No idea about Honeyhell stuff, but last time I was stuck with something that needed wifi to work, I bought a cheap used router, made an access point just for that device, and never connected the router to the internet.

I’d say go for it. I can attest that it’s a very polished experience and the GrapheneOS devs go at length to ensure that their work is both secure and reliable. Just make sure it’s the factory unlocked variant so you can unlock the bootloader. Any apps that require regular Android can be put on a separate phone.

I will admit, I miss the smooth graphics of Virtualbox. It’s quite evident with dragging windows around or playing a video inside a VM. Don’t want to touch Oracle stuff anymore though. Anyone here manage to get that working on virt-manager?

Functionally, not really. I can get my work done on anything from FVWM to GNOME without a hitch.

Aesthetically, very much. The Chicago95 theme sparks joy and makes work just a bit more enjoyable. KDE and GNOME might have more creature comforts, but I will happily tolerate XFCE because it works well with Chicago95. I don’t even do fresh installs anymore because of the time it takes for me to configure the visual style just right. I’ll instead image from an install I’ve prepared on a VM.

In matters where the judgement of the courts cannot be trusted and I would be jailed either way, I’d rather have the option to wipe my phone.

Between 2 and 3. I’ll show off my Linux setup to friends and preach to the choir, but I won’t rub my choices in the faces of people who use other distros or operating systems.

Certainly. I’ve had setups with FVWM as a pure window manager while using XFCE’s xfce4-terminal, MATE’s Caja file browser, and GNOME’s Evolution mail client. Some utilities will pull a few extra dependencies from their native DE, but they won’t get in the way either.

Display manager won’t matter too much, most should be configurable to point at your WM of choice. LightDM integrates nicely with GTK themes, SDDM for Qt, and GDM for GNOME.

The biggest pain point from my experience was configuring power management and lid close actions manually, if using a laptop, since those often are only done for you if you install an entire DE at once.

Also grab a copy of qt5ct if you’re interested in making your Qt packages look more integrated next to GTK packages.

Sorry if this analogy has already been thrown at you dozens of times, I like to think of DNS like an address book for the internet. On a traditional phone, I can’t just type in someone’s name, I have to type in a number. Without DNS, the internet would be like that, accessing any website would require recalling and typing in the IP address. But DNS translates domain names (hence Domain Name System), the part of the URL leading up to .com, .ml, etc, into the proper IP addresses for you.

Unless you self-host, the DNS service is hosted on someone else’s server, and many devices default to communicating with the DNS server in plain text. Which is why you want to trust your DNS provider since they can keep a list of which sites you visit. And DNS over HTTPS mitigates the possibility of interception by encrypting your DNS requests.

Worth it, especially if you are stuck with the phone. Find FOSS equivalents of the built-in utilities (gallery, files, etc.), disable what you can (judiciously) with uad-ng, block the apps that can’t be disabled from network access using Rethink DNS, and use the websites of services on a computer browser instead of apps whenever possible.

It’s still far from what privacy ROMs can do for you, but until you can get a GrapheneOS, etc. friendly phone, taking some action is much better than just letting the spyware run wild.

No idea about macOS, but this is something the typical Windows user should notice when switching over to Linux. That is, Windows OOBE gives you a user with administrative privileges by default and therefore won’t prompt you for the password again after logging in, just yes/no dialogs when exercising those admin privileges.

Typing in the password whenever you need root privileges is just part of the security model of Linux and unless for some reason you’re using sudo for everything, people get used to it. Your default user account doesn’t automatically have root privileges, sudo or su mediates that for you. Back when I used Windows, I even had my accounts set up that way, separate admin, daily user account without admin privileges, and prompt for the admin password every time I installed stuff, etc.

Granted, it does leave me with a couple compromises like a login password that is shorter than my disk encryption password so I’m not asked for the full thing every time I sudo and sometimes leaving a terminal with sudo -i hanging around.

Are you keen on using wireless headphones or speakers? If not, I’d go all the way for one without Bluetooth so the thought of present or future vulnerabilities won’t have to cross my mind whenever I use it.

In addition to the Bluetooth vulnerabilities other commenters have mentioned, a recent one affects headsets with Google’s Fast Pair feature. Once forcibly paired, an adversary can register the headset with their Google account. The headset thereafter pings nearby Android devices as part of the find lost devices network and can be used to track the victim.

Not sure if they are in production any more, but I can recommend the old iPod-looking Walkman and Sansa MP3 players. Currently also using a no-name iPod nano clone for the fact that it has a microSD slot, even upgraded the internal battery a few months ago.

Any hidden screws or seams to pry? Is there alternative firmware for it?

If not, I’d imagine your only options would be physically crippling the bluetooth module, porting something like OpenWrt to it, or getting a router that doesn’t force Bluetooth on you.

Because hamburger menus do not belong on any screen larger than a tablet

It isn’t a dedicated font viewer, but I’ve used ImageMagick’s display utility to preview fonts.

Linux Mint is your best bet. Intuitive for new users without any flashy features to get in the way.

All said, temper your expectations. I did this for a couple of my folks and the Linux partition just sat untouched until I next visited (and presumably thereafter). Despite updates for their existing Windows 10 ending. For an unfortunate majority of people, they don’t really care until their browser stops rendering pages, no matter how you proselytize Linux.

If you are passionate enough and have some money to spare, get a used laptop (240 GB SSD, 8GB of RAM, 3rd Gen i5 at a minimum), preferably enterprise-grade (Latitude, ProBook, ThinkPad), clean it up, and pop Linux Mint onto it. Your folks can then experience Linux at their leisure, side-by-side with their existing machine at no risk. No fussing with boot order menus, which I have seen confuse computer science graduates.

RX 480, thinking of upgrading since ROCm support for it ended a while ago and working around it has become very painful

Instander still works, but it has fallen victim to the bus factor (the sole developer the_dise was reportedly KIA)

Just installed it to see, login is still required

If you are in the US, take a look at Fidelity or Vanguard. They haven’t required the use of a smartphone app.

Using a phone with Android 8 isn’t best practice for security by any means, but unless you are being targeted or going around downloading shady apps, it’s more likely it will run into app incompatibility issues in the coming years than anything else.

For sites where I’m making a low-value, one-off purchase and never coming back, I’ll use a pseudonym alongside a prepaid gift card, or failing that, a privacy.com virtual card. Not quite a sustainable strategy with eBay or Amazon, especially if the package needs a signature, so I’ll just use a privacy.com virtual card and supply a P.O. Box address

Mostly accepted that it is the way it is for these things. If the privacy-friendly option is giving up a few conveniences, I’ll take it. But if it’s keeping me from reaching certain goals, I’ll tolerate a compromise. I don’t think I’m being targeted either, so it’s all tolerable in my personal threat model.

Reinstalling GRUB in chroot so it ‘registers’ with the BIOS when cloning an install of Linux

How time-consuming would doing it yourself be, if anyone here has tried?