The NSA might be able to query their databases for anyone who recently visited the city where the wifi involved is located, and you might match that if there were license plate scanners on the way, even if you paid for gas in cash. If that information isn't collected by the NSA today, it probably will be tomorrow.
The NSA might be able to query their databases for anyone who "went off the grid" for a day or two around the event they're interested in. That's not good enough to id a suspect, but it narrows the pool. If you stopped making google searches from your normal internet connection within a day of the event in the other city, and you normally use your computer every day, or if your phone was off within a day of the event, that's suspicious. Enough of those kinds of data points and you become a suspect.
Even simpler, and a staple of crime fiction, stuff happens that you have no control over that can place you in the vicinity at the time of the event. If you have bad luck and get a ticket or get in a car accident in the city in question, for instance...
Far from suggesting that you simply need to be more careful, my view is that you can't take sufficient precautions to get risk down to a tolerable level if whatever you're doing brings you to the attention of the NSA.
What if you ran scripts on your phone and computer so that it would appear as if you were browsing the internet and using your computer during your regular usage times?
Also using public transportation (and paying for it in cash) will help mitigate the first issue your brought up.
Personally I had the idea a while back for a sort of time-release dead drop. Stuff a Raspberry Pi into a fake power strip, put your seekrit information onto the SD card, and go plug it in somewhere in a city you 'happen' to be passing through, near to a public wifi spot.
Then a year later it wakes up and uploads the data publicly via Tor and self-wipes. Even if it's traced back to the Pi, they'll have to trace the Pi back to you (you bought it untraceably, right?).
I think that what you are saying is true, but there is always a level of risk. It's more about mitigating it than eliminating it - you can't really do that.
Again, this is all hypothetical, don't go and do anything naughty.
Yes, that has always stopped me from doing some things, I would like to do covertly and aren't exactly ok. But there is no safe way to do it. How do you make sure that you won't get into traffic accident when going on mission or returning from it. It would be really nice to hear how you make roads 100% safe.
I'm also too security oriented and been monitoring this field for over 15 years. So I know how hard it is to be absolutely anonymous. I also know that my Finnish & English aren't exactly textbook examples, so I can be profiled easily out even if I would be technically 100% anonymous.
I always surf the web from virtual container which is fully reset after each session. I also don't ever process, email, im, web, archives or what ever on host system. I also have completely separate (hardware), similarly safe configuration for handling PGP/GPG encrypted messages, which is connected only via serial-link so I can view the ASCII armored payload before sending it for processing. Anything else than ascii armored payload isn't being sent over that 7 bit link ever.
It's also obvious that I have prepaid dumb phone(s), one for each identity, which are circulated on random schedule. I only use those phones at single location (without other tracking devices), because moving with those would allow linking my (moving) position with my other phone(s). Making it easy to correlate those. Yes, I know this is non-optimum solution, if you're expecting someone to hunt you down. But it's good for generic privacy as long as you don't expect anyone to be there waiting for you.
Getting rid of habits is also very hard and requires huge effort. That single thing (service, program, password, etc), word or phrase you just used, will single you out from larger group.
The NSA might be able to query their databases for anyone who recently visited the city where the wifi involved is located, and you might match that if there were license plate scanners on the way, even if you paid for gas in cash. If that information isn't collected by the NSA today, it probably will be tomorrow.
The NSA might be able to query their databases for anyone who "went off the grid" for a day or two around the event they're interested in. That's not good enough to id a suspect, but it narrows the pool. If you stopped making google searches from your normal internet connection within a day of the event in the other city, and you normally use your computer every day, or if your phone was off within a day of the event, that's suspicious. Enough of those kinds of data points and you become a suspect.
Even simpler, and a staple of crime fiction, stuff happens that you have no control over that can place you in the vicinity at the time of the event. If you have bad luck and get a ticket or get in a car accident in the city in question, for instance...
Far from suggesting that you simply need to be more careful, my view is that you can't take sufficient precautions to get risk down to a tolerable level if whatever you're doing brings you to the attention of the NSA.