Just delete the configuration.nix file along with all backups of it and its easy to not look back. At least that did it for me since my system needed specific boot settings to even work and relearning all that wasn’t worth it.

Solution: don’t run hosted services on your edge appliance.

In OP’s case, I’d use the RPi for the OpenWRT router and the miniPC for any relatively small hosted services I need. That way you can keep your services in its own DMZ away from your IOT devices assuming you have a smart tv/roku/firestick or other random likely vulnerable devices.

Network segment everything you can, but at the very least, I’d keep your services off of the device that is separating your LAN from WAN.

You’re right. It is easy to make these comments but it’s also a cautionary tale. It’s becoming increasingly difficult to use something within a “walled garden” but also retain ownership/access of it yourself.

Just having an external HDD for a backup goes a long way.

Good idea. Let’s just do what the fascists are doing. That’ll show them!

How did you know I was avoiding the 96 things I should be doing and instead walking in circles thinking up more things I could be doing?

Solipsism is definitely one way to look at it.

In the image they posted it showed GrapheneOS AFU (after first unlock) and Unlocked. Brute force methods are not viable and the filesystem is only accessible while the device is unlocked and is running a certain version apparently.

So, pretty secure while it’s locked but seems resilient even unlocked.

For real. There’s EndeavourOS which at least uses the Archlinux repos and seems to be just better AFAIK.

That’s if you are using a file to store additional data. Also JPEG and other lossy formats can have all sorts of artifacts that may (depending on the size of hidden data) seem typical.

What I thought they were referring to was encryption at the filesystem level which doesn’t require file blocks to be contiguous, allowing blocks to be interlaced with the hidden data.

You’re right, it is pretty common to do that but there’s always the chance they just cancel the discount around renewal. If you have autopay then you probably already committed to the new price before you realized what happened.

I looked on the website. This is actually an “early bird” special price that is ~80% discounted. So after a while, it’s going to be $162/year and $310/2 years.

Matrix’s encryption algorithm was broken for a while and when it was fixed it it took app devs years to migrate to the new requirements. It still might even be the case for a lot of them, I haven’t looked in a while.

SimpleX should be secure AFAIK though, but I’ve heard that it may not be able to scale well to larger user bases. It seems everything has pros and cons.

There are ways to successfully circumvent Google’s tracking methods. It’s all based on how much you care about being tracked and how much convenience you’re willing to give up.

I would say it’s likely related to ColorOS or Play Services (or both) tracking something behind the scenes and feeding it to your ad profile. You’ve done a lot to try to reduce your fingerprint but it sounds like it could be something harder to track down.

Have you considered switching to another version of Android that uses microG to reduce Play Service permissions or another phone with GrapheneOS? That may be the next option unfortunately.

I like that theme but as i understand it, having a custom css theme may reduce your anonymity while browsing, if you’re concerned about that.

The assurance that no matter how much they mess up, they will have government backing.

There’s a lot of reasons to make your own project even if something similar exists. Differing codebase, feature roadmap, UX/UI direction, contributor politics, or even because they want to make something from scratch to add to their portfolio.

More options are better for everyone.

Definitely check out GrapheneOS. It pretty much addresses what you’re asking about, aside from root access.

Source-available isn’t the same as free and open-source. You might not be able to distribute or modify as you like to the former and may have any sort of license provisioned with further restrictions.

I’m sure it would persist even after an event of malicious activity. It may just turn out like email with servers needing to be added to an allowlist at worst and more moderation. I think scalability might be the limiting factor at some point though and as a result we could end up with several disconnected islands of server clusters instead of globally meshed servers.