Fifth time is the charm for me, but finally got a buckle at Devil Dog this weekend. Feeling pretty sore and limping around today, but overall very pleased that I managed to avoid another DNF!
Supernote is the alternative I went with. They have a pretty responsive dev team and the cloud integration is optional, you can push stuff over the local WiFi network.
I work mostly from home, so no commute. I do pay for 2 days/wk at the co-working space either 7 or 30mi away (so 15-35min). I have an electric scooter that goes 65mph and an incredible view on my commute (see attached from Tuesday's drive), so I enjoy it and the chance to be social with the people at the cowork space.
Arrested Development
I'm surprised not to see https://cryptpad.fr/ here, a FOSS, self-hostable E2EE web based office suite. Not as feature rich as GDocs but offers the basics in a more secure manner.
He has been stepping back from Signal over time.
I'm the same way, I have only a few apps allowed to push to my Garmin, and it's helpful to be able to archive or delete a useless email or know there's something worth taking my phone out for. I find myself leaving my phone in other parts of the house is more focus-friendly since I'm not getting distracted while able to keep my eyes out for work-related items.
I installed INCH on all my browsers, it's obviously not 100% accurate, but it is nice to get a visual cue that the article you're reading may very well be AI generated.
While Chromium itself is a very solid platform, and correspondingly Chrome is a hard exploitation target, it's quite easy to screw up a fork of it. Comodo Secure Browser was a chromium fork that was fixed to an old version of the renderer with known security issues and was built to disable the sandbox. It also added libraries that were compiled without ASLR that worsened security for every application that loaded them.
Chrome has an enormous security team behind it in addition to P0, so bounties on Chrome exploits are around $500k. FF bounties are a fifth of that, which is probably a portion of less security, and a portion of lower target market. Brave could be doing terrible things that without an audit would be unknown. Web3 code is pretty terrible on the whole, so adding that to a secure base may not be great...
I pay for Kagi.com for search, I use NextDNS over my personal Tailscale network that blocks all the commercial social networking sites and their CDNs, as well as a ton of ad networks. I use uBlock Origin in firefox to further remove content that may be served 1st party. Opted out of as many analytics services as I can and frozen my credit with all four US credit agencies. I alternate between using a VPS as a Tailscale exit node, or ProtonVPN for country-specific location egress.
I think it comes down to the threat model that you implicitly or explicitly operate under. Most people don't think about it, and so they equate "more" with better, and VPNs are easily marketed as more, turn it on and rather what whatismyip.com showing a map near your house, now you're magically somewhere else!
If you are paranoid about everything, then again there is the "defense in depth" mindset, which in theory couldn't hurt. That said, having a clear mental model for what you are aiming to be protected from is the best way to find a suitable suite of protections. To agree with a number of others in this thread, ad-blockers (I recommend NextDNS personally) are a great step to stop organizations with a financial incentive to learn all they can about you to sell you stuff, or sell your data. There have been large US ISPs that have experimented with injecting ads or other content either into default DNS responses (e.g., if you mistype something in the search bar it will bring you the ISP's terribad search portal), or even HTTP responses. If you are stuck with one of those ISPs (I'm sorry, and the US monopolies on ISPs are terrible), then a VPN will help you against your threat (the ISP).
If you are an EU resident, and protected by GDPR (or some of the US states that are enacting similar protections), then moving to a more centralized service can be a good thing, since you have a single place to request data deletion, etc., whereas for a non-EU resident, "smearing" your data over multiple non-coordinating entities is a good move to limit the view of you from any single organization.
If you are worried about government surveillance, you have bigger issues. Most people who want to think they are uber valuable to the government are not, and act in counter-productive ways, but co-mingling their data with that of actual baddies, so it all gets revealed in a warrant search. The Lavabit hosting service was used by extreme privacy wonks, and some actual criminals, and when the government went after Snowden, they got all of Lavabit's data, so being on that platform may have been counter-productive for people hiding from the G-men. The OPSEC needed for countering government-level is beyond what you'll learn on a public post, and must be incredibly well-curated and maintained; it will cost you, but if someone will outspend you to get you, then it's table stakes.
Pretty niche, but a citrus squeezer. I cook a lot of Asian food and it's much better to put half a lime in the squeezer at a time than try and hand squeeze the juice out.