If you are talking to someone who is not currently using:
* A password manager
* MFA on most or all accounts that allow it
* An up to date operating system on all of their devices
Please stop yourself from recommending:
* A VPN
* Tor
* Tails (or any variations/equivalents)
Just… rewind a bit and help with the first items first.
It often feels like tech geeks love to recommend solutions to the avant garde horrors of Pringles cans (ht James Mickens), ICANN, and ISPs (who hate retaining data unless forced to do so) while ignoring the threats posed by password reuse, depending on passwords for security in the first place, or keeping your system patched.
It's like telling someone whose last oil change was five years ago all of the user-accessible parts they can swap out to make their car run better.
@hrefna The other day I was at the grocery store and the checkout person was chatting to me about work. When I mentioned what I do she was like "wow I bet you never get hacked!"
It was great when I told her "actually, somebody tried to access my amazon account the other day. I learned about it because I set up text notifications and MFA. I recommend it!"
So many people think that to have good security you need to be super smart or have niche knowledge, when the best answers are so often the simplest
(and yes I know SMS MFA isn't perfect, but I'm really not in a high enough position to be at risk of SIM spoofing)
Hrefna (DHC)
Dio9sys