Options:

• Just start it from the terminal with torsocks
• Use application-specific proxy settings
• Since torsocks simply uses LD_PRELOAD, you could try to make this apply globally by adding the torsocks library to ld.so.preload. Just put the path returned by torsocks show in /etc/ld.so.preload.

Either use the --proxy option of yt-dlp, or use torsocks to transparently torify any application.

singlelogin.re still worked for me recently.

Source

Yes, for example, syncing on a kernel panic could lead to data corruption (which is why we don’t do that). For the same reason REISUB is not recommended anymore: The default advice for a locked-up system should be SysRq B.

Try perhaps the solution in https://unix.stackexchange.com/questions/648084/docker-interface-tears-down-wifi-internet

Try removing all the superfluous default routes.

Argon2id (cryptsetup default) and Argon2i PBKDFs are not supported (GRUB bug #59409), only PBKDF2 is.

There is this patch, although I have not tested it myself. There is always cryptsetup luksAddKey --pbkdf pbkdf2.

GRUB works just fine with LUKS2 these days. There is no need to switch bootloaders.

This seems right and exactly the way I’ve set it up. On subvolid=5 I have subvolumes @ and @home, in /etc/fstab I mount / as subvol=@, and /home as subvol=@home.

Could you run sudo lshw -C network and post the output for the wireless interface?

You should not torrent over the tor network, but you can torrent over the I2P network. qBittorrent even has experimental I2P support built in.

But you can do this.

Memory safety would be the main advantage.