For the last two years I've carried a honeypot laptop with me every time I traveled. I checked it in my luggage, left it unattended in my hotel rooms. After each trip, I did forensic analysis on the laptop to detect if it had been tampered with.
I wrote about my experience and methodology here: https://theintercept.com/2018/04/28/computer-malware-tampering/
I hoped that, if an evil maid attacker tried tampering with my laptop, I would not only discover the attack, but learn how it works, and possible who was behind it. Unfortunately (fortunately?), I didn't discover any evil maids.
I installed Debian on the laptop. Before each trip, I removed the hard disk and took checksums of the partitions and the disk header. I also dumped the BIOS firmware. After each trip, I did the same, and compared to see if they matched.
I learned a lot about hardware hacking and got to use free software BIOS tools like chipsec, EUFITool, and flashrom.
It was a lot of fun! I go into much more technical detail in the article.
@qbi @jotbe @micahflee here is an article by the lawyer of german publisher heise about "haven": https://www.heise.de/ct/artikel/Snowden-App-Haven-Einsatz-kaum-mit-deutschem-Recht-vereinbar-3948210.html (de) - concluding that it will likely be illegal to covertly record voice audio of someone, privacy laws set high bars and in general prohibit video surveillance in non-public places without any visible notification that this happens. not sure whether it would be ok with a visible sign denoting "video surveillance in progress".