Mastodon is a huge part of the Fediverse. It allows you to control who can follow you (you can set it to prompt you to approve each new follower). You can make your posts visible to your followers only. Each post you make has a visibility option, and you can set it to followers-only by default.

To answer your question, yes, you’re being paranoid and irrational.

Please see rule #4.

That CVE is in the Linux kernel, which CalyxOS should be fixing for you, via their security updates.

I think you’ll be fine as long as CalyxOS is supplying your device with Android security updates. As an average user, with no reason to be the subject of targeted attacks, firmware vulnerabilities are not a huge concern (assuming your OS and other software are up to date with security patches).

Of course, if someone hostile gets physical access to your device, firmware becomes more important. Remote exploitation of a firmware vulnerability typically requires first exploiting a software vulnerability (and CalyxOS is updating your OS software). With physical access, one might skip that step by connecting a cable to your phone and interacting with it directly.

As you suggested, I suspect it’s the rare combination of additional extensions that’s contributing to your uniqueness in a fingerprinting sense.

Firefox’s built in “Enhanced Tracking Protection” already does a lot of this work for you, especially if you select “strict mode.” Go ahead and try this extension if you prefer. But remember to be selective with the extensions you add to your browser in general, as they also present an opportunity to introduce vulnerabilities.

I definitely support federal Privacy legislation. Here’s at least one take on the issue.

I never knew anybody who used it. I had one contact on ICQ. Everybody else used AIM.

Tildes fits that description. The posts are text-only or links to websites. No memes.

I use that site in addition to Lemmy, not as a replacement but a supplement. It’s just a different flavor of discussion.

It’s invite-only but I can give you an invitation code if you’re interested. Take a look, see if you like it, and send me a private message if you want an invitation.

Butt Truckers

Yes, SELinux is enabled (in “enforcing” mode) by default in Fedora. In my experience, it doesn’t hamper usability.

I remember seeing old advice from blogs and listicles about turning it off, on the theory that it might get in the way. But it’s better to leave it on if you care about security – especially if you want to learn.

When SELinux blocks a piece of software from doing something sketchy, an alert is generated to explain what happened and why. That’s rare but it’s a learning opportunity for you, not to mention preventing a potential security threat.

Maybe it’ll be the SWiitch.

Cloudflare’s 1.1.1.2 blocks known malware domains, so that’s better than 1.1.1.1 unless you want nothing blocked.

If you want to block ads and trackers in addition to malware, try ControlD’s 76.76.2.2 .

Better still is to use encrypted DNS if your device supports it. I like NextDNS or ControlD for that, as DNS-Over-TLS or -HTTPS.

The middle ground is to put a defined limit on news consumption, like 5 minutes per day. That’s enough to stay aware of major events but not so much that you’d necessarily get wrapped up in excessive worrying about irrelevant items. NPR, the BBC, and probably others, offer 5-minute audio news briefs updated hourly. These are available to stream on demand like a podcast. I wouldn’t recommend listening hourly but the point is they’re up to date at any single time in the day, which you might choose as your daily news blast. Then just tune out, literally and figuratively.

I was going to answer this but I can’t remember.