5 things for better security

following the Snowden events here is what everyone can do to increase privacy/security and prevent man-in-the-middle attacks:

– tor
– otr encryption / GPG email / chatsecure / signal
– password manager and a strong password policy
– 2-factor authentication
– full-disk encryption

– use tor and configure it properly (tor alone does not make you secure…)
You don’t have to run a tor node but it really helps if you do. Make sure not to run it from home, though..

– use signal, tor messenger or chatsecure or any OTR plugin in combination with tor. Encrypt your email using PGP/GPG. Signal can even conduct encrypted calls.

– use a password manager like keepass/pass/keepassx as long as you don’t re-use the same email and password for everything.

– use 2-factor authentication just in case. Google authenticator and Duo security are free and easy to install. Again, it’s an extra step that makes it difficult to track you or your habits
NOTE: This may actually not help you to stay anonymous as you will have to provide a number or server where your “token” comes from. But 2-factor can also mean you have to have the server password and the right SSH key.

– use full-disk encryption for all your drives. Most current linux distributions can automatically set up LUKS partitions inside LVM – as long as your CPU is not too crappy you will barely notice the processing delay.

Bonus points: Run your web server with a valid certificate like the ones from let’s encrypt. Free! :)