I dont want to start a fight or anything like that, I have to decide between these 2 and cant figure out which is the best and why, mostly because if you ask on X they just start swearing to each other without giving any real explanation, can anyone help a person who want to embrace privacy and anonimity?
Yes. There are deluded, wide-eyed idealists who believe Big Tech should be shown that there are honest ways to make money off of direct sales and they don't need to put people under surveillance, and the best way to show them is proving it with their wallets. What they fail to realize is that Big Tech is unprincipled to the core, and the unprincipled way of making money off of people's privacy is orders of magnitude easier and more profitable.
I have nothing against people who have mental problem. Hell, many people who get heavily involved in computers and into free software are on the spectrum and I have no issues with them or the software they made, which I enjoy using.
What I have a problem with is code made by people who make threats. I don't care why they make threats: if they can code, they can code revenge code. And I have a problem with code made by people who have a persecution complex for the same reason.
DM thinks he's persecuted and he did make threats. Repeatedly - unlike Linus. I'm sorry for him and I sympathize on a personal level, but that makes his code quite untrustworthy, because his motivations for making the code and the state of mind he was in when he made the code make the code inherently suspicious. And like I said, I don't have the time nor the desire to go through and vet his code. I have enough projects to take care of myself without having to second-guess someone's suspicious code.
He may be a genius security researcher and he may be the most talented individual on planet Earth. But in the line of work he chose, having a squeaky-clean reputation and credentials is everything, and his personality issues unfortunately damaged both and tainted his work.
Personally, I preferred not to take the risk and I went with Calyx's work which, while perhaps not as hardened as DM's libraries, is adequate enough for my threat model and - most importantly - made by people with a clean rep. At least it was one of the factor, since I was never going to buy a Google phone anyway, and GrapheneOS only supports Google phones.
Well, all I can say is that your arguments are theoretical ( so far )... DM is innocent until proven otherwise..
Not saying "trust" isn't a valid criteria when choosing software, It is... But I can't see anything shady about the project, it's a joy to use, and for what's it worth, I never looked at buying a big tech phone and flashing a custom ROM as a solution, it is, but a temporary fix, real solution in my opinion is a Linux phone that can run Android apps
this 👇 is not theoretical though, buying a pixel does support Google, that's why you buy a used pixel, minimizing the damage I guess