No, the ultra paranoid would buy two computers, perform install 1 from friend 1s internet connection, downloading everything keeping a copy and check-sums, then perform install 2 on a friend of a friends connection, then compare the results of both the downloaded check-sums and the installation. (For certain flavors of Linux it should be the same).
Because the NSA would have no idea who your friends are, and wouldn't dream of monitoring their internet connections.
He forgot to say that you must encrypt the entire usb-stick as well
Rule-10 says to consider encrypting everything you transfer. (How do you "write an encrypted blob" to a USB disk without using a filesystem, on a normal computer that you aren't writing your own fake-filsystem driver on, than you can also read on an internet connected computer, e.g. one at your friend's house?).
I don't think you need a filesystem of partition table to put data on a block device.
I think you need a filesystem if you are in the world of Bruce Schneier's article, using Windows on both sides, writing at the level where "don't connect your air-gap computer to the internet" is worth saying.
Of course you can C-x M-c M-butterfly[1] this scenario, increasing impracticality more than security at every step, as far as you find enjoyable.
Because the NSA would have no idea who your friends are, and wouldn't dream of monitoring their internet connections.
He forgot to say that you must encrypt the entire usb-stick as well
Rule-10 says to consider encrypting everything you transfer. (How do you "write an encrypted blob" to a USB disk without using a filesystem, on a normal computer that you aren't writing your own fake-filsystem driver on, than you can also read on an internet connected computer, e.g. one at your friend's house?).