(no title)

I recently installed GrapheneOS on an old Pixel and recommended practice was to relock the bootloader after unlocking it and installing a custom OS, which is supported on Pixels.

An unlocked bootloader makes the phone vastly more insecure (see https://news.ycombinator.com/item?id=35790499). Phone firmware cannot be fully open-source nowadays due to manufacturer restrictions. Even the most open-source Android fork will still have to include binary blobs from e.g. modem manufacturers.

Additionally, the updates that the forked OS provides don't include firmware updates for essential parts like the modem (this is also the reason why phone updates are not available in the first place). So it's essentially a security theatre.

Firefox doesn't use per-site isolation, doesn't use process sandboxing and - on top of that has a JIT, so there's W^X violations. Normal app sandboxing via Android permissions is not sufficient for something as complex as a browser. The potential for possible exploits inherently is massive. Other browsers (chromium-based) like Vanadium have very sophisticated sandboxing, so there's no reason to use something inferior.

Traffic over tor is good, but shouldn't be used with authenticated services, as it deanonymizes your connection. Instead, it should only be used for specific (unauthenticated) actions, like browsing news.