loves to target cryptocurrency, by stealing software wallets and redirecting transfers by rewriting addresses on the clipboard. Having a hardware wallet means that no remote attacker can move my crypto and no remote attacker can get me to transfer it anywhere except where I confirm on the device screen (but I should really confirm it...)
Redundant backups of important stuff
I have a pretty well-tested system involving Syncthing, Restic, and rsync.net that causes the data I care about to all be backed up daily to a local and remote store. This is relevant because it means that I don't have to pay out to ransomware that threatens to toast all of my local data unless that ransomware is smart enough to nuke my backups, which I think remains unlikely. (I admit that it would be better if I made it harder to intentionally nuke my backups. A dedicated intelligent ransomware attacker could do so.)
Good ideas I am working on
Isolate network services that don't need to be public-facing
I have a variety of self-hosted things like nginx and Tiny Tiny RSS and Photoprism running on home servers, which are exactly the sort of software I think is going to be ultra suspicious in this future world (probably nginx will be OK.) Some are only accessible via my LAN, and some are public-facing but only used by me and/or my family.
I'm planning to use Tailscale on my home server and all my family's devices[2], so that those services only get packets from whitelisted entities and are no longer exposed to the Internet. That way remote attackers can't get to them and it should be sort of OK even if they are buggy or if I don't patch them instantly.
When there's a service that I want to expose to external people who can't or won't be on Tailscale, like the nginx for my public website, I may go through some extra effort to make that service as sandboxed as possible, such that there's no way that anyone who pwns it can get access to anything else important. See below re: sandboxing.
Hardware security keys to defend Bitwarden and email
I'm setting up two Yubikeys (main and backup) to serve as 2FA access for my Bitwarden and email. (My email domain registrar doesn't seem to support them, or else I might use them there too.) Previously I was using TOTP for these on my phone. The Yubikeys make me feel better because they are also phishing-resistant[3] and don't rely on the security of my phone. My goal is to retain ultimate control of these accounts in as many situations as possible.
Yubikeys are a little tricky[4] to figure out how to use effectively. I think it would be a mistake to try to use them for a ton of accounts, since it's a pain in the ass to maintain redundancy (you can't duplicate or back up the key material in one, so if you want a new one, you have to go register the new one individually with every account you are using the old one with) and you might get bitten by the limited memory on the keys if you have a lot of accounts. The sweet spot seems to be to using them only for the most important stuff and being careful to have physical backups or recovery codes you can use to regain control of what you use them for.[5]
I'm also considering to have a nano Yubikey permanently inserted into each of my Linux boxes with credentials only for that machine, and instead of passwordless sudo, allow sudo by touching the key. I may also use those Yubikeys to store my SSH keys instead of storing them on disk. If I do this, then ideally, the blast radius of someone remote getting user code execution on one of my boxes will at least be confined to that user, on that box.
Firewalling software when possible
Previously, I had no firewall to speak of on my laptop. That means that if there is some random piece of software that connects to the Internet for some dumbass reason like telemetry or updating or whatever, I'm taking a risk on a remotely exploitable vulnerability in that functionality. Furthermore, if someone snuck some malware onto my laptop, then it could pretty much go crazy over my Internet connection and I would never notice.
I think a better way to handle this situation is to use software like OpenSnitch to whitelist applications to make reasonable outbound connections on demand, and notice if something that doesn't seem like it should be making a connection is trying to anyway. I've installed it on my laptop and plan on seeing how it goes.
Sandboxing software when possible
This is a big area where I need to orient myself, because right now my practical knowledge sort of caps out at chmod. Nowadays Linux has a ton of different sorts of thingies that can serve to restrict the privileges of some user or process. This blog post sums up a bunch of them.
It seems like my takeaway is that if I want to sandbox some Linux software, I have about five reasonable things I can consider, roughly ordered by how much of a PITA it's going to be:
I plan on making sure I am doing something I am happy with here in the case of server software in particular, and for other potentially risky software if it's easy. I may also explore having some kind of container I use for all development where I am pulling in random stuff from a language package manager like npm or pip or cargo and running it as my user account. If anyone has recommendations for this setup I'm all ears.
I have no clue how to do anything useful here on other OSes (other than number 5), sorry.
