Online Security Tips for Activists (and everyone else?)

A set up of tips that should allow most people to protect themselves against "targeted non-state attackers, ambient opportunistic state-level actors, and non-specialist law enforcement".

1. Get an iPhone and use it in preference to your computer.
2. Enable "code-generating" or "authenticator app" 2FA on all your accounts, particularly email (this is called "TOTP").
3. Disable SMS 2FA on any account wherever you’re using real 2FA.
4. Switch to Google Chrome, which is significantly more resilient against vulnerabilities than either Safari, Firefox, or IE.
5. Don’t use Dropbox.
6. Enable your OS’s built-in full-disk encryption (this is FileVault on a Mac, BitLocker on Windows).
7. Disable cloud-based keychain backups (OS X will ask you to opt-in when you configure your phone or laptop the first time; Windows will make you go out of your way to do it).
8. Install Signal and either WhatsApp or Wire on your iPhone. Use Signal when you can, and fall back to the less strict alternative app when you can’t.
9. Don’t use email to send sensitive information, full stop.
10. Install a password management application that doesn’t store your secrets in the cloud. I recommend 1Password. Better though to rely on 2FA than on a password manager.
11. Do not use antivirus software, other than Microsoft’s own antivirus software on Windows.
12. Turn off cloud photo backups and location sharing for your camera.
13. Don’t accept or click on email attachments, or allow your peers to send email attachments