What I meant by my threat model not being the tightest was that if I want to read something on a site that requires javascript and cookies then I will just turn them back on temporarily rather than not read what I want just because of possible tracking.

I agree with your point about the web being almost unusable in parts without JavaScript. However, I find that a lot of sites have a lot of javascript-heavy pages at the front but simpler pages behind where you get to things you actually want to look at. Usually a site’s RSS feeds let you get directly to the simpler pages without using JavaScript.

Excellent post. I agree entirely.

There absolutely must be an elegant solution to the problem. However, in my opinion, the issue is that not enough people are interested in having the security you mention. Don’t the statistics say that over 50% of people don’t use a password manager, reuse passwords and those passwords are things like password123?

This apathy towards security presumably means that there is very little money in designing the elegant solution to the problems raised in your post and many of the brightest and best in the field will simply seek alternative employment in the online data collection and advertising field where all the money is.

As it stands, so many people have so little concern about online security or privacy that it seems to be slowing progress in both fields.

Thanks. Is Tor browser as effective if not used over tor? My tracking blocking is via a VPN that I trust and want to continue using so I wasn’t thinking of using tor. I think I read somewhere that using VPN over tor or tor over VPN somehow became less private (I’m not technical so this might not be right - maybe someone could explain it). I was going to use Mullvad as I believe it has many of the same qualities as Tor browser but is more focused on use with a VPN rather than Tor.

Thanks for this. It is very helpful. To be honest, I had forgotten about Exodus.

I think it needs camera and microphone in case you want to take photos and video and save directly to an encryted volume. That is not in my use case so I will just deny those permissions.

Thanks. I had noted the lack of internet permission as a positive. I guess that I was just puzzled at the lack of coverage within the community. Maybe the app simply hasn’t been around long enough to attract the attention it seems to warrant. Or maybe I am being overcautious.