I’ve been using Authelia for almost 2 years and I really like it. Never had any issues.

Mull is even better, it’s hardened Fennec. It’s basically like LibreWolf but for Android.

Yeah

It’s pretty good for desktop apps, but it doesn’t provide CLI applications, so I still have to rely on the AUR. There are some issues with it, but overall I think it’s the best solution we currently have. And it’s very easy to use, which is great for new users and it will become important if Linux continues growing like this.

Sure, but in my experience it’s not that hard to convince people to get on Signal. (Maybe because here in Europe everyone already has like 15 messengers on their phone, so it doesn’t bother anyone to download another one)

If you use SMS, you can argue that Signal has much better photo and video quality, it can be used from a tablet or a computer and it’s basically just like iMessage but for all platforms.

I would recommend you to try out Linux in a virtual machine and play around with it. You can watch this video if you don’t know how to set this up. You can do much more with a VM than with WSL. It allows you to basically try any Linux Distribution, whereas WSL only supports a few distros. In a VM you also get a desktop environment by default, whereas WSL mostly restricts you to the terminal. Sure, you can run graphical apps in WSLg, but you still don’t have a Linux desktop. Lastly, it’s much easier to take a snapshot of a VM, and roll back in case you break something.

After you get comfortable in a VM, maybe try booting a Live USB of some Linux distribution. That way you will be able to try it out on your actual hardware.

After that, you can set up dual boot. That way, you can still keep your Windows installation, but also use Linux without any restrictions or limitations.

Replacing Windows is always an upgrade

Yes

I recommend the following section of this article:

Rooting your device allows an attacker to easily gain extremely high privileges. Android’s architecture is built upon the principle of least privilege. By default, only around 6 processes run as the root user on a typical Android device, and even those are still heavily constrained via the full system SELinux policy. Completely unrestricted root is found nowhere in the operating system; even the init system does not have unrestricted root access. Exposing privileges far greater than any other part of the OS to the application layer is not a good idea.

It does not matter if you have to whitelist apps that have root — an attacker can fake user input by, for example, clickjacking, or they can exploit vulnerabilities in apps that you have granted root to. Rooting turns huge portions of the operating system into root attack surface; vulnerabilities in the UI layer — such as in the display server, among other things — can now be abused to gain complete root access. In addition, root fundamentally breaks verified boot and other security features by placing excessive trust in persistent state. By rooting your device, you are breaking Android’s security model and adding further layers of trust where it is inappropriate.

A common argument for rooting is that Linux allows root, but this does not account for the fact that the average desktop Linux system does not have a security model like Android does. On the usual Linux system, gaining root is extremely easy, hence Linux hardening procedures often involve restricting access to the root account.

I agree. You’re much better off just using Signal. It’s not federated/decentralized, but all client apps, the protocol and the server code are completely open source and anyone can fork the project. It also works on every platform, its encryption protocol is the most secure one out there and it’s been around for over 10 years. They also recently added some cool new privacy features.

*counterproductive in regards to security, I updated my original comment

Nextcloud Notes is pretty good. Btw Joplin has an option for End-to-end encryption.

These guys can go fuck themselves

You need to differentiate between root and custom ROMs. Root is counterproductive in regards to security, because it significantly increases attack surface, but Custom ROMs like GrapheneOS can make your device much more private and secure. It also doesn’t ship any proprietary apps by default and Google Play services are sandboxed and isolated, just like any other app. It’s pretty amazing.

Did you read my previous comment? I spscifically said:

No, because Fedora DOES include proprietary blobs (for a good reason)

Intel/AMD CPU microcode

The GrapheneOS team is security focused to the point where it is detrimental to the regular user experience. I.e. “Secure App Spawning” increases app startup time considerably on older devices like the Pixel 4a.

That’s why Graphene allows you to disable the security features. Turning off secure app spawning won’t make your device incredibly vulnerable, it will just be set back to normal AOSP security level.

Also, the GrapheneOS team has very high standards for security features supported by a phone. Basically no phone besides Pixel supports those features, which obviously isn’t a big problem for most people (else we’d have a big problem).

You know which phone has basically all of those security features? The iPhone. GrapheneOS is not building something insane, they’re just hardening Android to a point where it’s actually comparable to iPhone security. Sure, usability might not be perfect because Google only releases base Android as open source software and keeps all their fancy apps proprietary, but it’s not in a state where it’s totally unusable either.

No, because Fedora DOES include proprietary blobs (for a good reason)

Obviously they comply with the GPL, otherwise they would get sued. But Red Hat acts exactly like a proprietary software company. That’s what the quote is trying to say.

It’s really not hard, it takes 10 minutes and the entire installation process can be completed from nothing more than your web browser. https://youtube.com/watch?v=L1KZWjZVnAw