It depends on how bad they want to find out. You can cut off opportunistic doxxers with basic security practices: VPN, password manager, code-based 2FA (not SMS). Your activity on nostr still travels over the internet, and metadata about that activity is the smoking gun.
A determined attacker will always find a way, so you have two ends of a spectrum: don't draw attention to yourself <-> have exceptional security practices. Find a spot that's comfortable to you.
Straight facts
Damn I suck at both of these things… I guess I’m screwed 😭
Just get strapped and it wont matter
I believe in you. It's easier than you think, since most hacks target low hanging fruit. You'll be way safer than most people if you adopt the 3 things I listed in my last post: VPN, password manager, and 2FA that's not SMS or email based. Then if you want more, Mitnick's The Art of Invisibility is a great read on the subject, though you likely won't need to do 90% of the measure he details. I don't.
My recommendations as things I've personally used:
NordVPN
1password (for both passwords and 2FA codes)
Firefox with uBlock Origin and Privacy Badge
Proton Mail - encrypted email
Mega - encrypted cloud storage
Proton mail is fed owned
Nord vpn is fed owned
Use tutanota
Use mullvadvpn (buy with crypto)
