Sadly it only works on Google Pixel. I'd recommend LineageOS, but the images aren't signed so you can't lock the bootloader.

It seems like an interesting setup. I don't really have too much to say other than nitpicks.

Why not use Mullvad browser for both scenarios. Mullvad with security level safest should block all JS. You could create a 2nd profile for safest only mode.

Using Linux .desktop launcher scripts, you could:

• Create a .desktop launcher (in ~/.local/share/applications/) for each profile
• Edit default desktop launcher to always prompt to choice profile on start (using the launch option -P)
• Edit the default launcher to offer a menu option for each profile.

Related to your choice of host OS, I personally avoid Debian for desktop because it is slow to adapt (cus its Debian). I know it isnt directly applicable to situation since your main concern seems to be anti-fingerprinting, but a secure base is important. I'd like to know your reason for picking it. I don't dislike Debian and I still use it for different things (mostly VMs and some dev work).

https://f-droid.org/packages/org.woheller69.ttsengine

Mostly because Fedora is more popular. I like both.

openSUSE Tumbleweed gives you much more control of what gets installed by default (you can customize every package during the GUI installer). It has been the most stable distro ive used. It is a "rolling-release" distro, meaning that packages usually get updates quicker from upstream. If you dont like getting frequent updates it may not be for you. A key feature of openSUSE distros is the system management apl Yast, which allows you to manage a lot of stuff from a GUI.

Fedora is also quite stable. I think it's more user-friendly in my experience. After Debian/Ubuntu based distros, Fedora is the most likely to have packages built for it by developers (I'm talking 1st-party builds, not repacks). Fedora is a semi-rolling release, meaning updates are frequent but not constant.

Fedora is currently my distro off choice, but I may soon use Tumbleweed again. I daily drove Tumbleweed for a year on both my general PC and my admin computer.

Bazzite is great Fedora-Atomic-based distro, especially for nvidia users. I had a friend move to Linux and that was the distro that worked. But in general, if someone is a programmer/Dev, they want to learn how to use Linux, or just install a lot of packages, I'd avoid Atomic.

Don't get me wrong, I use Atomic. But it isn't as straight forward as a traditional distro.

The equivalent of Bazzite but traditional Fedora is Nobara

To add to what you said, X11 is unmaintained software.

Mostly the same, and if not all it has taken for me to figure it out was searching "fedora $pkgname"

You can layer packages using rpm-ostree install $pkgname. It uses fedora repos. You can also (preferably) use a distrobox or toolbox container with a non-atomic distro and then install the desired package. Generally better to avoid layering packages but it works fine in my experience.

If all you want to do is run VMs, Qubes is not what you are looking for. Even virtual machine manager (and other abstractions over libvirt and KVM) need to be hardened to avoid compromising the host.

Example: By default virt-manager uses a NAT bridge to allow for the guest VM to access the host and the LAN. A couple of weeks ago vulnerability was found in CUPS print server, allowing a hacker to do RCE. If a guest VM was compromised (previously or because of the vulnerability), since the host also likely has CUPS the hacker could use the guest system to compromise the host. This is avoided on Qubes because the host has minimal software.

Virt-manager offers no where near the same Security as Qubes. Qubes has a security hardened host and strong Desktop security model. Everything runs in VMs (aka qubes) including different parts of the system to further improve isolation. Sure, you could replace Qubes OS with an off the shelf Linux distro and run VMs, but that is nothing like Qubes, offers none of the convenience, and isn't hardened or debloated (reducing host attack surface).

No Linux distro comes close. Qubes is designed for a specific job. I am not saying Qubes is the "best OS ever" when I say Linux distros dont come close, I specifically mean that no Linux distro is designed with as strong of a focus on Desktop security model and isolation-based workflow.

You dont have to install over the drive. Retrieve any important files from the drive by booting a USB live OS.

Not exactly. Ironfox is a fork, not a direct continuation of Mull. I'm holding off on using it because I want to verify that the new fork can keep timely security updates. Ironfox is a big unknown.

Uncanny valley with those faces.