My security tips for friends/family, in no particular order.

These are a bit dated and due for a refresh.

• Web Browsers
  • Use multiple browsers. I use Firefox and Chrome/Chromium. Firefox is configured to be fairly locked down. Chrome/Chromium is what I use for sites that I “trust”. Avoid Internet Explorer and Safari. However, this guide recommends the opposite. Firefox for trusted sites, Chrome/Chromium for everything else.
  • Make sure your browser is up-to-date. Firefox and Chrome do a pretty good job, Internet Explorer and Safari, not so much.
  • Clear your browser history. Most browsers can be configured to automatically delete history, cookies, etc. on exit. Do you really need all those cookies?
  • Turn off third-party cookies.
  • Uninstall or disable flash! In Chrome go to: chrome://plugins (Chromium is flash free).
  • Firefox/Chrome: Consider the recommendations in How HTML5 APIs can fingerprint users.
  • Use BleachBit on Linux or Windows. On Mac OS X, use Onyx. Clean out unnecessary data as often as possible.
• Make backups. Keep at least one backup offline.
• Use a password manager. See also Password Managers (pdf).
• Use DuckDuckGo “The search engine that doesn’t track you”. In general, avoid sites where you are the product.
• Enable two-factor authentication (pdf) on every site that offers it. Avoid SMS schemes whenever possible.

• Do NOT mix business and pleasure. Use physically separate hardware for home and work.
• Do NOT click any link in any email, from anyone, ever. Cut and paste the URL into the browser. Double-check before you load.
• Do NOT open any email attachments. Ignore them if possible. If you can’t ignore them, run them through an antivirus application or virustotal. Consider opening them in a virtual machine for isolation.
• Do NOT use USB sticks (jump drives, thumb drives, etc.) from trade shows or third parties. This is a common attack vector.

In order of importance:

• NoScript Crucial. Disables most JavaScript, enabling it only where you need it.
• Adblock Plus Not only visually appealing, but also helps block an increasingly popular attack vector. Try uBlock Origin as a lighter weight alternative.
• HTTPS-Everywhere Ensure you’re using HTTPS on popular sites.
• Privacy Badger, but I haven’t been using it long enough to recommend it.

See https://github.com/w00w/security/blob/master/firefox.md for Firefox hardening tips (technical).

• Use a VPN.
• Isolate your casual web browsing by using virtual machines. Bonus points for using OpenBSD. Take a snapshot of the virtual machine and rollback frequently. Qubes OS is an interesting approach, that I have not yet tried.

• OS X Yosemite Security and Privacy Guide
• macOS 10.10 draft guidelines from NIST (PDF)

• Linux workstation security checklist

• Tips from Brian Krebs

• Set Firefox for Android to clear data on exit. Go to settings, privacy, check “Clear private data on exit”. Also review what is cleared by tapping “Clear Private Data” on the settings menu. Then be sure to “quit” often.
• Use two browsers. I would use Chrome for “trusted” sites, and locked down Firefox for general browsing.

• Use the Brave iOS Browser. Source on GitHub.

• Infographic style tips and info from DuckDuckGo
• Surveillance Self-Defense from the EFF
• Top 10 Ways to Boost Your Home Wi-Fi