F-Droid and derivatives are really popular in the FOSS community.

oh, right! Didn't have my coffee yet :-)

But one difference is Rustore actually has payments and subscriptions, which hurts Google more.

I was expecting Google has stopped doing most of the business in Russia due to sanctions. Do you still see Russian-company ads in Google Search results or Youtube? Similarly, I thought they were not selling apps or ads in Google Play store in Russia either (they might be showing ads from non-Russian companies because, well, that just increases the show-count and absolute number of clicks).

I no longer reside in Russia, so I am not being targeted by these.

But I think that it mostly comes down to companies being able to pay for these ads. Mastercard / Visa payments no longer work in Russia. If a company has a way to pay (by having another business entity in another country), then it probably works.

Still depends on your threat model. Not everyone lives in a place where stick-ups and random arrests are so common place that you want to inconvenience yourself 99.999% of the happy flow.

Indeed, good point. Proper threat modeling is everything.

This also explains my original reply to the ancestor comment. As I see it, most people's personal threat model essentially already accounts for data breaches to the point that they are almost irrelevant. We hear about them all the time. More and more people are learning about credit freezes or 2fa or just getting these services baked into things they already use (more banks offer free credit monitoring, 2fa is increasingly a standard). It seems like we are in a place where data breaches just become essentially background noise to the average user.

In my view then, I would personally factor in physical theft as a higher threat than "phishing and data breaches". Even if low probability to begin with.

There is also the objective question of which occurs more or incurs more damages to individuals, the answer to which I do not know. I know companies often spend a lot of money to fix problems or deal with lawsuits, but individuals don't really get compensated by that the way they would if someone who ripped your phone away from you was tackled to the ground and your property got returned. For example.

As you say though, the threat model is everything.

Bone conduction is amazing!

Is Tailscale still recording metadata about all your connections? https://github.com/tailscale/tailscale/issues/16165

Soylent Green is people!

Not sure but that might actually add your printer's unique dots to the scanned image.

https://en.wikipedia.org/wiki/Printer_tracking_dots

Well you are sitting in front of a relatively bright lamp when coding.

I second this. We went to one on a school trip and the intrusive thoughts were very strong that day.

Maybe Jami, haven't looked at it for a while: https://jami.net/

Re: the bank apps: that really depends on the bank and the country. I live in a eu-west country and there are afaik no apps that do not run on Graphene (which did suprise me I must admit).

Whatsapp can work if you use sandboxed Google Play (I still use a Google account, I just don't want gplay to have effectively root on my device).

Depending on the level of integrity check your app might just work. Gory details: https://grapheneos.org/articles/attestation-compatibility-gu...

And like others said: no contactless payment, but I dont use that personally anyway.