I very much recommend Kicksecure hardened Debian as a daily driver. Eventually I will test gaming on Kicksecure making use of the steam flatpak, but I currently dont have the time.

IIRC, there is a way to force hardened_malloc for flatpaks, but this breaks many flatpak applications. For another hardened by default OS distromorph (the process of turning one distro into another closely related derivative OS) check out secureblue

Requiring webassembly will break the website for most privacy hardened browsers (arkenfox, Librewolf, cromite, Mullvad, etc). Webassembly is disabled for security and privacy reasons in these browsers. Not worth IMO. See a short snippet of Arkenfox’s reasoning here: https://arkenfox.github.io/gui/?s=javascript.options.wasm

Ok, understandable. I hate mobile devices because of their limited usable life and limited OS compatiblity. Verified boot is nice, libre-android is better. Not worth it for a person of interest to install /e/OS, but neither would stock Android or AOSP without significant hardening. DivestOS is my top pick for degoogled Android, but as I learn more (been reading kicksecure’s wiki on mobile device security) maybe Root isn’t as bad as I thought for security. I trust Kicksecure’s security research because of their significance as the base OS for Whonix and Whonix-qubes.

Related to relockable bootloaders and the security they provide, I was under the impression that if a malicious bit of software were to make use of some privilege escalating vulnerability and modify the kernel, the phone would fail to run in some way (ignore the rest of this if that isn’t the case). I dont think security should be dependent on the user behavior in basically any case.

For example, a FOSS developer in our communities could suddenly lose it and modify an existing app of theirs to inject malicious code making use of a vulnerability in android and we’d have know what of knowing until the damage is reported. Good user behavior is very important for security, but we can’t all be auditing our apps for each new release, even though its quite unlikely to happen.

It still has much of the google proprietary blobs still included and relies on google services, also without significant effort to harden Android. I have also heard that sometimes they fall behind on updates to their apps by weeks at a time (correct me if I’m wrong I am still looking for the source I found this info from). It may be moderately degoogled, but their security just ain’t there. In some cases (like OEM EOSL for older devices) having a 3rd party ROM may improve security with more up to date patches. Unless the bootloader is relockable and secure boot is possible, you will be compromising your device’s security (and privacy along with it) and destroying the Android security model in general.

I’m out here living my comfy carpenter bee life eating wood and other shit

There is no android ROM that is fully degoogled without losing out on much of base Android’s functionality. See the table I link under the other person’s comment. I have also heard that /e/ OS falls behind on package updates from its forks of other projects, many of its default apps.

https://eylenburg.github.io/android_comparison.htm

/e/ is not very degoogled. DivestOS or GrapheneOS would be better choices, then maybe CalyxOS.

Yeah, any security focused android ROM won’t include root because it breaks the android security model. Breaks the ability to have secureboot and system safety checks by apps.

DivestOS is the most degoogled (removes the most proprietary blobs) android ROM. See if your device is on this list: https://divestos.org/pages/devices

With mull an tubular I being see ads on my phone anyway.

So you are or aren’t seeing ads? I don’t with both.

This table is really good: https://www.messenger-matrix.de/messenger-matrix-en.html

I recommend QUIK SMS as an maintained fork of QKSMS. https://www.f-droid.org/en/packages/dev.octoshrimpy.quik/

Firefox isn’t FOSS. It requires proprietary APIs like Google Safe browsing and others. See the Fennec’s deblobbing scripts and build repo for a more details: https://gitlab.com/relan/fennecbuild

I think the point isn’t that the scrapper is NOT going to record their messages, but instead that it WILL regardless. Then making use of a training data unmasking exploit, the company (theoretical if the law sides with the individual) needs to fully retrain their model to remove the message text. This puts a lot if faith in copyright law, which is strong in the USA (and others) but rarely enforced to the benefit of small creators. Very little legal precedent.

It can access the encrypted data and any unencrypted startup software that hands things off to the OS after decryption.

Anti-fingerprinting isn’t as simple as blocking JavaScript. There are dozens of other parameters. You can fingerprint with pure CSS. When I say anti-fingerprinting is necessary for a crowd, I am referring to data normalization. Like Firefox’s Resistant Fingerprinting and letterboxing. I find most of RFP’s effects unobtrusive, but it always for a crowd to form in specialized cases. Only Tor browser and Mullvad can reasonably form a crowd.
I dont know what you mean by privacy projects spreading dirty JS. I recommend you read up on actual anti-fingerprinting techniques. Your knowledge of anti/fingerprinting seems limited. Basic anti-fingerprinting is necessary on the modern web, same thing with a content blocker. Security and privacy sometimes come at the cost of convenience, but not always.

Jesus. Kinda overkill depending on how many parameters the model is and the float precision

It injects JavaScript and CSS. Any modifications to the webpage DOM are easily fingerprintable and therefore making it easy to distinguish you from other Tor users.

If Tor is blocked try using a RedLib instance: https://github.com/redlib-org/redlib-instances/blob/main/instances.md

My possible solution for you:

1. Visit CreepJS ( https://abrahamjuliot.github.io/creepjs/ ) and calculate your fuzzy fingerprint. Copy-paste that somewhere for later. This step is important so you can verify afterwords that your fingerprint stayed the same (the fingerprint of all other Tor browser users on your release version).

2. Install redirector ( https://addons.mozilla.org/firefox/addon/redirector/ ).

3. Look at the list of public RedLib instances and find ones that are dark mode by default. Then create a config in Redirector to redirect links when you visit reddit.com

4. Visit creepJS and verify that your fingerprint is the same.

If it isn’t too bothersome, I recommend not install any extension because there may be some way to distinguish you even if your reported fingerprint doesn’t change on creepJS.