You can compare pros and cons of both messengers here: https://www.messenger-matrix.de/messenger-matrix-en.html

Post quantum encryption will probably be an issue in a couple of years and I think there will be solutions then in many messengers.

I am not sure what you mean by persistent user ids. How much would it matter if you run your own server line I so with xmpp?

I am all for using the true and tested xmpp protocol.

If you don’t like flatpak there is also firejail which you can run to isolate browsers or many other programmes.

There is also a programme to run your browser from ram and commit changes to disk when it closes, which I’ve used for a year or so and can recommend. I have to look up the name later at home, if you are interested.

Browsers write to disk every couple odd seconds per default settings (I think up to 20gb a day), which eats away on an ssds life cycle. in Firefox this can be changed, but the in ram option makes it smappier as well as a benefit.

I recently heard the idea to donate monthly to one project of your choosing so the developers could rely on a steady income. I think that’s a great way of doing it.

I’ve been using docus (izzys fdroid repo) for some time and can recommend it.

Edit: it seems it’s no longer being maintained.

I would switch to jmp immediately if only it were available in Germany.

interesting!

I’ve learned a lot about privacy/security from xmpp chatrooms, especially the room for the conversations client and the divestos chatroom. They both are kind of support chatrooms for the chat client/ android rom but privacy is often a topic and the programmers/ rom maintainers are also present and very knowledgeable. https://search.jabber.network/rooms/1

They use xmpp as their messaging system I think. Xmpp is open source, but I am not sure about the licence used.

I use Syncthing-fork (fdroid). It lets you set you granular per folder settings like only sync on home WiFi.

I’ve been using natron (backing powder) for a couple of years now twice a week. I had no need for shampoo ever since. You just mix one tablespoon natron with water in a cup and are good to go. To even out the ph of the hair use a teespoon of cider vinegar mixed with water in a one of those spray cans used to water flowers. Works well for children as well, as none of this burns your eyes. As a side effect I stopped getting red eyes from using shampoo.

Could you explain why you wouldn’t use it?

I’ve been using it for a couple of years and am happy with it, it grants an extra layer of security I think, if you can wipe the device when lost/stolen. Also very handy if you misplaced the phone and its set to not ring, as with this it will ring at full volume. You don’t need to use their server for the app to function, if that is your concern. I use a secondary device from my household. You can send a text message to your phone to let it ring even when its set to silent mode/get its location/or even wipe it remotely.

Ok, yeah, you’ve got a point I think. But one could argue if microg is enabled by default, at least some info might leak to google as their push servers are contacted and a device id is created (even if the data is anonymized to some extend.). (Depending on if these settings are enabled by default in microg which I am not sure of).

Here’s some info from the divestOS faq (cmp.: https://divestos.org/pages/faq):

"Anything important I should know about microG?¶

The 'Google device registration' and 'Google SafetyNet' options WILL make microG connect to Google servers.
The 'Cloud Messaging' option WILL make microG maintain a persistent connection to Google servers.
The 'Cloud Messaging' option does NOT require a Google account.
The 'Google SafetyNet' option WILL download and execute proprietary obfuscated code from Google and is strongly NOT recommended.
While microG itself is open source, any apps talking to it will do so using the proprietary Google Play Services library."

It goes on to provide some guidelines if you want to use microg:

How should I configure microG?¶

"Depending on the apps you want to use there are a few different ways you can use microG.

Some apps don't need microG but check that they were installed via Play, in this case you only need microG Companion/FakeStore and to install the app via `Aurora Store` (via session installer) or `Obtainium`. This mechanism only works on 18.1+ currently, adb workaround still necessary on older versions.
Some apps will work with microG simply installed without any Google connections, in this case it is strongly recommended to revoke Network permission from the microG app.
Some apps need push notifications via Google, for them you must let microG maintain a persistent identifiable connection to Google. Enable 'Google device registration' and 'Cloud Messaging' in microG.
Some apps require a captcha to be performed by the user, for them you can enable the 'Google SafetyNet' option.
Some apps require SafetyNet to work, while the option to enable it currently exists it will not work in the unprivileged mode that DivestOS uses and will be removed in a future update."

So depending on your thread model, you still would want to disable some of the options in microg to have absolutely no leakage of data to google. For example I am not comfortable any more with using push notifications since it was revealed that state actors use this info to tail users communications.

Here is a thorough analysis of /os’s security and privacy.

https://www.kuketz-blog.de/e-datenschutzfreundlich-bedeutet-nicht-zwangslaeufig-sicher-custom-roms-teil6/

Tldnr: it’s alright but but grapheme, divestos or calyxos should be preferred if those are available on your device.

Problematic seems the unique device id /e os generates and sends on every update and also security updates for the integrated webview browser have been severely out of date in the past.

Here is a good overview. You could compare this with your findings:

https://www.messenger-matrix.de/messenger-matrix-en.html