“Popular website collects data” is a non-story. What makes this case special? Use an adblocker.

The biggest problem with F-Droid is that they sign the apps themselves, so if they ever get compromised, an attacker would be able to send malicious updates to any app installed via F-Droid. So now you need yo trust 2 parties (app developer and F-Droid) instead of 1. This is fixed by reproducible builds, which F-Droid does support but which most developers don’t bother with (F-Droid needs to start pushing for this more aggressively imo).

Yep. Anything you could do on the terminal without typing a password.

On Linux, all unsandboxed apps are allowed to do anything your user account can do (without sudo) - there is no permission model. You could use Flatpaks but they’re not perfect, likely would require customizing with Flatseal.

There’s no shortcut you can use to achieve things simply, especially if you want actual anonymity (an extremely high bar). Installing GrapheneOS is the bare minimum (Calyx doesn’t even come close). Then you need to avoid services that ask for personally identifiable info, use VPN for everything (and use public wifi for initial setup), avoid a KYC SIM or SIM in general (also use airplane mode / wifi whenever you can).

But really I’m guessing you don’t actually need proper anonymity (privacy in general is more reasonable).

That can work, but it could go the other way too. We’ve already seen scaremongering claims like “right to repair will allow creepy car mechanics to stalk your location”, “encryption is used by criminals”, “local image scanning prevents child abuse”, etc.

I hate that quest devices are the only reasonably priced and widely available ones. Everything else is either super expensive, way too old, or doesn’t run standalone Android with sideloading access (meaning no true ownership of games you paid for via pirated copies).

Like what?