The real challenge facing a kremlin linux fork isn’t opposition, it’s deciding what to do once they realize there aren’t any maternity wards in the kernel they can shoot ballistic missiles at.

https://grapheneos.org/faq#device-lifetime

You can buy a used Pixel 8 and it will be supported by Graphene through 2030 at the very earliest, probably the best support lifecycle you can possibly get on a phone.

When it comes to privacy and security, I think you should treat all cloud providers equally. Use a client with client-side encryption so that the only thing that touches the provider is encrypted data.

Rclone is an example of a good client that can do this, and can even mount your cloud storage as a filesystem with its encryption layer in between.

• Your user account on GrapheneOS is just a local user account
• GrapheneOS comes with its own camera, gallery, contacts, sms, phone, and file manager apps, a hardened fork of Chromium called Vanadium, and an app that lets you install sandboxed versions of google play services and google play store, if you so wish. Nothing else. You can install other apps using F-Droid, or by installing the google play store app.
• GrapheneOS does not have a “cloud”, aside from the web services it uses to check for and pull new updates. If you want to sync files somewhere, you can install whatever you want (Nextcloud, Google Drive, etc)
• F-Droid is a fine choice, and the google play store is as well, all depending on what your priorities are for your phone. I only use F-Droid and have no non-foss apps on my phone for privacy reasons, for example.
• Running your own Nextcloud server is a great learning exercise, but it’s a big commitment of time if you’re not already familiar with linux administration, and if you want it to be secure and accessible remotely that’s even harder. Don’t let that be an impediment to getting a secure phone though - you can always keep using Google Drive for now, and then learn how to set up Nextcloud or some such as you go along.

Good luck!

The only legitimate commands for a non-root shell are sudo -i, exit, and echo "yee haw"

DNS is what you’re looking for. To keep it simple and in one place (your adguard instance), you can add local dns entries under Filters > DNS Rewrites in the format below:

192.xxx.x.47 plex.yourdomain.xyz
192.xxx.x.53 snapdrop.yourdomain.xyz

What is your root filesystem installed on - lvm, zfs, or bare disk partitions? Are you booting with grub (legacy/bios) or systemd-boot (uefi)?

Aside from the beautiful keyboard build, your website design is just… perfect 🥲

It’s still right to complain and protest about something that is unjust, even when ways to circumvent it exist. Because the next logical policy step is to ban VPNs, as many countries already have, and the solved problem becomes unsolved again.

Bromite before it died, RIP :( Vanadium now with regular dns adblocking where security matters, Fennec where it doesn’t.

If you aren’t going to fully wipe your drive in horrible events like this, at the very least use shred instead of rm. rm simply removes references to the file in the filesystem, leaving the data behind on the disk until other data happens to be written there.

Do not ever allow data like that to exist on your machines. The law doesn’t care how it got there.

If you can’t get a packaged apk directly from the developer/publisher, or from a trusted repository like the play store or fdroid, I wouldn’t resort to third party sources like these. If you can’t compare the signing signature of an apk from an untrusted source to that from a trusted source, you can’t be certain that what you’re installing hasn’t been tampered with.