One must remember: there is nothing like safety by default.
I did interesting test in situation where everything in LAN was infected. Infected Win, Mac, Linux computers, infected all mobile devices iOS/Android. Infected router. Everything was turned off, except router.
I was curious how much time unknown pentester will take to brake uninfected laptop with installed from scratch Qubes 3.2/Whonix…
Ok. Let,s turn it on!
If it is connected to infected router, it’s matter of 5 minutes!
Firstly he broke fedora nerwork VM, then he did access to XEN, and start some code to change boot process, at this time I turn off laptop.
After some time I did research with this laptop, and it’s BIOS was changed on different version with backdoors.
One must remember, there is no safety if your internet access is honeypot.
Safety is no static. It is process of step-by-step hardening, not only Install and Go thing.
And, please, avoid public free wifi connections. One can be knowledgeable those WiFi can be infected as well.
Save your internet connection IP, like it’s your best treasure.