Yes, but I never said you won’t get pwned. I said that it would limit how it could be done and what damage it could do.

For instance, if you click a link and download something shitty, it can’t just steal your auth tokens on GrapheneOS because all of that is isolated to only the program that uses them. Meanwhile on Windows/Linux there are tons of Python scripts that do that. It would take extra steps on GrapheneOS for someone to use social engineering to hack someones Discord/Bank/etc account, which could be enough to prevent it for some people.

One example is on GrapheneOS, programs can’t touch system files due to no root access, and they also can’t access data files for other programs.

I’m not very good at securing Linux, but from what I’ve seen, NixOS leaves a lot to be desired. It doesn’t officially support SELinux and requires a lot of work to make it function properly. It supports other mandatory access control programs, which I’m not really sure how they compare. The store being world readable is another problem. The most obvious issue with that is if you’re doing business work with two clients on the same computer where infrastructure needs to remain confidential, where one client’s programs can read the store and see information about the other clients, even on separate user accounts.

More secure OSes limit what social engineering attacks can take place and what damage they can do.

My university is practically owned by weapons manufacturers which sucks. Idk if that’s the norm or not

I know TI had a history of weapons manufacturing, but haven’t they stopped now?

DAB + ListenBrainz looks so awesome

The switch to permissive licensing is terrible for end-user software freedom given that corporations like Apple and Sony have leeched off of FreeBSD in the past to make their proprietary locked-down OSes that took over the market. Not sure what would happen if RedoxOS became usable in production, but if it turns out to function better than Linux enough to motivate corporations to shift their focus to it, open source versions for servers would probably still exist, but hardware compatibility on end-user devices would be at higher risk than before as vendors switch their support and stop open sourcing stuff. Or they keep focusing on Linux for server stuff due to the GPL license and the fact that their infrastructure is already on it.

I have all of my open source apps in my main profile, a Shelter profile for proprietary apps (which I hardly use nowadays), a user profile for apps needed for my university, and another user profile for apps needed for a certain gig I’ve been involved with

Buying a domain and using that is a good idea, and you can also do a catch-all so you can give each service their own address and see which ones leak your data

I think they have some sort of critical security flaw regarding spoofing that hasn’t been resolved in years and they had a forum thread about it

I’d go with SimpleX Chat.

Matrix, XMPP, Cwtch are also contenders

In the US, some of the government sites require verification through id.me now

Vanadium for web apps, Cromite with auto delete for random websites, and IronFox with various plugins for web searches

As someone who regularly uses Tor, it takes like 5 minutes to load a simple webpage half the time

Also would be worth considering RiseUp VPN which is run by an anarchist organization. There’s also a new one BuycatVPN which I think is affiliated with the Tech for Palestine project and from an organization that’s an official partner with BDS, but I don’t know anything else about it.

While F-Droid has security issues, the ideological security benefit it provides that Accrescent/Play Store/Obtainium doesn’t is the guarantee that the app is open source, and if the developer goes rogue (I.e. Simple Mobile Tools) it gets removed. A lot could be improved though.

On the Windows 11 install I was forced to use, I installed vim and helix through scoop. And python/julia works for calculator.

They’ve been doing it on desktop Firefox for ages

I was trying to package Typst for them once. The IRC barely gave me any help, nor did the mailing list, so I had to guess a lot of things on my own. I ended up spending several hours working on it and fine tuning it to what the documentation wanted as much as I could. Then I finally made the submission, which was ignored for an entire year, before finally being rejected. It’s clear that the package repository has a severe lack of packages, but if there’s no clear way to contribute, then idk how anyone can take the project seriously.

I’ve also encountered bugs that made the tools unusable on my laptop that similarly got no response on IRC and the mailing lists.

Meanwhile on Nix, if I submit an issue on Nixpkgs, it will usually get resolved by the maintainer in 24 hours, or at most a week if it’s a larger change, and I don’t even have to do anything, and things aren’t constantly broken on aarch64.