GrapheneOS is the best mobile OS. Even though the Graphene team has weird habits of communication which might be off-putting for some, the OS technically still is the most secure AND most private mobile OS distribution you can have on any phone. It’s literally at the top, according to many technical and data protection experts. It’s so good that Cellebrite can’t crack it even with physical access, and some police in some country (I think it was Portugal) will assume you’re a criminal for using it, because it’s so secure and private and they can’t stand the thought of someone fully utilizing their personal rights. Plus, it has great documentation and is easy to install. Despite it being so secure and private by default, it still allows you to shoot yourself in the foot by installing the sandboxed Google services and so on, if you really want to. So it can also be used like an off-the-shelf Android, just with some additional hardening and extra protections on top which you benefit from, but the benefit will be much smaller of course when you install and use spyware apps.

• mullvad.net
• dnsforge.de

Generally, a Samsung phone isn’t great for privacy. Consider getting a Pixel and put GrapheneOS on it. Much better Android baseline. More secure as well.

Any connection to Samsung’s servers is likely non-essential, but do check that OS updates work.

Google Play Services is Google’s main surveillance stack on every commercial Android distribution. It transmits a lot of unique device info to Google, every 20 minutes or so. The minimum data being transmitted is:

Phone #
SIM #
IMEI (world-wide unique device ID)
S/N of your device
WIFI MAC address
Android ID
Mail Address of your logged in Google account
IP address

However, this app might be required for Google Play to function. And also for some other apps. So check those dependency issues. In general, you should prefer using open source apps or any apps which don’t have such stupid dependencies. Some apps merely complain when you don’t have the Play Services app running (by displaying a popup) but still work.

There’s also the issue with Google’s DRM called “Play Integrity”. Some apps use Google’s Play Integrity API to “verify” that the device is an “officially sanctioned Android” and then act like any other Android is “unsafe” and then refuse to work. If you encounter this, be sure to complain to the app developers about this.

If you need the Google Play store but want to block network access for the Play Services app (which you should do), you should probably use the third-party Aurora store app.

About the Ironfox connections: not sure, but the “firefox-settings” hosts from Mozilla sound related to the Firefox Sync feature which syncs your settings/bookmarks/… with Mozilla. If that’s the case it’s also non-essential and can be blocked.

Yes. Unfortunately, propaganda, intimidation and many lies and illegal actions from authoritarian regimes do work. The ones in power also don’t need to care if they’re still being supported by the population or not. After they’re in power, they don’t need supporters in the general population anymore, they just need people to be inactive and suck it all up so that they can continue staying in power. As long as there’s no revolt or upcoming election which actually gets rid of the regime and its background helpers, people are simply letting it happen right before their eyes. And so it will happen. And it will get even worse.

I use Arch since approximately 2006 or so. I like its stability (yes!), performance, rapid updates and technical simplicity. It never stands in my way and it’s fairly simple to understand, administer and modify. It’s probably the most convenient OS I’ve ever used - sure it takes time/effort to set it up but once you’re past that it’s smooth sailing. It also doesn’t change dramatically over the years (it doesn’t need to) so it’s easy to keep up with its development. Plus, I have a custom setup script for it that installs and sets up all of the basics, so if I ever need to reinstall, I’m not starting from zero.

I am eyeing NixOS as “the next step” but didn’t yet experiment with it too much. Arch is just too comfy to use and the advantages that NixOS brings aren’t yet significant enough for me to make any kind of switch to it, but I consider NIxOS (as well as its related technologies like the Nix package manager) to be the most interesting and most advanced things in the Linux world currently.

If you’re reading this as a newbie Linux user: probably don’t use any of the two mentioned above (yet). They’re not considered entry-level stuff, unless you’re interested in learning low-level (as in: highly technical) Linux stuff from the start already. NixOS/Nix in particular is fairly complex and can be a challenge even for veteran Linux admins/users to fully understand and utilize well. Start your journey with more common desktop distros like Mint, Fedora, Kubuntu.