N.E.P.T.R

Then that could be used to fingerprint too.

I was taught in my IT Sec classes to avoid sharing any unnecessary information. Information on private IPs can be used to better understand your network, allowing a threat actor to better navigate your network without needing to do ip scans (which are very obvious and should trigger even basic detection). While it is most likely pointless (since OP probably isnt at risk of targeted attacks), it is still good opsec.

Run the following command in the directory containing the .desktop launcher: ./start-tor-browser.desktop --register-app

This integrates the launcher and makes it accessible from your start menu or app search (for your user).

Valhiem

• Most “Open source” LLMs are really just open weights, which is useless without the training data. This dilutes the definition of OSS. There is no way to train the model as a normal person (aka not Google or Meta, etc)
• LLM producers don’t credit the OSS they trained on, no attribution. Most models violate the licenses of all their training data (eg. GPL).
• LLM scraper bots put high stress on server infrastructure, creating a DDOS attack.

They have so far.

Librewolf

Kagi requires an account, therefore associating all your searches to your account. With DuckDuckGo HTML, you can restrict it so it can’t access JavaScript (which it doesn’t do anyways), therefore reducing the risk of fingerprinting or other tracking.

If I had to guess, they probably don’t use the APIs, inside using scrapping of some sort.

You can use both through the browser, which is the safest way of doing things because the browser sandboxes the web apps, isolating them from your system. If you prefer an app for Messenger, look on Flathub, though I advise against it. The two apps I found for Messenger are Franz and Ferdium (a fork of Franz with more features).

To mitigate the privacy risks:

• Firefox with uBlock Origin (or Librewolf)
• Avoid sharing anything sensitive.

Nothing much you can do sadly.

Maybe a setup FIDO2 LUKS unlocking, but that requires a security key: https://www.privacyguides.org/en/security-keys/

While I do find GOS drama a boy annoying, they aren’t wrong about the lacking security of many AOSP forks. iode and /e/OS have a history late patches for security vulnerabilities in both the OS (https://web.archive.org/web/20241231003546/https://divestos.org/pages/patch_history) and for the forked apps they bundle with it. Each Android monthly and Chromium patches usually contains dozens High Risk CVEs, so taking a month or 2 is unacceptable. Neither are good for privacy or security.

See a comparison between some Android ROMs here, especially noting the update speed section: https://eylenburg.github.io/android_comparison.htm

You could setup LUKS TPM unlocking.

“Cross-platform GUI written in Rust using ADB to debloat non-rooted Android devices. Improve your privacy, the security and battery life of your device.”

https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation

Forking isnt a solution, unless you are committed to patching all future security vulnerabilities and adding feature updates on you own. Cryptography is complicated, designing a secure messenger is very complicated. Forking isnt a magic bullet.

Firefox is even more insecure as a Flatpak than Chromium. At least with Chromium using zypak it can use some Flatpak sandboxing (which is still inferior to base)

Project was abandoned like multiple years ago now. Cromite is a fork by one of the contributors and is better than Bromite ever was.

Doesnt come with proper fingerprinting protections or flag hardening. I am not saying ungoogled Chromium is bad, just not a proper replacement for hardened chromium browsers like Cromite or Brave. Ungoogled Chromium is a drop in replacement for Chrome, so it does nearly everything possible to stick with defaults (sans any google connections)

While I agree it would be nice, Flatpak weakens the Chromium sandbox by stopping proper per site isolation. Chromium in Flatpak relies on the zypak server in place of proper strict isolation.

GOS recommends against putting any app that you want notifications from inside the private space. That said, I did the same thing.