Librewolf for Desktop (fork of Firefox with Arkenfox user.js and removed Firefox anti-features) and Mull for Android (fork of Firefox which is deblobbed of proprietary blobs and uses much of Arkenfox's user.js and Tor upstreamed privacy patches). Firefox's Resist Fingerprint (RFP) is extremely important in my opinion for privacy because it normalizes much of the identifiers for better privacy. IceRaven still has proprietary blobs included for Google Safebrowsing and other things.

Mobile browser comparison: https://divestos.org/pages/browsers

On linux for the Obsidian Flatpak, you can deny it having internet and filesystem permissions using Flatseal.

deleted by creator

Microsoft Activation Scripts (MAS)

Alternatively to upgrading edition check out these apps:

• KDE Connect
• Syncthing

Requiring webassembly will break the website for most privacy hardened browsers (arkenfox, Librewolf, cromite, Mullvad, etc). Webassembly is disabled for security and privacy reasons in these browsers. Not worth IMO. See a short snippet of Arkenfox's reasoning here: https://arkenfox.github.io/gui/?s=javascript.options.wasm

I'm out here living my comfy carpenter bee life eating wood and other shit

DivestOS is the most degoogled (removes the most proprietary blobs) android ROM. See if your device is on this list: https://divestos.org/pages/devices

1. My point was that standard linux should have those things too if it wants to be considered "secure". Default Linux isn't secure out of the box without a lot of work. It is more private than proprietary OSes but not more secure, therefore compromising your ability to safeguard privacy as a result. Linux is also a great target for threat actors because the majority of servers run Linux, meaning security researchers and cyber criminals alike are looking for weaknesses. I'd recommend looking into Android's Security model because it is interesting and gives insight on designing a secure mobile device. Stock Android suffers from OEMs not providing consistent long-term updates for devices, which 3rd party security hardened ROMs like DivestOS and GrapheneOS help to address.

Extra reading: see Whonix comparison table to see what they look for when choosing a base OS that can be later hardened for security. Note that some things in the table are not security specific but important for anonymity (which Whonix modifies to Kicksecure to better protect). Whonix is a security focused operating. Here is a comparison of different memory allocators showing their features for preventing different types of exploitation. Memory based attacks consistently are reported to be one of the most common types of attacks.

2. Here is a link to the Wikipedia page on Linux-libre Kernel. I'm not suggesting this should be the default, was just making a point that binary blobs may be needed in a kernel for compatiblity or security (eg updating firmware that is vulnerable when that happens).

Point still stands. postmarketOS isn't hardenned. Default desktop linux isn't hardened. Malware could easily infect your device and exfiltrate data, escalate privileges, modify the kernel, etc. Each of the things I have mentioned (hardened_malloc, immutable OS, hardened kernel, hardened firewall, removal of identifiers, full disk encryption, locking of root login [not the same as invoking root], MAC hardening through SELinux or/and AppArmor, service minimization for reduced attack surface, package manager hardening, secure boot, sandboxing of applications, etc) should be implemented for both Desktop or Mobile Linux to have "good" security. Security is preventative. All of these things come together to create a system better equipped to protect against know and unknown threats, which especially true for mobile devices which are near-costantly in unknown environments. A vulnerable device is weak link in the chain of your security, which can be used to compromise your privacy. You may never be attacked or have your device exploited, but that doesn't make it secure as a result.

I would love to see an actually secure mobile device that is rid of Google's stench. Problem is postmarketOS isn't secure, its just default linux on a phone. If it saw largescale adoption (which we all would like a good alternative to do) it would be easily exploited.

It says postmarketOS is based based on alpine Linux, which according to Whonix doesn't meet their threat model and it's odd to claim "Alpine Linux was designed with security in mind" when Alpine's package doesn't pass The Update Framework model. A vulnerable package manager can be used to compromise a system, read more package management on TUF's website.

