If you don’t mind saying, can you say if you are a US citizen?
   (Probably)

   Do you work on an open source project like TOR?  Do you think they do
   that because you do development?

   I’d love if we build a profile of who they actively perform hardware
   attacks on.  They likely repeat this on categories of people (TOR devs,
   employees at CAs, etc.).   Even if you can give a vague category
   (crypto-currency vs open source file system encryption, etc.)

   That one lady on twitter was a TOR dev.

   I’d love us to deduce as many patterns as possible, so those people can
   be incredibly diligent.

   Best,
   -Bryan
   Bryan Starbuck   |  [1]Bryan@TheStarbucks.com
   On Jul 19, 2014, at 5:25 PM, coderman <[2]coderman@gmail.com> wrote:

     On Sat, Jul 19, 2014 at 5:20 PM, Bryan Starbuck
     <[3]bryan@thestarbucks.com> wrote:

     I like buying a computer in a surprise visit to an apple store or a
     store
     that sells windows computers.

     agreed; on site ad-hoc cash purchases the best procurement
     technique.
     not infallible by any means, but at least avoids some known problems
     like this amusing scenario.
     (shipments from the Seattle Amazon warehouse to Kansas before
     delivery
     to Oregon was also funny.)
     repeat for emphasis:
     - keep chain of custody of sensitive hardware at all times
     - never procure or ship through mail. at one point, priority same
     day
     air would get a pass, but even this no longer suitable.
     best regards,

References

   1. mailto:Bryan@TheStarbucks.com
   2. mailto:coderman@gmail.com
   3. mailto:bryan@thestarbucks.com