Improved the antivirus section. Clarified what this suggestion means, that the advice is to not use a free antivirus solution from a commercial vendor.
Also fixed a typo, calmAV to ClamAV.
using privacy declaring search engine is not ensuring that you are not logged
- they could be lying (see numerous VPN providers claiming no logging and then leaking detailed logs)
- something else can be logging (keylogger, IPS, hacker attacking search engine, shoulder browsing)
using secure email provider and sending unencrypted email will not help at all
personal info that is not confidential at all is not problematic, so "confidential or personal" is not necessary
It is very easy (on desktop at least), has powerful effects, doable by anyone.
Also promotes using browser better than Chrome with upcoming defanging adblockers there, has anti-tracking included (in addition to blocking ads with tracking scripts)
Especially if service has true 2FA, with no reset option vulnerable to social engineering
It will be used rarely or never but given potential for massive damage and "Enable 2-Factor Authentication" at recommended it should be also strongly recommended
Text itself limits itself to critical password, and recommending to rotate all passwords is not viable (as a datapoint: my password manager has over 300 passwords for online accounts)
- fix typos
- change "optimal security" to "increased security", in many cases it would not be optimal given how many things will break on Tor
- link issues discussing tradeoffs
In general I would make it more clear that it is not always worth doing. Maybe "Advanced" should be "Advanced, has serious tradeoffs" with word tradeoffs linking separate page documenting issues mentioned in #19?
