I was usimg TPM on my Arch laptop, but then I swizched to a fido device - nitrokey.

Actually you can already run minecraft PE on linuc for quite some years, so nothing new.

Looks fantastic but how much are apps sandboxed? I don’t want WhatsApp to see all my files for example.

And blocks Tor.

Damn thats interesting! I would love to get one but currently I wouldn’t pay 500$ because I don’t have enough knowlage yet to do fun things with it.

Nitrokey

Yubikeys are defenetly the most popular ones, but I prefer Nitrokey which is based in Germany and open-source. I have 3 Nitrokeys and I’m very happy with them.

I have an IdeaPad and I can confirm that I can physically remove the Wifi card.

True but then you actually have to remember the password. Or you can use an USB key to store keyfile or a hardware security key like Nitrokey or Yubikey to decrypt it.

to test if it’s Firefox’ fault

Firefox follows web standards the most, but because most people use Chromium-based browsers web developers make websites for Chrome instead for the web.

IMO it’s the best (desktop) Chromium-based browser. Which means it’s a bad browser but there are a lot of worse options.

If you don’t have hardware encryption you can use --cipher xchacha20,aes-adiantum option when running cryptsetup to make it way faster than standard aes cipher in software.

I don’t believe one can run Linux on it.

Someone will prove you wrong. Not me. But someone will.

Great! Exactly on time for the next release of Debian :)

I was interested in technology and programming and my mom recommended me to check out a raspberry pi. Her friend’s son has one. So my first comouter was a raspberry pi with RaspbianOS when I got my first PC it seemd normal to install something that I was using for the last year and its free. So I installed Pop!_Os, a year later Fedora and a half year later Arch. I’ve been using Arch for more than 2 years now.

My Arch broke.

Third world war.

Juat drink all the beer and he will have nothing to steal :)

Yep, its stupid. But its not online service, you just have to be installed and have file permission, thats it.

Hardware tokens are handled by Google Services and not by Android itself :( That means you have to have Google Services installed if you want to use your Yubikey.

For banking apps I recommend to have in seperate profile (like you wanted) together with Google Services. You should also disable everything under Exploit protection section in settings for every banking app.