I'm not a spy, but I try to take reasonable precautions with a computer that could be lost and that uses public wifi, while keeping it comfortable for everyday use. Customizations include:
- ecryptfs (encrypted home folder)
- xprintidle + script to shut down after timeout
- gufw (public setting)
- text2pdf (Only 21k! http://www.eprg.org/pdfcorner/text2pdf )
- qpdf to encrypt pdf files for email. (No one else in the family has learned to love gpg )
- vpn just in case--normally I just check https certificates at grc.com
- firejail: firefox and sylpheed run in firejail
EDIT 3/9/2019 (no bump)
@xali thanks for the idea. I'm afraid I wouldn't know how or when to use macchanger, though.
In the very active security section of PuppyLinux forum, there was a suggestion to add a virtual keyboard (xvkbd or florence) to defeat any keylogger when entering passwords. Or a password manager.
Puppylinux is usually a frugal install, so there's the option for no changes go to disk; therefore no malware can survive reboot. A frugal install of antiX could be done for the same reason.