Did you go to any of my links about Linux hardening? Do you implement any hardening yourself? Do you harden kernel flags or replace malloc with hardenned_malloc?

If PostmarketOS is just ARM linux with minimal changes than it isn't secure enough for a mobile device. All apps should be sandboxes regardless of whether you can trust the code or developer. Each app expands the attack surface of your device.

Linux kernel also has proprietary blobs for firmware and device support. That is the difference between Linux normal or libre kernels.

Security through obscurity is not security. There are special considerations that have to be taken on a mobile device. Mobile OSes, while unhardened normally, are still designed to protect against attack vectors that aren't considered by normal linux. Linux can be hardened, but is very open by default. It also offers no out of the default sandboxing of apps from each other. It isn't immutable, unless postmarketOS is, which is a large security threat when considering device integrity. Full disk encryption isn't enabled by default (unless changed in postmarketOS). Root login is enabled by default (a huge attack vector). Linux isn't secure by default, but more private than any proprietary OS like Windows, iOS/MacOS, ChromeOS, and Android. But Linux because of its open default makes it vulnerable to spying 3rd party by apps installed by the user. It is also vulnerable to attacks from a network.

I recommend a deblobbed Android ROM like DivestOS (my personal fav and more deblobbed of proprietary blobs than any other ROM) or GrapheneOS. See a good comparison between ROMs here: https://eylenburg.github.io/android_comparison.htm

For linux hardening, check out Kicksecure for Debian distromorphing, Secureblue for Fedora Atomic (immutable) rebasing, and Brace by DevistOS's developer for general security hardening of Fedora/RHEL, Debian/Ubuntu, Arch Linux, and OpenSUSE Tumbleweed.

Linux mobile is not threat modeled for a moble device. It is quite risky. Mobile devices must consider more known and unknown attack vectors than a device (like a Desktop) that stays in a consistent trusted environment (like home or a personal office in some cases).

With mull an tubular I being see ads on my phone anyway.

So you are or aren't seeing ads? I don't with both.

This table is really good: https://www.messenger-matrix.de/messenger-matrix-en.html

The difference between FOSS and proprietary (to me) is the motive. FOSS projects are often created out of a genuine need/want to solve a problem. Proprietary may also be trying to solve a problem (we can't through all of them under the bus because we live in a capitalist system which limits our options, we need to survive before thrive). I still find that proprietary often is just created for profit, and as profit motivated software it has an incompatible goal to actually fixing the problem.

A good (profitable) proprietary app won't fix any problem, but instead exacerbate it to maintain the reason for its continued existence, all while eliminating competition.

I recommend QUIK SMS as an maintained fork of QKSMS. https://www.f-droid.org/en/packages/dev.octoshrimpy.quik/

Vanadium doesn't have good/any fingerprinting protection. Cromite or Mull would be better, Tor would be best.

Each are data points that together contribute to your total fingerprint. TZP tells you a lot of these data points, and fails ones that dont match Firefox Resistant Fingerprint masked data. Creepjs does much of the same but without gearing towards Firefox.

Generally fingerprintable things include:

Do not track signal.
Private browsing mode.
Timezone.
Useragent.
Canvas noise.
Installed fonts.
Font sizes.
Browser built-in plugins.
Some extensions.
WebRTC.
Theme.
Cookies.
IP address.
Local IPs (website can execute an ip scan and fingerprint).
Window viewport size.
Full screen mode viewport sizing.
Page/font color settings.
Operating System (impossible to mask because of differences in rendering on platforms).
Browser App name & icon. System TTS synthesis engine.
DOM modification fingerprinting (like that used by many extensions). Mouse speed.
Keyboard behavior.
Stylometric fingerprinting.
And many more.

For Firefox based browsers: https://arkenfox.github.io/TZP/tzp.html

For all browsers (more generalist): https://abrahamjuliot.github.io/creepjs/

I hope it isn't just a fine. A fine is just the cost of doing business. We can't let them get away with using capital to do crimes.