Hardening financial accounts
The obvious reason someone would self-interestedly want to break into my computer would be to steal my money. That raises the question of how easy it is to steal my money if you pwn my computer. I did some reading to try to understand the answer to this question and learned that it's complicated.
Be warned that this is the part of this post I know the least about, and I just did my best to figure it out with a modest amount of Internet research.
Banks
American banks are subject to 12 CFR § 1005.6, which I understand to say that consumer liability for unauthorized transfers[6] from, e.g. a checking account, is limited. If you notify the bank "within 60 days of the financial institution's transmittal of the statement [containing the fraud]", you have no liability;[7] past that, you can be held liable for subsequent fraudulent transactions without limit. So as long as you have some system by which you will notice sort of soon if unauthorized transactions start flying out of your checking account, like some email or text alerts, you're probably good.
Credit cards
American credit card issuers are subject to 12 CFR § 1026.12, which I understand to say that there is zero consumer liability for online credit card fraud.[8] So again, it seems like the thing to do is have any system by which you will actually notice any unauthorized transfers and report them promptly.
Brokerages
Unfortunately this case seems much more confusing than the bank or credit card case. There isn't a specific piece of regulation specifically limiting consumer liability for brokerage assets. Instead, it's an ad hoc process that varies between brokerages, and AFAICT resolves disputes via FINRA arbitration.
As an example, Vanguard has this webpage, where they write under the "Our Promise" tab, "Where you have taken the qualifying steps to protect your account, Vanguard will reimburse every dollar that leaves your account through an unauthorized distribution." But the stuff on that page is not super precise. And they don't have equivalent language in, for example, the brokerage account agreement that they give you.
If it's ultimately up to arbitrators deciding fuzzily depending on what seems just and equitable, then you would presumably do well to impress them by taking all of the obvious security precautions and by notifying the brokerage promptly about any fishy activity. Vanguard for example allows you to set up email and/or text alerts for every transaction.
I'll leave this topic after mentioning another annoying threat. It seems like in recent years there has been an uptick of criminals stealing accounts with a system called ACATS, which is designed to transfer your assets to a new brokerage account. If they can dig up enough info on your identity to open a new brokerage account as you, and they know your existing brokerage account info, then they can initiate a transfer of your assets into the new account, and then transfer them out from there as they wish. So that's a way that you can potentially be attacked without anyone having your brokerage account credentials at all. According to people online, Fidelity has an account lock that can protect against this, but it's unclear what else to do to defend yourself.
Conclusion
I think the actual conclusion, as in, the final state of human computer security before the singularity, will be pretty good, because more and more popular software is going to get patched and the bugs are going to get ironed out. But in the meantime it might get pretty bad. And phishing is probably just going to get worse and worse unless there are some big paradigm shifts. So I think it's worth investing in all of this stuff to try to weather the next few years or whatever.
Please comment if you have any thoughts or advice!
https://red.anthropic.com/2026/mythos-preview/
Tailscale is basically a fancy proprietary control plane for a Wireguard VPN, which one could configure directly, but Tailscale has a good reputation.
When you use a Yubikey with FIDO2 in a browser, the browser only prompts the key for a valid credential for the current domain, so no website except google.com can get you to produce a credential valid for google.com and then relay it to google.com. So it's phishing resistant as long as your software is not pwned.
This SE answer was very helpful for specifically understanding Yubikey non-resident keys: https://crypto.stackexchange.com/a/105945
The maintainer of webauthn-rs has a blog with some good reads complaining about passkeys and giving practical advice about using passkeys and Yubikeys, e.g. https://fy.blackhats.net.au/blog/2025-12-17-yep-passkeys-still-have-problems/
You might wonder, will the bank agree with me that the transaction is unauthorized? 12 CFR § 1005.11 has some things to say about this, but this is getting rather out of my wheelhouse. Basically, it seems to me that it will probably be obvious that a transaction like "send all my money to some destination that has no particular relationship with me, my location, or my existing spending habits" will be evidently unauthorized upon inspection.
This appears to be the case for transfers via online banking. Note that this is slightly different than the rules for liability if you have an "access device", e.g. a debit card, which is lost or stolen. Read the regulation for details.
It looks like liability for credit card fraud when the card is physically used caps out at $50.