When it comes to privacy and security, I think you should treat all cloud providers equally. Use a client with client-side encryption so that the only thing that touches the provider is encrypted data.

Rclone is an example of a good client that can do this, and can even mount your cloud storage as a filesystem with its encryption layer in between.

RIP

What a cunt

• Your user account on GrapheneOS is just a local user account
• GrapheneOS comes with its own camera, gallery, contacts, sms, phone, and file manager apps, a hardened fork of Chromium called Vanadium, and an app that lets you install sandboxed versions of google play services and google play store, if you so wish. Nothing else. You can install other apps using F-Droid, or by installing the google play store app.
• GrapheneOS does not have a "cloud", aside from the web services it uses to check for and pull new updates. If you want to sync files somewhere, you can install whatever you want (Nextcloud, Google Drive, etc)
• F-Droid is a fine choice, and the google play store is as well, all depending on what your priorities are for your phone. I only use F-Droid and have no non-foss apps on my phone for privacy reasons, for example.
• Running your own Nextcloud server is a great learning exercise, but it's a big commitment of time if you're not already familiar with linux administration, and if you want it to be secure and accessible remotely that's even harder. Don't let that be an impediment to getting a secure phone though - you can always keep using Google Drive for now, and then learn how to set up Nextcloud or some such as you go along.

Good luck!

The only legitimate commands for a non-root shell are sudo -i, exit, and echo "yee haw"

powertop is a cool tool that can analyze your machine and provide a list of suggested power optimizations

DNS is what you're looking for. To keep it simple and in one place (your adguard instance), you can add local dns entries under Filters > DNS Rewrites in the format below:

192.xxx.x.47 plex.yourdomain.xyz
192.xxx.x.53 snapdrop.yourdomain.xyz

This is just an attack that attempts common username/password combinations on ssh, and the article even states that the worm is dime-a-dozen. Unless you have both password auth enabled and an available account with an easily guessable password (and if you have either you should change that), this is nothing to worry about, even with sshd available to the internet.

Sensationalist title.

Not having security patches on a system you do things like go to your banking website on is actually a pretty big deal, and I don't think it should be dismissed lightly. Also AV is mostly snake oil, and is in no way an adequate substitute for a properly patched OS.

Any proclaimed prioritization of privacy or privacy improvements in stock Android serve only to bring your data more directly under the control of Google at the expense of other entities, so that those other entities must pay Google as a middleman to your data. On stock Android, there is no privacy - Google has access to everything, always.

In my opinion, one step that could reasonably be taken to improve the situation is for Google to go fuck itself, lose every anti-trust suit brought against it, and die.

ssh predates the specification, exists somewhat independently of even the idea of a desktop (not common to see xdg env variables like XDG_CONFIG in a headless environment, for example), and uses the homedir/.ssh directory on both the client and server side of a connection. I think it's less to do with security and more to do with uniformity for something as important as ssh - ssh doesn't need to change to use the xdg spec, and xdg doesn't need to allot anything special for ssh when it's already uniform across the unix spectrum

Thank fucking god for the EU, for fighting for global digital rights where nobody else does.