Building a threat model helped me figure out what was worth my energy and what can be put off to be done later at my leisure. This should be your first step.

What kind of phone and OS do you use? You can contain the spying a bit if you set up a work profile with Insular or Shelter, install your proprietary apps there, set a schedule for checking those, and turn off the profile otherwise. I realize that it's not the easiest, but if you can find people to talk to in real life regularly, frequent access to messages / social media need not be a prerequisite to a healthy social life.

Getting hacked through the BIOS/Intel ME, while possible, is statistically highly unlikely, activist or not. If there's a piece of technology I have to use, but don't trust, I just keep it at my desk, fine as long as it can't actively track me moving around. Don't let perfection get in the way of your bigger goals.

While we're at it, have you considered libreboot on the T480? A few tiny scraps of the Intel ME do have to be left in place, but realistically they're not going to see an exploit anytime soon. And you'll still have most of the satisfaction of liberating your computer.

I get you, but my friend, the guy that started Signal gave up $850 million from Meta to go start Signal.

What's more likely is your phone to get spyware on it that renders any E2EE worthless, regardless of what app you use.

Stop doing what you’re doing.

Your whole post is “I want to only do this but it messes up every other part of my life”.

Just stop doing what you’re doing. There is no ethical consumption under capitalism. You can’t weigh your devices and their softwares unfreedom against a feather and be admitted into gnu/fsf heaven.

There is no benefit to your everyday experience of life, something you have a very limited supply of, by going libre in all computers.

Signal is on mobile

I've had similar feelings before. You're not the only one to struggle with this. You are pushing against the grain and doing something, aligned with your values, that 99% of people don't know about.

What helped for me is separating what I can control from what I can't. Everything on my device, that I personally choose to use, is under my control. So that is all free software, downloaded from system repositories, because I care about that. Meanwhile, everything I can't control, I just gradually try to improve over time.

Here are the things I feel I can't easily control:

I bought a laptop many years ago without free firmware for wifi, bluetooth, microcode etc. I like using devices as long as I can. Ok, no worries, lets just replace it with a Thinkpad next time.

My employer requires me to use Zoom, and some proprietary VNC client on my own device (on top of a load of proprietary software that I run on their devices). I don't really have a choice here, unless I quit my job. So, I give in the short term, but do what I can to minimize the damage, running it in a dedicated VM. For the long term, I try and keep an eye on FOSS job boards and also network with people in the FOSS world (I'm quite bad at this, but trying to get better).

Likewise, some of my friends haven't switched over to XMPP, which is my network of choice. Eventually, the people closest to me did, but many did not. So, I bridge those who haven't into XMPP (via Matrix, for now, but looking to remove it eventually), and decided that I don't want anyone "new" to contact me through the proprietary networks (I haven't set up "enforcement" for this, an autoresponder probably, but this is the plan). The good news is that the proprietary networks always screw up eventually. When they do, your friends will get pissed off for their own reasons, and that is your chance to offer them the alternative. I never push, but let people know that I use XMPP. Some become genuinely interested, others you have to wait until they get screwed over by the proprietary networks.

Now bear in mind I am more interested in software freedom than security. So your priorities might be different. But the short story is: don't beat yourself up over this. It's a journey and you are pushing against the rest of society. What I do is just try and improve my setup, whatever that means to me, gradually over time.

have been through something similar. What helped for me is to try to figure out your threat profile first.. Because jumping straight into total lockdown mode on everything and frantically uninstalling anything that so much has any ties with GAFAM not only doesn't actually help, it can take a toll on your mental health..

It's also sometimes a good idea to "blend in" and have a few undesirable software (that don't do tracking), just a thought.

If that doesn't help, and you're sure that your threat profile is clear as day, there's also the option of getting a secondary phone or laptop (if you can afford it) and install all the unwanted/non-FOSS software there.

Always keep work on a separate device.

Signal is libre. If you're already failing, stop making it harder. Get others to care first, then go for decentralisation.

https://lemmy.world/post/21620691

Make them come to you. Keep your replies short. Make them ask more. If you give it all away upfront, they'll forget by tomorrow.

https://lemmy.world/post/35312231

Start here but make sure you really understand it.

