I 100% agree, its best to just stick to upstream Fedora imo. Glad you made this comment. The security issues of Nobara always put me off, especially since basically everything it does can just be applied to regular Fedora. I think Nobara would much better serve as a script or toolkit, similar to Brace, or something along those lines instead of an entire separate OS with the security issues it brings.

You don’t even need to do that, all you have to do is hold shift when you right click, and it circumvents any hijacking.

Depends, but yes in most cases. Also just adds attack surface and consumes extra resources, so its generally a good practice to keep extensions to a minimum and only use what you need.

I prefer Calyx on my phone, for the sake of the extra privacy of Micro-G vs sandboxed Google Play Services.

You should give DivestOS a try tbh if you prefer microG to Sandboxed Play Services, since Divest’s implementation of microG is sandboxed/unprivileged unlike Calyx’s, which is a massive privacy and security benefit. Divest in general is a lot more private and secure then stock or Calyx, since it includes a lot of hardening and patches from Graphene, so I’d recommend it as the second best option to Graphene in general, and definitely by far the best option for using microG. Divest also covers most of the same phones Calyx and Graphene do, unfortunately no Pixel Tablet support though.

(I’m not trying to shill Divest or anything btw lol, I just think its a great underrated project that deserves a lot more recognition and support than it has, and seems to fit your use case)

Not all of it is carrier related. I had an S21 unlocked (from US) and it still included Facebook and their garbage services, Netflix, OneDrive, etc. Also all of Samsung’s first party bloatware and nonsense is prevalent regardless. Not to mention Samsung selling data and their tracking, crippling your phone if you root it or install a custom OS (and in the US outright preventing it entirely), etc. Can’t recommend them or their phones at all, but its unfortunate because they have great hardware, just terrible software.

My biggest issue with Jellyfin is the downloads. I hate not being able to downscale or compress files. Its really the main reason I still leave Plex up in conjunction to it. Though I hope to be able to get rid of Plex entirely in the future, Jellyfin just needs more time.

It does, it works better and covers more sites, but at the cost of security (increasing attack surface) and using more resources. Pros and cons to both.

Yes, this has been a major issue for NewPipe, see here.

Is the culprit “firebaseinstallations.googleapis.com”?

Sensors and Network access aren’t on Stock Android unfortunately (though they should be!), only on other OSes like GrapheneOS and DivestOS atm. Everything else besides those 2 however is present on Stock.

I’m not sure if it could be done without at least compromising security to some extent (at least in Android’s current state, but maybe that could be changed or worked around in the future), but yeah, overall I do agree, that’s what I was trying to get at. I definitely support there being an official and easier method to root on Android, as long as it isn’t the default, and as long as the risks are clearly explained. People should certainly be able to do whatever they want with their own devices, it is unfortunate, and definitely an overstep from Google and OEMs.

Not having root is done on Android for some very good security reasons to be fair, it opens up a giant attack surface and risk for all kinds of malware and nasty stuff to take advantage of. I don’t think it’s done completely in malice as you think. Its a very important part of the app sandbox and Android’s security model at large.

With that said, I do think that people should have the option to root if they want to, I’m not a fan of OEMs like Samsung and whoever else purposely preventing people from rooting at all costs. I think people should be able to do whatever they want with their own device, root just certainly shouldn’t be the default, and users should be aware of the risks if they choose to use it. But I do think it should be a possibility for those who really do wish to do so.

With Android, it all just comes down to the OEM and variant of it that you’re stuck with. As a whole, I think its an amazing project and OS, though unfortunately Google, and especially OEMs, tend to make a lot of bad choices. It’s similar to Linux as a whole in that aspect. You’ve got options like ChromeOS which are a nightmare for privacy and user freedom any way you look at them, but then you’ve got your traditional distros like Debian, Arch, Fedora, etc, which are the exact opposite. Its an important distinction.

deleted by creator

You’re off to a good start, I’d recommend reading through and following this guide, its the best resource out there at the moment for Linux hardening/security imo.

I’ve considered setting up a passthrough VM like this (and almost did), I’m just reluctant to I guess because of how much work it takes to configure and get going, and how little I actually use Windows anyways, so I just stick to dualbooting when I really need it. I definitely wish the process of setting up the passthrough VM was easier, but like you pointed out, it’d probably be a good learning experience.

This is the way.

Proton VPN is probably one of the best VPNs out there. Has open source clients, is based in Switzerland so under their strong jurisdiction for privacy and data protection, doesn’t keep logs or sell data, has good speeds, includes useful features, etc. I’d definitely recommend it, as well as Proton’s other products.

I generally avoid Cloudflare where possible personally because at the the end of the day, they’re a giant big tech company based in the US, with pretty much unprecedented control over the internet.

With that said, last time I looked into their privacy policy, I thought it was acceptable, but that’s been a while ago, so not entirely sure nowadays. Either way I’m not a huge fan.

On Windows, just use the built-in Windows Defender. On Linux, I recommend ClamAV + ClamTK. On Android, Hypatia.

If you think you have malware, this is a pretty good guide to remove it.

I’d also strongly recommend using and configuring a content blocker like uBlock Origin in your browser, as well as using a DNS level blocker like NextDNS.

If you have a multilayered setup like this, then I think you’re pretty good and it’ll be not impossible, but much harder to get malware or be infected. Just use common sense as always.

Firefox with uBlock Origin is by far the best option, the only other browser that comes close is Brave, their content blocking and such is pretty good, so I’d recommend trying them if you’re hellbent on not using FF. I’d also recommend looking into NextDNS for system-wide ad/tracker blocking in conjuction with the browser.