![](/static/253f0d9b/assets/icons/icon-96x96.png)
![](https://lemmy.dbzer0.com/pictrs/image/a18b0c69-23c9-4b2a-b8e0-3aca0172390d.png)
Apparmor profiles can be applied to an executable - the profile is then (if so configured) inherited by subprocesses. In my case I have a launch script to run lutris in a safe mode. It also changes the effective gid to be matched by some iptables rules (it was easier than creating a new network namespace, which is also possible). The script then checks that the Internet is inaccessible and that reading/writing to secured paths is denied before launching lutris.
Similarly I have a “safe” script to wrap other commands with an apparmor profile that stops most writes to my homedir/reads from some secure locations, which I often use to run scripts/programs from the Internet.
My sudo also requires a password (or a special keyboard combination, thanks to a custom pam configuration).
All that said and done, I’m sure I’ll be caught off guard one day.
In some countries private law firms chase down infringers on behalf of copyright holders. They then attempt shakedowns with the threat of legal action if you don’t pay. They have a financial interest to catch people, and moral compasses vary.
Also, mistakes can happen (you, your family, guests using your wifi, in the courts, in the ISPs, in the law firms, in the tech they are using to identify people). Shit happens.
And if (when) it happens, then you would still have to deal with it, costing you time and money.
Understand the risks and make choices to minimize them if you can.