Pixel 7a is more expensive than Pixel 8a???

100% if you have enabled “Safe browsing” (which is enabled by default). This also applies to Firefox, but I don’t know if there is enabled by default.

Nice stuff, I use a lot of them. And for things that are missing:

Phone: Fossify Phone

Contacts: Fossify Contacts

VPN:

• Self-hosted: Great for public wifi and access to homelab
• Free: Proton
• Paid: Mullvad

Office: Collabora Office

PDF viewer (when full office app is jut too much): PDF Viewer from GrapheneOS Apps Store

PDF scanner: OSS document scanner

Camera: Stick with preinstalled, it always works the best.

YT Music: Harmony Music

Maps: Organic Maps

Keyboard: FlorisBoard

Favourite: GrapheneOS

Others that I like: Monero Librewolf SimpleLogin MullvadVPN PiHole

I was usimg TPM on my Arch laptop, but then I swizched to a fido device - nitrokey.

Damn thats interesting! I would love to get one but currently I wouldn’t pay 500$ because I don’t have enough knowlage yet to do fun things with it.

Nitrokey

Yubikeys are defenetly the most popular ones, but I prefer Nitrokey which is based in Germany and open-source. I have 3 Nitrokeys and I’m very happy with them.

I have an IdeaPad and I can confirm that I can physically remove the Wifi card.

True but then you actually have to remember the password. Or you can use an USB key to store keyfile or a hardware security key like Nitrokey or Yubikey to decrypt it.

Try Waydroid instead of Anbox. Same thing but more up to date.

Yep, its stupid. But its not online service, you just have to be installed and have file permission, thats it.

Hardware tokens are handled by Google Services and not by Android itself :( That means you have to have Google Services installed if you want to use your Yubikey.

For banking apps I recommend to have in seperate profile (like you wanted) together with Google Services. You should also disable everything under Exploit protection section in settings for every banking app.

I would do the same but it uses too much battery for me so I had to figure out how to self-host ntfy and mollysocket.

Or you can use uninstall/disable google services and inatall something like ntfy. Molly-UP (signal fork) supports that.

Not with Molly (hardened signal fork)

Yes but you have to do that for each service if I understand correctly.

I switched from Docker to Podman, because Podman is more secure (if rootless) but it was just hard to autostart containars. You have to start one by one because they don’t have a central service like docker. And watchtower and nextcloud AIO don’t work on Podman. So I switched back to docker.

Personaly I would trust Nitrokey, but I don’t have to.

Looks nice, I’ll try it!