yes, if you enable resist fingerprinting on any Firefox build it will cap refresh rate to 60hz. Mull is not doing anything special, it's just changing about:config options by default.

you can disable resist fingerprinting in mull and regain standard refresh rate (although you lose fingerprinting protection) just as you can enable resistFingerprinting in Firefox beta or nightly and see refresh rate cap at 60.

I wholly agree with you there, I'm just saying it's the same behavior on all browsers built on Firefox. true for desktop as well

it's worth noting that this is the intended behaviour for privacy.resistFingerprinting. this is not exclusive to Mull.

I love when people post well known and obvious information. if you hadn't realized metadata is present then idk what to tell you.

while, yes, regardless of your privacy settings google still collects a sickening amount of data on you, much of these things (like voice recordings and location history) can be managed and disabled in the settings. if you wish to go further, grapheneos removes A LOT of tracking potential.

these should be opt in features, but one can opt out of much of them.

check Nix instead.

nextdns is the most performant option I've used. it often beats our cloudflare even. adguard wasn't bad but it was a bit more cumbersome and very slow.

I don't like recommending self hosting as opening ports on a private network isn't a great idea. you could use something like cloudflare or tailscale to bridge access but you'll run into issues with network speeds.

good. this is the only reason I've recommended people avoid fdroid. would be useful to fix that

yeah like other people have rec'd, I just wrote a script for installing/removing/upgrading/searching all the package managers I have. this was used as a tongue in cheek jab and has never truly been a brag.

this is just my opinion but if you aren't after the sandboxing benefits then don't bother with them. if you want to avoid dependency hell go with nix, if you are worried about storage space use your standard package manager, and if you want higher security without the knowledge/effort to manually do it, go with flatpak or snaps (although many flatpaks need to be further hardened via Flatseal as the dev gets to configure the sandboxing. I'm unsure how this operates under snap as I refuse to use it.)

I've fallen in the same hole before. tbh in my experience you don't really learn much until things start breaking.

most threat models aren't high enough to warrant worrying about it.

the only thing I'll say is the piece about "no viruses" would kinda go away if desktop Linux picked up at all. the security on a default Linux system is worse than macos and windows with substantial hardening efforts needed. the only reason viruses and other malware isn't common on Linux as is is because of the tiny user base.

with all this said, if enterprise use got more common, security would quickly become an important aspect.

telemetry as a whole isn't bad. it depends what they are collecting. companies should provide a log of the (raw) telemetry data they've collected from you. if they're not comfortable sharing it it's probably too invasive.

oh great. rooting, smh

there isn't really mitigating any hardware fingerprint. whatever you're using sounds like a bit of a scam lol.

that's fair I suppose, I wasn't saying not to use it, just that it is worth noting. these strict security policies are what makes mobile platforms much more secure than desktop platforms. I typically use my phone for security sensitive tasks because of this, so I tend to care a lot more about this stuff. if you have any banking info or password managers stored on the device, be careful.

I'll admit, it is pretty unlikely anything to happen, though. always just better knowing.

termux targets an extremely out of date sdk and is therefore quite insecure.

for what reason, though? the sandboxing doesn't carry to steam installed games, does it? only steam itself is sandboxed afaik

if you don't trust the instance why would you use it? 🤨