Walking_coffin

I definitely agree that more constructive discourse needs to take place instead of some needless fights that happen way too often.

About Brave and the view some lemmy users express about it, I feel some of the distrust is valid while the way many express it is with no other regards to the good there might be or without any technical knowledge behind words being shared around. Exactly how you mentioned Google being awful at privacy but great at security.

Thank you for taking the time to write all this.

First of all, you do touch up on some good topics with sources and I appreciate that. However I would like to say that you may have either oversimplified or misunderstood some concepts you talk about here. Just so we're clear, the whole topic of privacy/security is vast and knowing everything about it all is impossible so this is not an insult but a simple remark.

While I will not tackle everything you mentionned, mainly because you have your opinion, which is valid, and you do bring up good points, I will point out the last two topics you bring up.

Debian is indeed less secure than a stable release Linux distribution based on sane defaults, however they do backport security issues into their older kernel which is how older kernels are maintained. So while yes, they may still use kernel 6.1, they also may have backported 6.12 vulnerability fixes.

The last topic you end up with is the constant fact that some "groups being at odds with each other" and "privacy being at odds with security". Groups being at odds is not all good and neither is it all bad. Just like Lemmy or federation, it brings diversity in an ecosystem that needs said diversity.

You yourself bring up project 1 and compare it to project 2 at first while they are so different that comparing the two is like saying that an orange is blue. Many people will stop there and you went a deeper and properly laid out that it wasn't the case but you fail to do so some place else.

Like I said, all of this is a very vast topic. However, while you have "fights" and groups being at odds with each other for sometimes good or not so good reasons, it brings out one of the best things in open source sometimes. "I dont like you or the way you handle that project so I'm going to make my own fork of it and do it my way".

Thank you for your time and I do hope your text will help some people out.

It is indeed somewhat frustrating not to be "able" to share the whole adventure for the sake of privacy but that's just another part of the lonely journey that is personal privacy in itself.

I think what most people lack is a roadmap or a goal. From your post, you achieved you goal and that's great. More often than not, people spend years looking at all the horror stories and all that they can put in place without sitting down and looking for a goal they themselves wish to get to.

I like this. I think it may be one of the only post I have ever seen that shows where a privacy minded folk came from and their journey to end up in a place they're comfortable at. Way too often stories about one's privacy journey is them being in the pit of despair (understandable) or those crazy stories of how someone who spent years researching privacy and hardening their device ended up picking windows and all their old habits from all those years ago because it was too much for them.

On that note, great job. I'm happy for you and wish you a good time on your regular (perhaps minimal) maintenance.

The link to Z-Library itself is one of the legitimate ones from what I know so I wouldn't worry on that side too much.

PDFs have a few exploits that could infect a system. However they are rare and not efficient especially if the intent is to infect as much machines as possible.

If you don't have much technical knowledge to analyze the files yourself, I would recommend you open the PDFs in Virtual Machines without any acess to the internet or opening the files only when you have disconected your device from any acess to the internet.

Tools like the one mentionned by someone else in the comments would be good to prevent from having to worry about a potentially malicious PDF. Various tools are around to convert a malicious file lile PDFs into regular "trusted" PDFs (said tools flattens everything making it impossible to select text or click any URIs included). I would look up the trustworthiness of some of those tools first (to not try and avoid malwares by installing one).

That was way too long of a comment but I hope it could ease some of your worries.

Yes, as long as you practice good OPSec.

The first mistake you made was to ask about it. While logical to ask since you probably didn't know, you now have an increased risk of linkability. Is the risk enough of a threat? Your threat model and OPSec will determine that.

If your goal is wanting to avoid being identified, planning starts before doing any prior actions.

"100 Grumpy Animals" by Beast Flaps

Can probably play Doom

Those that think they've seen it all and think they're "immune" or used to it make the dangerous mistake of sometimes searching for NSFL content that are sometimes mentionned on those types of questions just to test themselves.

I've seen a lot, way too much for my own good, it is never a good idea to search something like that up.

Truly hope your sibling as well as yourself aren't too scared of what it was you saw. Some of the content seen can sometime leave pretty heavy or permanent marks.

Any type of NSFL content mentionned could be a very bad thing for anyone involved.

I get that you are curious and that's fine but it could cause more harm than you might imagine.

Every time there is a new version available for the most part.

I go to the changelog of the app or software to see what has changed, since I only use FOSS I also have a broad glance at the code. If I know that what I am updating won't cause trouble for what I am currently doing (ie. A depency update that is used during a time I need to compile a big project), I go ahead and update.

In the case of new features I am not keen on, I usually keep the current version I have (and make any self-update impossible for said app/software), see if there is any reputable forks or fork it myself to remove said features.

I have a minimal amount of apps and software and I handpicked all of them specifically so that they follow what I want them to do. If for whatever reason they stray and become something I'd rather not use at all, I remove/purge them.

Security is also very important (to me at least). Not updating because a feature is unpleasant is fine as long as the app is fairly recent and has no way of communicating to any other apps or have any internet access.

Indeed quite something...

Also, no need to be sorry, you did nothing wrong.