Linux Mint has LMDE based on Debian.

OpenPGP for encryption through autocrypt is a BIG NO for me. OpenPGP is inherently flawed, read any reasonable cryptographer’s opinions on it. DeltaChat is a significant security downgrade from Signal. I would much rather use SimpleX or Briar.

Some people don’t understand that systemd isn’t the only init system, not even just the only init with modern features. We have runit, OpenRC, s6, dinit, each with very levels of features. The reason there is no real competitor to what systemd does is because it is “cheating”, and by that I mean systemd isn’t just an init system. It has major scope creep, trying to do everything. It isn’t even the best at doing what all the other software it replaces (like DNS, time, etc). What it offers that is irresistible to developers is unifications and abstractions which make developing for Linux simpler. This though is the exact opposite of what many people love about Linux: the option to pick and choose.

Was this supposed to have sound?

I’ll drop this here for you sickos: https://lib.rs/crates/cargo-mommy

You could use a VOIP provider so you can do calls and SMS from your computer without needing a SIM. An example provider is JMP.chat, which could then be used with any fully featured desktop XMPP app, like Dino or Gajim.

For ditching Signal on mobile, you can use Flare, an unofficial Signal desktop app built from scratch, which supports setting it up as the primary device. It is recommended to use the Flare in conjunction with the official Signal desktop app so that you get all of the features without compromises.

OCR support seems really cool. Currently for OCR I either use NormCap, or on Android some random OCR on f-droid which doesnt have any crazy perms.

For higher quality Text-to-Speech, install Pied (Flatpak or Snap), which offers a GUI for installing and configuring Piper TTS voices.

I recommend Swappa.com because you get better quality assurance, 30 day money back, and there is basically zero chance it has its IMEI blacklisted (some sellers on eBay and Amazon may sell stolen phones).

Chimera Linux uses musl libc, Void Linux has the option of musl libc, and of course Alpine uses musl libc.

I tried Waterfox and didnt really get it? Why use it over for example Zen or Librewolf? It just seemed way to close to Firefox but like with a couple of preinstalled extensions. Idk, just wasn’t for me.

My browser(s) is just a tool. I use many browsers for different things. I wish there were good alternatives to the main browser engines (Gecko, Blink, WebKit), but I am fine with just using good derivative browsers like Librewolf, Mullvad, Cromite, etc.

Waterfox is Gecko. I still agree with the comment that mentions it is written by a right-winger. I rather root for Servo, especially because Ladybird is just another web engine written C. Memory safety vulnerabilities are the largest represented class of vulnerabilities discovered every year. Servo being fully written in Rust is a good thing for its security, as long as they also design a strong sandboxing/isolation strategy on all OS platforms.

It is only going to be disabled-by-default

I think it is good to link to the original on ccc.de

The permission OP should look for is DRI.

I actually really like GNOME and haven’t had problems yet with extensions. I have it the way I like it, and no matter what I do, I haven’t found features that are half-implemented or broken like on KDE (eg. theme search missing/hiding 90% of themes, desktop effects broken after install, weird crashes, freezing when accessing system apps or app menu). I think Qt is ugly (personal preference) and I prefer libadwaita GTK4 apps for their stability. People are going to hate, but there is no such thing as a perfect project that fits everyone’s needs. I am not saying GNOME is perfect or that it isnt opinionated (i wish app status indicators were supported, ability to modify Flatpak app permission in the system settings, and support for dock/panel), but GNOME is solid and (dare I say it) is a good DE.

Btw I love KDE and it is the DE i am currently using. I also love GNOME. There aren’t really any DEs I hate except maybe Deepin. Any DE that doesn’t support Wayland (or doesn’t plan on it) is not something thst I ever plan on using because security and stability are BIG requirements for me, I don’t like technical debt or legacy cruft.

Then that could be used to fingerprint too.

You don’t have to sandbox he browser with Bubblejail if you don’t want. I was only suggesting it and providing instructions in case you wanted an extra layer of isolation.

The browser can’t create unprivileged namespaces because Flatpak blocks access to namespace creation. This DOES interfere with an important method of sandboxing used by browsers on Linux. It makes site isolation weaker, which could allow an attacker from a malicious site to steal information from any open tab, or possibly escape the sandbox. Browser sandboxes are multilayered for a reason, one less layer makes exploitation exponential easier. The Firefox Flatpak is official, but that doesn’t mean it is safe. Flatpak sandboxing is substantially less strong than a browser’s isolation strategy This because Flatpak is a general purpose sandbox mostly meant for making distribution of software easy by providing an identical environment across all Linux distros, not for rigid security. Browser’s provide a more fine grained sandbox that is designed around the threat model that the website is compromised/malicious and is attempting to hack you, since websites are effectively just apps. Don’t use Flatpak’d browsers at all, or the very least not as your default.