common aegis W
you can use something like smspool.net to verify the account with a one time use #. then google will allow you to link an authenticator app to the account. removing the # from the account afterwards does not remove the TOTP code either.
yeah that seems to be from all the way in 2021 unfortunately. you may be stuck with the browser version :(
I got my 7a referbished for 350. the nothing phone is cool IMO but probably not going to have good support rn for nieche stuff. lineage & divest not having working versions for the phone raises red flags personaly.
if you are anti pixel & $500 is in your price range maybe take a look at the fairphone 4?
honestly I would personaly look into a used option just for pricing reasons. I think the 8 offered additional security benefits though. It may be a while until the 9 drops but that would also be an option.
if you want to degoogle the only way to run some apps without unprivileged code (GMS/microG) is to use grapheneos & its sandbox compatibility layer. this is unfortunately only available on the pixels.
I also worry you won't be able to use some of the customization options that the nothing phone 2 offers with its hardware when using a custom ROM. if thats something u care about.
I have the pixel 7a & have had essentialy no issues with anything for what that's worth.
only as private as you make it. they are required by law when mandated by a warrant to release IP & other (unencrypted) data they have on you. use a proxy to connect & take other opsec measures to conceal your online identity just like other sensitive web browsing activities if you want to use email "privately".
this is really only helping anonymity though, as the email protocol has no built in encryption. unless you are using PGP it really isn't apt for secure communication at all.
session doesnt have perfect forward secrecy. they removed it from signals protocol to make it more easily compatible with their onion routing/crypto network. makes it one of the easiest apps to be "backdoored" if any keys were to be compromised.
there's a foss flavor on the Fdroid repo that doesnt have any trackers I believe
oh I see interesting. seems like blatant malpractice to me. good luck on your paper o7
self hosting is the only way to guarantee logs arent shared.
however it also means that your server address only pulls requests for things YOU look at, not the whole pool of people using the server. imo this is a bad trade off as it would allow the services to track my browsing easily anyway.
personally I would recommend looking at libredirect with a large # of frontend instances selcted & a vpn/tor. these websites normally work without javascript, so assuming you have a privacy focused browser your IP is the only tracking metric they really have. spreading your requests out over different servers whilst using a proxy would make this really difficult to correlate as it would require that mutliple instance operators were malicious & collaborating.