GrapheneOS. It gets updates and security patches quickly, it fully removes dependency on Google services (unlike any of the others you mentioned), and it is heavily deblobbed of proprietary blobs. It is rock solid. Here is a comparison table from a trusted third-party: https://eylenburg.github.io/android_comparison.htm

All of those apps will work, just install Sandboxed Google Play. Install company apps either in a Private Space or a separate user to isolate them. I recommend putting all Gapps (play store apps) in a Private Space.

Note: iode is often a month or more behind on Android security patches.

Here is the link to UAD-ng: https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation/

Funnily enough OpenRC is probably the slowest of the inits offered by Artix. The current best in both features and stability are Dinit and s6. Dinit is far more user friendly. Both boot ~20% faster than the others, and much faster than systemd. Generally though, simplicity without expense to features is what Dinit and s6+66 excel at.

Gentoo wiki page comparing inits: https://wiki.gentoo.org/wiki/Comparison_of_init_systems

From the Dinit developer: https://github.com/davmac314/dinit/blob/master/doc/COMPARISON

Supercritical CO2 turbine be like: whatup

Vivaldi is also proprietary. Not a good privacy browser.

Steins;Gate?

Honestly, I saw it in a video recently that i cant remember. It showed some screenshots of the engineer’s Twitter taking about it.

Artix (Arch w/out systemd) supports many inits. I’d recommend dinit (which is very easy to use) or s6 (which seems more stable on Artix, but less user friendly helper tools). Both are very fast, faster than the other inits.

• There is also Chimera Linux which uses dinit and is very clean imho. A very modern take on making a traditional Linux distro which does things well and uses clean and simple OS software stack.
• Void Linux uses runit
• Devuan (Debian w/out systemd) you can use sysV, OpenRC, or runit
• And obviously there is Gentoo, which supports using OpenRC, with unofficial community guides for some other inits.

I very much doubt it. The only reason Asahi is even installable is because M series Mac were designed to allow installing other OSes. I know that sounds crazy, especially with all the reverse engineering needed to get Asahi to work. But without intentional design on the part an Apple engineer working on the initial M series chip, installing alternative OSes would be impossible.

I think it is worth noting that while what Russia is doing is evil, they are not the only evil players in the game. So many countries are complicit and actively support Israel (monetarily), and most countries do business with USA (mega)companies (like Google, Microsoft, Meta) even with the current regime.

And support for extensions like uBlock Origin.

On Debian I would choose Flatpak because it will be generally much more up-to-date than native packages (which becomes even further true the longer through the release cycle we are).

Licenses don’t matter when corpos don’t care anyways. Especially for training LLMs. They don’t care about copyright. I choose to use tools based on there merits over simply going “it has my favorite license.” Even though I say that, I still prefer AGPL even though I understand that of the corpos want to steal, they’ll steal it.

Having JS disabled is very rare for non-bot traffic, so you stand out far more. It isn’t about uniqueness, you are already unique if you aren’t using Tor/Mullvad browser(s). While disabling JS protects against certain kinds of fingerprinting, there is pure CSS and TCP fingerprinting. Firefox RFP (eg. Librewolf) and whatever Cromite or Brave have help to protect against much of JS fingerprinting. You are only ever going to fool naive scripts which these browsers already do a good job of that.

As for security, having JS disabled is a benefit. Just know since you will very likely have to enable to again quite often for random websites, you’ll become used to doing that to the point that it may as well be useless. If a random website doesn’t load just leave it, unless it is worthy of some actual trust. Even more useful would be setting up uBlock Origin with a blocking mode, such as medium or hard.

It still gives metrics. And yes, Creepjs is not very useful against randomized values, though I noted it still because Brave fails (resulting in a persistent fingerprint) whereas Cromite succeeded to fool Creepjs. Both have many methods of fingerprinting protection.

Checking the fingerprinting protections of Mullvad and Tor is better done with TorZillaPrint test page by Arkenfox. It is optimized to tell you whether you blend in correctly with RFP normalized values.

Most include micro iirc

Vivaldi is proprietary. I would def avoid that. For Chromium forked browser use Cromite instead.

They is the right result, non-unique fingerprint is what you want with Tor Browser.

TL;DR The only way to avoid a near unique fingerprint is Tor Browser

Longer explanation: There are too many styles of fingerprinting protections: randomized and normalized.

Librewolf inherits its fingerprint protections from Firefox (which intern was upstreamed from the Tor uplift project. It works by taking as many fingerprintable characteristics (refresh rate, canvas, resolution, theme, timezone, etc) and normalizes them to a static value to be shared by all browsers using the feature (privacy.resistFingerprinting in about:config). The benefit of normalizing is you appear more generic, though there are many limitations (biggest of which is OS because you cant hide that). The purpose design of these protections stems from the anonymization strategy of Tor which is to blend in with all other users so no individual can be differentiated based on identifiers. Since Librewolf has different a default settings profile to Tor (or Mullvad) and even vanilla Firefox with RFP enabled, the best you can hope is to blend in with other Librewolf users (which you really cant, especially if you install extensions or change [some] specific settings). Instead, the goal is just to fool naive fingerprinting scripts, nation states or any skilled adversary is out of the scope.

Brave (or Cromite) uses the strategy of randomizing fingerprintable characteristics. This is only meant to fool naive FP scripts but in my opinion (when done right) is better at fooling naive scripts. The biggest problem is that these attempts by other browsers and not as comprehensive as Firefox. I think Cromite does a better job than Brave: it is the only browser which fools Creepjs that I have tried by creating a new FP on refresh. Cromite required some configuring to get to place I wanted it, but so does every browser.

The advantage with Firefox forks is that vanilla Firefox has RFP and therefore so do the forks (though most dont enable), but you dont blend i with a crowd (making it far less effective than MB or Tor). The advantage of Brave or Cromite is a randomized FP, bit since it isnt upstreamed (and Google will never do that) you stand out like a sore thumb. Either way is fine though for basically everyone.

The only browsers I know that work against Creepjs are as follows:

• Mullvad (persistent FP)
• Tor (persistent FP)
• Cromite (randomized FP)