I mean, exactly how invasive are default operating systems? (Like Windows, Mac, Chrome OS, Android, iOS) Do they log your keystrokes, log passwords, capture screen, upload your photos, videos, or audio? (Assuming you aren’t a target of government) Is it even possible for the average person who doesn’t feel comfortable messing with installing operating systems to have any privacy?
you are simply moving your trust base and saying that chip and board makers are more trustworthy. Unless you have the resources to validate the code you are running you are in the same boat in OSS, your trust is now in that FOSS community.
its necessity of course.
Sure, but I’ll say that FLOSS distros and builds have a much better privacy trust record than the alternatives - though I also have to say that at least I haven’t seen the news articles about Apple or Microsoft that you do about Google, Facebook et al. Some of this is literally around business models - Microsoft and Apple aren’t ad-tech companies really. They have obvious revenue streams that do not need to invade your privacy, and may actually hurt their business if they do. Not that I trust big corps to actually make sound business decisions though, and any cloud stuff is right out the window WRT privacy from governments.
I’m also left personally in a really weird situation - I don’t especially like or trust Google, but I use Android. There are several competing interests here - While Google may spy on me, Android (so far anyway) does allow FDroid and third party apps like AdGuard much easier than iPhone from what I understand. So at least for quite a while I was trading OS level telemetry vs every app and website telemetry. I think Apple might be better now, but I still think you have to jailbreak to install non App Store apps. In the third party apps are things like Syncthing, which lets me basically back up and sync my phone contents without touching any cloud at all.
The other benefit of Android is just the huge variety of vendors and phones available - I can get a brand new Android phone that’s “good enough” for $300, and my current one has lasted over 4 years (but at the cost of security updates, so YMMV). I’d love to get a phone I had root on, but most of those cost a stupid amount (to me) and also seem like the fun I had with the Pyra - they’re “in development” for 5 years with no real sign anything is actually going to come out, and then when one does it’s 5 years old tech.
It’s also not particularly useful to have Android without the play store. I tried that once a long time ago with a chinese tablet. You couldn’t install apps really. Like, yes, I can get FDroid - but how do I get my online bank’s app? - kind of needed to deposit checks, and they no longer have the scanner from a computer option. How do I get ParkMobile - now used instead of putting coins in the meter? Most shopping apps? Yes, you can make your smartphone de-googled, and about as useful as a feature phone from 2010, but then why bother - just get the cheapest flipphone I guess.
I don’t have answers - most companies don’t want to make privacy respecting tech, so unless you can realistically live your life mostly outside of current society - you’re sort of screwed.
100% you make your own choices and the tools available offer various levels of true privacy. I do tend to agree that if you carefully select your hardware then roll a project you trust onto your system you are likely 1000x better than any off-the-shelf big-brother setup.
There is no easy answer to 100% verifiable and trustable secure systems at this state in the industry. Though I expect that to change over time, even lithography is starting to become a workshed hobby.