Here in the UK the government has just passed the Investigatory Powers Act 2016 which, amongst other things, means that ISPs must now keep a record of all your internet activity and it can be accessed by around 50 govt agencies. Apart from the corrosion of privacy, a big concern is that this information will at some point get hacked (ISPs retain it, not ultra-secure govt departments).
Anyway, it got me thinking about security.
On the server side I think we practice the usual stuff, firewall, port-scanner blockers, failed password blockers, remove-root login, passwordless-login, change ssh ports etc but on my local dev machine I just:
- Encrypt contents of HD
- Enable Apple firewall
And that’s it 
What else can be done to protect the contents of my computer and my online activity? Is a VPN the way to go?
