Some of the `su` restrictions and sandboxing could be useful, but most of this list is overly pedantic and honestly for my part I would not recommend it, it would be hell to maintain and is unnecessary for a desktop user. Just operate a firewall which does not allow inbound access, and only run programs you trust (e.g. from the distribution repository, from a developer you trust, auditable code, etc.)