First, I’d like to mention that once I was sitting in a bar with some IT pros and developers. Someone brought up identity theft. It turned out that all these ‘should know better’ smart cimputer dorks had been hacked at one point or another. Makes you wonder about your mom and your cousin that are barely able to get online without breaking the toaster. So go help them after you get your house in order!
Couple things. TOR is only somewhat secure. Law enforcement and intelligence agencies have been known to set up TOR endpoints so they can have a better chance of backtracing pedos, criminals and by accident, you too!
Didn’t see any mention of two very simple things. Turn off images in your emails. Sounds silly right? But it’s an old email marketing trick to put an image in an email, even a 1pixel clear gif. Every time that gif is accessed from an email being loaded, they can register where it was accessed from. This is great from the marketing dept standpoint. “we are getting great penetration on the east coast”. Lousy from your privacy standpoint. They can at least tell when you are at home and at work from the ISP the traffic came from.
Use AdBlock Plus or something similar to block ads.
I used to work for an ad agency. It’s no secret that the servers which push out ads to all those web pages on multiple sites can get hacked. Often they leave everything as is, but add in a payload. It is so easy to get malware from a flash ad! So yeah, all these sites that pop up a “please whitelist us?” beg. They need to be transparent about how secure their ad servers are.
Personally I do not trust password managers based in the cloud.
I keep a password protected list of my passwords in excel. In a password protected folder, on an encrypted drive. I have tabs for low, med and high security. To help organize my password-perimeter. Change passwords often. Make them hard to read for a person. If it’s similar to a human word, it can be cracked. Even with a number on the end.