The guide doesn't say not to install an ad blocker, but I dispute that claim nonetheless. Ad blockers are fine, and probably add marginally to security, but I don't think they a necessity --- if you're using Chrome/Chromium.
If I was using Firefox or IE, I would agree with you. But step one here is not to be using un-hardened browsers.
I generally make an exception for HTTPS Everywhere and Google Password Alert when I wrote things like this, but I agree that maybe it's worth it to cut them and simplify the guide.
HTTPS Everywhere would be a win (I'd have to think about whether it's enough of one to earn its place on the list, but if you added it, you could also suggest an ad-blocker --- another issue there though is suggesting ad blockers to journalists gets to a tricky place).
GPA is great, but the premise behind this guide is that if you're relying on passwords for Google you're already boned. It's a security win even with TOTP enabled, but I don't think it's enough to earn a spot.
These guidelines are being distributed to activists and journalists along with free U2F keys, for whatever that's worth.
IME, it breaks too many sites to give to all end-users; if the default configuration omitted sites listed as 'Partial'; maybe it would be passable. Maybe have a subcategory for intermediate users and put it there. Novice-level users (for lack of a better term) have no idea why the website is not working, and thus don't even know to consider disabling HTTPS Everywhere.
At some point there was a fake uBlock Origin in the Chrome Web Store and it ranked even higher than the original (afaik). Since then I'm a bit wary recommending browser extensions.
Not so much wrong as missing a line to install a script blocker that's neither spurious, unknown nor unnecessary. In general, the warning against extension is good.
This is wrong. You absolutely must use an ad blocker or noscript extension if you intend to browse the web securely.