You are viewing a single comment's thread.

view the rest of the comments →

0
8

[–] clickbot 0 points 8 points (+8|-0) ago 

Always install updates from your distribution. These won't slow down your computer, nor add unwanted "features", but fix potential security holes.

Never install programs from the web. Use your distribution's package manager.

Always use an ad-blocker.

Run your browser in firejail.

Use a different browser, or at least different browser profiles, for sensitive things like online banking or shopping.

Don't reuse your passwords.

Use NoScript or disable JavaScript where possible. Disable cookies where possible, only allow cookies from the same domain, delete all cookies after a session. Some browsers should be able to do that automatically.

With HTML5, don't allow client-side storage.

Use GPG (or PGP) with your mails. Always. Use TLS when sending or receiving mails. Don't use webmail, use a proper mail client. Don't use mailservers that accept your password in plaintext only.

Use a live DVD and go through TOR. Maybe setup a proxy server to always tunnel through TOR or a VPN.

Use throwaway mail addresses where possible. Use mailmixers for anonymity.

Set up a home server as mail server. (POP3 is better if you archive your mails, IMAP is better if you use more than one mail client, or use a live DVD.) A groupware server can handle your address book and calendar in addition to your mail. Your server box may also serve as print server and file server for convenience. It can also serve as hardware firewall, filtering proxy, and tunneling proxy. Have it monitor your network for unexpected traffic. An ARM based wall wart or NAS has enough computing power, but uses far less electrical power than a desktop or laptop, which will save you money in the long run.

Block Facebook and Google in /etc/hosts, or through your hardware firewall.

Don't use any products by Sony, Samsung, Lenovo, or Apple.

Don't have a cell phone. Any cell phone. At all.

Don't have a wireless network. Not even a "hidden" one.

Download any websites you want to read with wget or curl through an anonymising proxy, and read them offline.

Write your own UNIX-like operating system, or at least an interactive functional language interpreter, and use that for everything.

Be Richard Stallman.

Isolating your computer from the internet doesn't provide additional security, as demonstrated by the Stuxnet worm. If you do isolate your system from the net, physically block and electrically isolate any external ports, including USB ports and serial ports. Put your conputer in a safe. Immerse the safe in concrete. Submerge the block of concrete in the deepest part of the ocean.

0
2

[–] 1926134? 0 points 2 points (+2|-0) ago 

All of these suggestions sound reasonable except for the last three or so.

Don't use webmail, use a proper mail client.

Noobie question: what makes a mail client more secure?

0
2

[–] clickbot 0 points 2 points (+2|-0) ago  (edited ago)

Good question.

For one, a local mail client makes it easier to use end-to-end encryption, and to verify that all connections to the servers are encrypted as well.

It also makes it possible to read and organize your mail without your every move and click being transmitted to the internet.

Mostly, I just find it more convenient to be able to read and compose and archive and delete my mail even when I am disconnected from the net. Plus, I can use any mail client with any look&feel I want. Maybe even more than one.

It is less relevant if you have your own local mail server, of course.

1
0

[–] ironic_username 1 point 0 points (+1|-1) ago 

OMG you forgot about insulating it not only in a Faraday cage but also the air gap!!!