Published using Google Docs
Graham's 2018 security primer
Updated automatically every 5 minutes

Graham’s 2018 security primer

Howdy.  I’m Graham Freeman.  This is my approach to personal security.  This reflects my own opinion, and is not reflective of any employer or other party, past or present.


Here’s where I stand, so you can weigh my advice accordingly.

Personal/political: I’m a middle-class father of small children, in a quiet and safe beach town in what has been a politically stable corner of the world. As a white heterosexual male in the US, I have always played life on “easy” mode. Even so, I vividly remember the poverty of my childhood, and I know many people who continue to struggle in that context. My family and friends include a broad spectrum of humanity, and I believe in the inherent worth and equality of all.

Professional: I work in computer security at a large university. My work involves poring through collections of computer network logs for indications of compromise, identifying patterns and practices of attackers, and translating lessons learned to preventive engineering tasks and well-informed organizational decisionmaking. I’ve held similar positions at two other universities.  I was also an information security architect at a multinational venture-funded renewable energy company.  I first began working on challenging network security problems in 1993.  All of this has taught me to balance caution with pragmatism, and to respect the fact that patterns and practices are more effective than any one particular security solution.

Intended Audience

This document is intended for people in North America who use the internet, but aren’t generally at risk of targeted attacks by resourceful jerks. It may be useful for others, too.

This document is probably inadequate for people who are at risk of a targeted attack by resourceful jerks. If you are an activist, please use this document as a baseline and then supplement it with the EFF’s generally good advice on the matter.  

If you’re anticipating or currently under online attack by organized gangs of misanthropes,
this Geek Feminism document is an excellent resource.

Another generally useful resource is Citizen Lab’s interactive Security Planner web site.


This is what I recommend for personal electronic security in the US in 2018.


Generally: Be skeptical, be thoughtful, and don’t trust everything you see on your devices.  That said, with a solid baseline and some reasonable maintenance, you can be more secure than 99% of the rest of the gadget-using world.