Linux is not security hardened. It does not properly sandbox applications (and there is nothing as secure as android’s sandboxing on linux). In fact, most linux package managers do not feature any sandboxing of applications, period. Linux does not implement verified boot. It does not harden against physical port attacks. It does not use a hardened memory allocator. Privilege escalation is simple because of how straightforward it is to compromise a wheel user (sudo user). Linux does not harden it kernel flags by default. Alpine (and most linux package managers) are not secure (aka does not pass the TUF threat model). Most linux distros dont feature a read-only root filesystem, which would help to improve security. Also, Systemd is a bloated init system and has a massive attack surface. GNU’s tooling is also bloated and freebsd’s would make a good alternative (like what is done by Chimera Linux)

Here are some readings on linux security:
Article by one of the Whonix Devs https://madaidans-insecurities.github.io/linux.html and also are hardening guide from them https://madaidans-insecurities.github.io/guides/linux-hardening.html
Wiki page of Whonix considering many linux distros for whether they make a good base for Whonix’s security distro: https://www.whonix.org/wiki/Dev/Operating_System#Alpine_Linux
Kicksecure’s wiki: https://www.kicksecure.com/wiki/Documentation

Here are some Security hardened distros (Note that none meet the threat model for a mobile phone OS as they dont feature verified boot):
https://www.kicksecure.com
https://github.com/secureblue/secureblue
https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix.

Special mention which isnt hardened but has great potential: https://chimera-linux.org/

Interesting. I have a vastly divergent opinion on linux for mobile, mostly that it is not secure. This is true for Desktop linux but is more important considering the threat model necessary for mobile device Security.

I recommend using https://swappa.com to buy used phones since they have quality assurance and returns. Much safer than eBay because you could accidentally buy a phone that has its IMEI blacklisted, which shouldn’t happen with swappa.

Why not DivestOS on the OnePlus 6.

Firefox’s privacy.resistFingerprinting flag normalizes refresh rate (among many other metrics)

Vencord/Vesktop supports audio streaming on Linux and is just a generally better experience compared against the Discord official app. Free and open source.

Nah, Verizon VPN is better

Sry, I should have mentioned I meant Cromite on desktop.

Self hosting has the advantage of keeping your encrypted vault local and under your control.

Cromite is a good brave alternative without crypto, built-in adblocking, secure defaults (better security hardening), and cross-platform (Linux, Windows, Android). Best experience is on Android. Cromite is an actively updated fork of Bromite, released by a former contributor of Bromite. Cromite also comes without any proprietary libraries on Android (unlike Brave, Mulch, or Vanadium).

It can sync, most if not all Firefox based browsers can sync

You can install uBlock origin lite and the adblock plus engine is segregated by cromite

Vanadium does not provide adblocking/content-block, comes with proprietary dependencies, and provides no fingerprinting protection.

Betterfox isnt more private/secure than Arkenfox. Betterfox is actually softer in its security and privacy approach. Its goal is to cause the least site breakage, which means more data leakage and softer defaults. Not a bad thing, just not true about Betterfox.

Use Mull (made by the DivestOS developer) on mobile. It is available through the dev’s f-droid repo. It is hardened Firefox mobile similar to Librewolf and supports sync because it is a Firefox mobile fork. It is also fully open source and doesnt come with proprietary dependencies (unlike standard Firefox mobile)

Instead of Mulch I would recommend Cromite. It is fully open source (free of proprietary dependencies unlike Brave and Mulch), has anti-fingerprinting (unlike Mulch), and has built-in ad-blocking. Browser comparison table made by the Developer of Mulch: https://divestos.org/pages/browsers

Self-boting is against ToS. You have to be careful when interacting with the Discord API. Maybe there is a way to run the discord website to fetch text messages.

Maybe inversely because of the increased heat of the tightly packed components.

Maybe to you, but with a proper algorithmic analysis of the sounds differences can be fingerprinted and differentiated.