They’re not that impressive specs wise, somewhere between mid range and a “real” flagship that has a Snapdragon Elite chip. The only reason to get it is the top of the line security features that allow GrapheneOS to function. Or the software if you’re into Ai and such and don’t want Graphene, but that’s like the opposite of privacy.

You’ve gotten some good answers kn fingerprinting so I won’t repeat that. I will add though: it depends on what you are trying to do. Blending in with Tor or Mullvad Browsers makes you less trackable, but logging into an account immediately breaks that. Brave et al will only fool naive scripts, sure, but telemetry and built in tracking is another battle to fight: you’re going to want a privacy browser even if you stand out amongst the sea of Chrome and Edge. The more of us who do make it more normal looking. At the end of the day you are probably going to want two browsers per machine:a logging in browser and an anonymous web search browser. So no it does not negate itself and is worth doing, but has use case limitations. I find it best to block everything possible in Brave but use it as the sign in browser. Not using Brave shields doesn’t make you much less recognizable anyway, you’d have to use Chrome for that.

i would go through your privacy settings and delete and turn off everything you can, then if you can, change pii to nonsense burner info and deletethe account. Services like that can sometimes be useful, but not for accounts specifically. Personally I dont use them and send delete requests to people search sites myself.

Tor + VPN is a VERY contentious topic. The one thing not to do is turn on a VPN in the middle of a Tor session. That’s agreed upon. VPN before Tor… it can make it harder to find who you are in some ways, but makes you seem more suspicious that you feel the need to do all that. It makes your activity stand out, and it may even be easier to bully your VPN provider into giving up your identity (if they have it from payment info, etc). But that’s just if they are monitoring the exit node, so mot particularly likely. Still, I avoid mixing them entirely. Of the two, Tor is more anonymous, but VPN is faster, hides all network activity even outside the browser and is just about required in many places due to stupid age verification laws and similar nonsense. So I like Mullvad Browser + always on VPN, but Tor is a good tool.

It is the best combo of lightweight and fast without working your CPU too hard. But this is only really relevant on old hardware. My laptop with 1 GB RAM and antiX installed is somewhat usable online now. But there are more private options for general use. Also I hate that it only has an AppImage release, it’s terrible for a browser to not be able to auto update.

I don’t use banking apps, there are few features necessary for an app, and they all havw trackers in them. I make PWAs and all my banks and credit card sites work just fine.

Last I heard there is still no site isolation on Android

PineTime is probably the best choice privacy wise. It hits all your requirements but it is definitely not fancy. Pretty much everything will require an app, but the GadgetBridge app is FOSS with no trackers or uploading your data.

I’m going to go against the grain slightly and say that it’s not as bad as you might think. Schools and businesses have deals with Google when they pay for the software. Google is not allowed to scan everything to train Gemini the same way that they do for a personal free Google account.

That being said, it’s always best practices to disconnect work/school and personal activities, for a wide variety of reasons. The more present threat is the work/school being able to see everything you do on the device. Like, EVERYTHING, sometimes even keystrokes. Furthermore, using your personal third party accounts will increase the attack surface by Google and your school/employer being able to associate the service and/or account with you. So at the end of the day, don’t do anything personal on school/work devices, and you can’t get burned by either party.

I don’t code so correct me if I’m wrong, but wouldn’t the code have to be generally accepted, reviewed, and verified by other members of the project? Ai can fuck right off as far as I’m concerned, but this isn’t a situation where a CEO just unilaterally decides vibe coding is the move. Unless I’m mistaken.

Offline mode is available for free on the mobile app, but not desktop. Doesn’t work offline for browser extension at all, which is how auto fill works on desktop, which is much more useful. And offline mode for Proton  just means you can view the passwords you already created, not create more.

There are true offline local password managers but as long as the cloud sync is encrypted, I see no reason to avoid using it and miss out on half the functionality. Auth is more debatable but I’ve found uses for cloud hosted Auth too.

Because you should have your email, password manager, and authenticator be 3 different services. Otherwise there is 1 point of failure.

No, Play Store does not require Play Services integration, nor does it mandate any trackers.

In practice though, most use Play Services for push notifications, and there are a LOT of apps with at least Google Crashlytics, Google Firebase Analytics, and Google Admob trackers. Check out Exodus for tracker reports. Or use the Tracker Controller app. Just note that some trackers are pretty benign, or even a security feature, like Sentry.