Personally, I've relied on an OnlyKey for a few years (with backups and an extra fallback device) and haven't needed to type passwords since. This doesn't help with the number of prompts, but it does make them easier to dismiss.

I do use autologin, but I don't use a system wallet (only KeePassXC, which I do need to unlock manually). Autologin with system wallets can be tricky, but I've had some luck setting it up in the past. You might want to check out this wiki for PAM configuration.

I started by writing small scripts to automate things, but really got into it after learning how fun it can be to make the computer do stuff. I also see it as a kind of creative outlet, but in general I just want to learn how to fix anything in software if I'm not satisfied with how it works.

Ah good to know! Will try that if I ever run into issues, thanks

If you're willing to spend the time to learn how to write custom policies, SELinux can be used for this, to some extent. It's highly customizable and can sandbox your apps, but the process of doing so is quite complicated. I wrote a small guide on custom policy management on Gentoo in another comment if you're interested.

There's also apparently a "sandbox" feature, but I don't know much about it. I just write my own policies and make them as strict as possible.

As an example, my web browser can't access my home directory or anything except its own directories, and nobody (including my own user), except root and a few select processes (gpg, gpg-agent, git, pass) can access my gnupg directory.

This only covers security/permissions, and doesn't include many of the other benefits of containerization or isolation. You could also try KVM with libvirt and Gentoo VMs; that works pretty well (despite update times) and I did that for a while with some success.

Oh good point, thanks for the heads up. I see that the last release was a few years ago and there are a lot of open issues. I haven't had too many problems with it, but a launcher is something you don't want to have security vulnerabilities for. Will look around for an alternative

I stopped using recommendations years ago and only use NewPipe and Invidious. I did notice a reduction in my watch time, but there is plenty to watch when using a subscription-only feed. I havent added very many channels to my list since then, but personalized recommendations aren't worth the privacy cost. Hoping to leave the platform eventually

Had the same issue with Plasma Wayland in QEMU but I never found a solution. Toggling anti-aliasing sometimes helped, temporarily

Try going down the page and looking for the categories with more than a few bits of identifying information. I'm running LibreWolf with just uBlock Origin and Dark Reader (which I don't think influences results) and I'm able to get nearly-unique, instead of unique (but I do get unique on default settings). TBB gets non-unique, which is a good set of results to compare to.

In my case I noticed that my fonts were really unique so I set browser.display.use_document_fonts = 0. Also I use my WM to set my page resolution to 1920x1080, which seems to have a better fingerprint than the default LibreWolf floating resolution of 1600x900 (and even the letterboxing resolutions, from what I can tell).

I just spent some time testing again and checking for anything else. RFP does force a generic user agent, but unfortunately it keeps the version information and I can't figure out how to change it with RFP on. Would be nice to set it to the ESR version used by TBB (which has lower bits), but I'm not sure if that would lead to a more unique fingerprint (if, say, a feature was detected that is available in later versions but not ESR).

Edit: just tried Mullvad browser, and it's non-unique! Might be the best option.

Yes! Depending on how much time you want to spend figuring things out... there is a learning curve, but the documentation is quite extensive. And you do learn a lot about Linux by diving in. The compile times aren't really an issue today if you have decent hardware- I run it at home and on all of my servers (some of them not very powerful). You can do other things while it's compiling.

It's great if you want to customize everything and learn how your system works, or are interested in optimizing everything for your specific CPU architecture. There are a few pitfalls (especially when learning), but I've generally been able to learn how to fix any issues as they arise.

Also, the package availability is great. If you can't find something in the gentoo repository or in an overlay, you can usually find its dependencies and build it yourself.

The difference is that your ISP doesn't know where your packets are headed, and the destination doesn't know where your packets came from. The ISP sees you connect to the entrance node and the destination sees you connect from the exit node, and it's very difficult for anyone to trace the connection back to you (unless they own both the entrance and exit and use traffic coorelation or some other exploit/fingerprint). Regardless, both parties are generally able to tell that you are using TOR if they reference lists of known entrance/exit nodes. Also the anti-fingerprinting measures taken by TB are a bit more strict than other privacy-focused browsers

With a decent CPU the kernel compiles pretty fast. I'm using a default configuration with modules disabled (compiled in) and various settings enabled/optimized for my hardware, and this is what I get:

make -j24

real 2m16.357s
user 38m36.133s
sys  4m26.449s

I'm sure there's a better solution, but SELinux is an option. It can be difficult to customize, but it's capable of locking down the system entirely. You could theoretically block all actions taken by the user except for a select few mozilla_t actions and others necessary for login.