My strategy is to always install program with flatpak, SDKs are also installed as flatpak, find graphical alternatives to command line programs. I don’t use command line a lot, so I don’t need fancy tools for it.

I only have one system package installed for inputting unicode math symbols. So that I have a clean and easily migratable system.

I might add, everyway actually seek to “consolidate” all the older ways, and always ends up adding to the ways needing to be consolidated.

Honestly after moving into our current home, we were able to avoid Amazon almost completely. We don’t buy cookware, as carbon steel, cast iron, and stainless steel cookware lasts at least decades if not forever; we have way too many mugs from market and thrift store; and all of our clothes are thrifted with some from Costco.

we get groceries from farmers market, local ethnic stores, or super market. We get shelf stable products like toilet paper or drinks from Costco in bulk. We barely replace our electronic, because I would fix them with spare parts from ifixit and eBay; when it do need to get replaced, I get them from bestbuy or manufacture. We get most of the cleaning products from refil store or supermarket; we would buy soap from farmers market or local supplier.

We would only buy very obscure product from Amazon, like replacement knob for pot lid etc, but they are very very rare. One particular product we unfortunately relied on Amazon is the bamboo electric toothbrush brush head, we are trying to find some local salers that carry that, but cannot find any.

Installing on a old laptop is great because eventually after you get a more serious machine, you probably got enough experience to choose your distros.

Linux mint is certainly the most promising option, especially if you are just using the laptop, and don’t have any external monitors setup.

You are right. I have done some research, it seems most people think that client side hashing is unnecessary in an HTTPS setting.

That is my misunderstanding.

it says it is encrypted but it is encrypred using keys that google has access to as they are unlocked with you logging in into google account.

First it uses lock screen password, so google do not have access to this password.

Even if your lock screen is unfortunately your Google password, I think proper authentication protocol do not send your password to Google to authenticate, but only the hash, which cannot be reverted to derive your password.

Obviously, the above is assuming that Google is not malicious. Otherwise it can just use play service, which is privileged and closed source, to get all your data. If your threat model including Google itself trying to steal your key, you will probably need to install a trusted rom or use iOS (however, apple and the rom developer can also steal your key).

I think these are different. They mostly find vulnerability in the iOS system as opposed to try to crack the backup system.

I think iOS or Android backup system are rather secure compared to other components because of the following: hacker will also need to break into a cloud drive to retrieve them, which adds extra work; the backup is simple, just bunch of files and a password, apple/google can use standard well-tested encryption to encrypt them.

However, guaranteeing there is no way to break into an operating system, especially with all the features that a modern system requires, is much harder.