Would be helpful to provide alternative to some of the Don'ts.
How does one transfer information if they can't transfer anything across the border?
Where should one store sensitive information? An encrypted drive you're not supposed to transfer across the border?
I'm not really sure what a person is supposed to do with either of those two recommendations, especially if we're saying that person is not tech-savvy. I think these will just be ignored because they don't seem very viable and require a lot of background knowledge and planning.
Also, why is Chrome preferred to Firefox? I generally assume Chrome is listened to by Google across the board, and it still lacks something like NoScript. Chrome doesn't seem to do block XSS well, either.
Similarly, why Gmail as opposed to, I don't know, something like Protonmail or the like? Safety behind big company, reliability, viability?
Why Chromebook and not just a normal Linux?
The inherent trust in Google in this list confuses me.
And 1password over KeyPass. It seems every cloud-based password manager has been hacked in a round robin fashion, but I guess this solves the other cloud based problem.
1. To transfer information across the border, create an encrypted volume, store it on a cloud provider, and download it when you return. Unfortunately, it's more complicated to do this than it should be, so people hoping to do it need individualized instruction. Also, particularly for refugees, there are legal implications to doing this. Ultimately, the simplest recommendation is: don't bring information across the border at all. Go without.
2. Because Chrome is significantly more secure than Firefox. See: rest of thread.
3. Because no email provider is truly safe, and Google's mail service is better defended than virtually any other mail provider. Things like Protonmail are security gimmicks. If you're concerned enough about messaging safety to use some idiosyncratic email provider, you're concerned enough to stop using email for secrets altogether: use Signal, WhatsApp, or Wire.
4. Because a Chromebook is safer for a typical user than Linux, and also because there's a (remote) chance that people might actually use a Chromebook. The security challenges of 2017 are not an opportunity to finally achieve Linux On The Desktop.
5. The list's most contentious recommendation is a rebuke to Google.
6. Standalone 1Password isn't a cloud-based password manager. People should avoid cloud-based password managers.
I also have my doubts about 1Password – although I am still a 1Password users, at least of the old approach (pay once, cloud sync but no web-accessible storage with 1Password). I guess I will have to look for an alternative sooner or later! :(
I use 1Password + Resilio (formerly BTSync) in local sync only mode.
It's kind of a pain in the ass sometimes (I can only sync at home) but the upside is no cloud component and it syncs nicely and automatically between multiple machines.
How does one transfer information if they can't transfer anything across the border?
Where should one store sensitive information? An encrypted drive you're not supposed to transfer across the border?
I'm not really sure what a person is supposed to do with either of those two recommendations, especially if we're saying that person is not tech-savvy. I think these will just be ignored because they don't seem very viable and require a lot of background knowledge and planning.
Also, why is Chrome preferred to Firefox? I generally assume Chrome is listened to by Google across the board, and it still lacks something like NoScript. Chrome doesn't seem to do block XSS well, either.
Similarly, why Gmail as opposed to, I don't know, something like Protonmail or the like? Safety behind big company, reliability, viability?
Why Chromebook and not just a normal Linux?
The inherent trust in Google in this list confuses me.
And 1password over KeyPass. It seems every cloud-based password manager has been hacked in a round robin fashion, but I guess this solves the other cloud based problem.