What kind of security experts are they talking to... My personal list of most important things to do:
1. Run a version of Linux ( Windows is simply insecure )
2. Use Firefox + NoScript and only ever temporarilly allow JS to run as needed. ( JS is -not- safe and at any point in time there are at least a handful of zero day exploits )
3. Use an offline password manager ( KeePass )
4. Use a secure anonymous non-logging VPN for all internet use
5. Use a paid private email account, not some free one
6. Use VMs for running software that may not be safe
Those sounds good but I'm shying away from Firefox at the moment for security. I love their open source approach and would prefer my browser to be open source.
However Firefox does not have tab sandboxing, extension sandboxing, or process isolation. These are pretty standard features in most browsers now (except for process isolation which seems to be Chrome only at present).
1. Run a version of Linux ( Windows is simply insecure )
2. Use Firefox + NoScript and only ever temporarilly allow JS to run as needed. ( JS is -not- safe and at any point in time there are at least a handful of zero day exploits )
3. Use an offline password manager ( KeePass )
4. Use a secure anonymous non-logging VPN for all internet use
5. Use a paid private email account, not some free one
6. Use VMs for running software that may not be safe