[–] ScientistSupreme ago
Protonmail is an excellent choice if you don't mind waiting for an invite (the waitlist is huge). Another great choice is Riseup.net. Its ultra paranoid and perfect for reporters and activists.
[–] MartinAllien ago
Disable any call home features your browser may have
What's that if I may ask? I don't really understand what you mean by this (maybe because I'm not a native speaker) – I've never heard about "call home" feature.
[–] MartinAllien ago
Yeah, so you mean auto-suggestions, those type-ahead features etc.. got it. Never heard this term before. Thanks!
[–] 1925982? 0 points 1 point 1 point (+1|-0) ago
ext4 supposedly has native encryption now. But aside from full disk encryption, would chassis intrusion detection, UEFI, BIOS password be going overboard for protecting a unit from physical compromise? Does any of that even matter once your hard drive is encrypted?
[–] the_thin_man [S] 0 points 1 point 1 point (+1|-0) ago
It does matter. I didn't include it because this was a suggestion for novices to get started on privacy.
BIOS password is good but not as necessary as encrypting your boot partition. Even if your root and home partitions are encrypted an attacker could still infect your bootloader without an encrypted boot partition.
[–] clickbot 0 points 8 points 8 points (+8|-0) ago
Always install updates from your distribution. These won't slow down your computer, nor add unwanted "features", but fix potential security holes.
Never install programs from the web. Use your distribution's package manager.
Always use an ad-blocker.
Run your browser in firejail.
Use a different browser, or at least different browser profiles, for sensitive things like online banking or shopping.
Don't reuse your passwords.
Use NoScript or disable JavaScript where possible. Disable cookies where possible, only allow cookies from the same domain, delete all cookies after a session. Some browsers should be able to do that automatically.
With HTML5, don't allow client-side storage.
Use GPG (or PGP) with your mails. Always. Use TLS when sending or receiving mails. Don't use webmail, use a proper mail client. Don't use mailservers that accept your password in plaintext only.
Use a live DVD and go through TOR. Maybe setup a proxy server to always tunnel through TOR or a VPN.
Use throwaway mail addresses where possible. Use mailmixers for anonymity.
Set up a home server as mail server. (POP3 is better if you archive your mails, IMAP is better if you use more than one mail client, or use a live DVD.) A groupware server can handle your address book and calendar in addition to your mail. Your server box may also serve as print server and file server for convenience. It can also serve as hardware firewall, filtering proxy, and tunneling proxy. Have it monitor your network for unexpected traffic. An ARM based wall wart or NAS has enough computing power, but uses far less electrical power than a desktop or laptop, which will save you money in the long run.
Block Facebook and Google in /etc/hosts, or through your hardware firewall.
Don't use any products by Sony, Samsung, Lenovo, or Apple.
Don't have a cell phone. Any cell phone. At all.
Don't have a wireless network. Not even a "hidden" one.
Download any websites you want to read with wget or curl through an anonymising proxy, and read them offline.
Write your own UNIX-like operating system, or at least an interactive functional language interpreter, and use that for everything.
Be Richard Stallman.
Isolating your computer from the internet doesn't provide additional security, as demonstrated by the Stuxnet worm. If you do isolate your system from the net, physically block and electrically isolate any external ports, including USB ports and serial ports. Put your conputer in a safe. Immerse the safe in concrete. Submerge the block of concrete in the deepest part of the ocean.
[–] ironic_username 1 point 0 points 1 point (+1|-1) ago
OMG you forgot about insulating it not only in a Faraday cage but also the air gap!!!
[–] clickbot 0 points 2 points 2 points (+2|-0) ago (edited ago)
Good question.
For one, a local mail client makes it easier to use end-to-end encryption, and to verify that all connections to the servers are encrypted as well.
It also makes it possible to read and organize your mail without your every move and click being transmitted to the internet.
Mostly, I just find it more convenient to be able to read and compose and archive and delete my mail even when I am disconnected from the net. Plus, I can use any mail client with any look&feel I want. Maybe even more than one.
It is less relevant if you have your own local mail server, of course.
[–] l3ro ago (edited ago)
I would also recommend the browser extension "HTTPS Everywhere".
As well as https://startpage.com/ for your Googling needs.