I think you need to step back and review your threat model. Grab a pen and paper or open a spreadsheet. List all the tech you use for various things. Then determine what threats you are protecting yourself from for each. Try to use a scoring system to rank importance/criticality and convenience. Then try to find the balance, which ones you’re willing to sacrifice convenience for and ones you are willing to compromise. Then take action one by one.

Device-wise, have you considered separating your project and personal computer? You could coreboot a small light Chromebook as a personal, ultraportable device, and get a hefty laptop or even a desktop for the hard stuff.

Chatwise, there's Matrix, XMPP and SimpleX at least. And Briar and Session. But Signal with its phone number registration is the easiest for others to jump to.

And yes, it's a constant balancing act between privacy and convenience... and the IA of the security triad, and open source principles. Just like with most things, there's no perfect solution, you just learn to live with the least bad ones.

A good mobile alternative to Signal is Simplex, it works both on Android and GNU+Linux. It's AGPLv3. You have it on F-Droid

I have a Thinkpad X220 myself with Libreboot (coreboot distro). But if you do think that microcode updates is bad you can go for Canoeboot. Always check the chipset in order to know exactly what kind of me_cleaner you have to apply.

Thinkpad X220 works out of the box with Linux-Libre (I use Guix). You probably will need a WiFi card that works with the free software kernel drivers, you can check h-node for hardware that works with free software drivers.

The thing is that that kind of laptops aren't too powerful. You could check more modern Thinkpads supported at Libreboot.

There are also modern laptops from: System76, framework and Purism. Some support freesoftware more than others, but it's a good resource. For example not all System 76 laptops have Open Source Bios and EC, most of them disable the ME though.

The phone market is a bit different everything runs on SoC. So unless you go Purism phone or Pinephone. But they lack a lot. I would recommend using a custom de-googled Android like GrapheneOs, CalyxOS or LineageOS.

**Since I've been there, take everything with calm. Change bit by bit, and don't try to force yourself. **

Note: There's also Briar as a replacement for Signal, but the synching is between devices, so if the other is not connected... I prefer Simplex for now. I really like the way you share chats (since there are no IDs per se). I've been testing it out and it works well, you can even call and everything.

Note2: Matrix is a bit shady since the only Matrix instance (public) is Matrix.org and for now their whole selling point is based on that, but we'll see (I use it too though).

It's a weird time to tech-aware.
If fluffychat gets buggy(I'm told it's decent now), I strongly recommend schildichat and schildinext

There's no sane reason to switch off of Signal. It is what you want to use given what you are saying.

Lookup alternatives at alternativeto.net. Signal is probably the best but there are others. Problem with chat, both people have to use. F-Droid is a good resource too.

I would not call FOSS a cult any more then unions or the civil rights movement.

I’m already in a shit-hole socially

So... I started to write down technical answers to your questions but honestly it's really rare that people don't want to communicate with someone solely because they don't have the same tools.

I'm not saying you are doing anything wrong, socially speaking, but I want to highlight that there are usually ways to get back to people. Back in the days (yes... I'm going there) people didn't have mobile phones and walked to phone booth. People even waited nearby another phone boot for someone else to call them back. I think it's a good example that we forget how "inconvenient" it was. If people you want to get in touch with can't handle an email (typically the lowest common denominator, I'm not suggesting that a "normie" as you say setup their own Matrix instance) then they are probably not worth spending time with anyway.

I've been been deepdiving the cryptcom privacy space over the last week, refreshing my knowledge that was last updated about a decade ago. Signal spooks me because of the number requirement and centralization, but the tech is fine. Matrix is the new hotness but the clients kind of suck. I wonder if there are any i2p based apps? But Signal (or in my case, Molly-FOSS) seems to be fine for most purposes. Unless you're the secretary of defense... There's always Tox if you don't mind the fact that it's in dev and unaudited.

Matrix?

There are a bunch of clients available for it on the web, android, ios, and linux desktop

Matrix.