eOS is just Android, so Android apps work.

That aside, eOS has a history of being often behind on security patches and updates, so it is highly recommend to avoid it.

It seems like an interesting setup. I don't really have too much to say other than nitpicks.

Why not use Mullvad browser for both scenarios. Mullvad with security level safest should block all JS. You could create a 2nd profile for safest only mode.

Using Linux .desktop launcher scripts, you could:

• Create a .desktop launcher (in ~/.local/share/applications/) for each profile
• Edit default desktop launcher to always prompt to choice profile on start (using the launch option -P)
• Edit the default launcher to offer a menu option for each profile.

Related to your choice of host OS, I personally avoid Debian for desktop because it is slow to adapt (cus its Debian). I know it isnt directly applicable to situation since your main concern seems to be anti-fingerprinting, but a secure base is important. I'd like to know your reason for picking it. I don't dislike Debian and I still use it for different things (mostly VMs and some dev work).

For me, no matter how good their browser is, I ain't going to use it. If someone forks it to remove the BAT crypto nonesense id consider using it. I've been tempted to compile chromium from source and just add brave-core content/fingerprint blocking. Ideally, any fork would maintain the same general fingerprint with brave.

For now, Cromite is the way to go in-terms of hardened Chromium with built-in adblocking and without Google nonesense. The only downside is their choice to use Adblock Plus engine, but this is for the technical reason that engine is inferior to uBlock Origin and Brave Shields. The inclusion of ABP doesn't effect privacy (ik people will understandably mention the ABP scandal) because they forked ABP and use custom filter lists, which is still a very good benefit above vanilla Chromium.

Bazzite is great Fedora-Atomic-based distro, especially for nvidia users. I had a friend move to Linux and that was the distro that worked. But in general, if someone is a programmer/Dev, they want to learn how to use Linux, or just install a lot of packages, I'd avoid Atomic.

Don't get me wrong, I use Atomic. But it isn't as straight forward as a traditional distro.

The equivalent of Bazzite but traditional Fedora is Nobara

That is generally called the principle of least privilege.

Using a VPN should defeat the attack by having a different data center cache the media file.

You dont have to install over the drive. Retrieve any important files from the drive by booting a USB live OS.

They used to recommend Mull (firefox-based) before it died.

Comic credit: Haus Of Decline

I recommend GNOME from a purely security perspective. Currently, "GNOME is the only desktop that secures privileged wayland protocols like screencopy." It also has a nice permission system for (dis)allowing microphone, camera, and location access. I wish the developers were more open to encouraging customization of the certain GUI elements, like KDE. KDE Plasma does not protect against screen capture, though it is on their radar.

Just get doasedit. I remember finding scripts that achieve similar functionality as sudoedit.

My mistake.