You don’t necessarily need QubesOS to get better isolation. You can package unsupported applications as Flatpaks yourself and run them with minimal permissions. The downside is the maintenance burden, and Flatpak sandboxing isn’t as strong as Qubes’ VM-based isolation. It’s a useful middle ground, but it doesn’t completely solve supply-chain risk. Qubes can be good, but it’s all about your friction budget.

Humans optimise for convenience eventually.

Phishing actually is a core branch of hacking—specifically under Social Engineering. It’s not really like walking through an unlocked door; it’s more like a con artist dressing up as a locksmith and convincing the homeowner to hand over the keys.

Hacking applies to the entire attack surface, which includes the human element, further more there are whole phishing campaigns that are heavily automated and often deliver stealer malware, making them a full cyber attack.

This wasn’t a technical compromise of Signal itself, but phishing/social engineering is still a form of hacking.

I think the setup script that applies the config changes is documented here: https://codeberg.org/celenity/Phoenix/src/branch/dev/docs/install.md

Yeah, autocorrect got me on my phone — fixed now 👍

Not to mention the owner of simplex is a horrible person.

Something I’ve been thinking about: independent security projects often face pressure once corporate partnerships or funding enter the picture.

Does GrapheneOS have any structural safeguards to ensure development priorities remain community-driven if hardware vendors become more involved?

I’m not assuming there’s a problem — just interested in how projects like this avoid the “venture capital influence” problem that has affected other open source initiatives.

Me too.

Librewolf potentially? You don’t need to use multiple browsers if you can contain them to profiles, this could be a good set up for you potentially.

CounterSocial blocks entire IP ranges and most VPN/datacenter networks as part of its anti-abuse policy. It’s not really decentralised, so if you’re blocked at the network level there’s usually no workaround unless they manually allow you.