{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreigiflvbk5ook3gwa44iw524nn6kcd6dsuvll56din2qvvtxnmnvru",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mipmdlc5kg62"
  },
  "path": "/t/security-posture-that-can-reasonably-withstand-nation-states/36857#post_3",
  "publishedAt": "2026-04-05T01:20:23.000Z",
  "site": "https://discuss.privacyguides.net",
  "textContent": "Encounter5729:\n\n> This seems a pain in the ass. That’s my main critique, the system seems so hardened that at some point this person will just bypass it.\n\nIt is enforced on the VPN gateway, which is itself managed from a PAW. Hence, it can not be bypassed, especially given any such bypass would itself become a vulnerability.\n\nEncounter5729:\n\n> If you are a serious (publicly know target) of a nation state target, you need to take step to ensure physical security.\n\nThis is probably underappreciated advise, it will be considered more strongly. Thank you.\n\nEncounter5729:\n\n> I don’t think we should advise people on specific situation. There are people who already do that for a living (you?) but generally speaking a few remarks.\n\nPrimary looking for feedback to improve from here and possible weak points that were missed. Any advise is welcome and will be evaluated thoroughly.\n\nAs a side note: given the browser is the major remaining attack surface in this setup, currently exploring remote browser isolation. Unable to find any open source solutions remotely comparable to what Cloudflare offers, but this would close the last remaining (easy) vector. If anyone has pointers on this, would be awesome.",
  "title": "Security posture that can reasonably withstand nation states"
}