This is the correct but boring (but correct) answer.

So, a bookmarks list basically.

Prediction: you’ll never actually read most of what ends up on this to-read list.

Blah blah blah. Unencrypted data is the wrong default in 2025 for any OS. Linux should not be a poor man’s OS.

Sure. But defaults are important.

This is a case where Windows-bashing is hypocritical. Almost no Linux distro has disk encryption turned on by default (PopOS being the major exception).

It’s dumb and inexcusable IMO. Whatever the out-of-touch techies around here seem to think, normies do not have lumbering desktop computers any more. They have have mobile devices - at best laptops, mostly not even that.

If an unencrypted computer is now unacceptable on Android, then it should be on Linux too. No excuses.

Yep. Pathetic and embarrassing.

If you do, then also choose full-disk encryption. It doesn’t make sense to close a small hole only to leave the big one gaping wide open. And yet on Linux FDE is mostly off by default, even in today’s era of encryption, even on laptops. Personally I don’t understand it.

Once you’re encrypted, then Secure Boot (if you even have the option of it) mitigates against the “evil maid attack”. To get access to your encrypted computer, the attacker will need physical access to it twice: first to swap out the bootloader, then to harvest the password you unsuspectingly passed to their freshly installed malware.

For most targets (i.e. you, probably), this would all be far too much trouble. But technically it closes a loophole: it means that you can go to Russia as a spy or a journalist and not have to carry your laptop on your person at all times.

Give it a few years.

I use sway in tabbed monocle mode, i.e. no windows at all, just one thing at a time like on mobile. Never going back to mousey Windowsy 1980s-style computing.

Tiling window manager plus a terminal.

Hmm, say what? No, it looks GREAT.

What’s GTK?

Black terminal FTW.

to open PDFs

mupdf

for selecting the text and stuff

This is what is slowing things down.

In 20 years of using Linux my partition scheme has always been to say yes to whatever the OS suggests.

ITT: lots of generic VPN advice by people who have no experience with the specific problem.

that could be because it is an AMAZING post – it covered all the points and no one has anything left to say

Finally, I know why.

First, there’s often no choice, it’s SMS 2FA or no 2FA. Personally I would prefer no 2FA at all because, as mentioned, I’m doing this all on desktop. The attacker would need physical access to my encrypted computer. Not happening.

This is the most solid solution IMO. I use Linphone on desktop with a Twilio phone number over SIP.

It works. Not that I get to try it often: I consider phone calls a barbaric relic of the past and get by fine without them. I use the number to receive 2FA SMS mostly.

That’s not what I advised at all.

Lots of self-important, irrational, hand-wavy responses to this question as usual.

Assuming you are the only user (sounds like it) and you secure your client device properly, then no, there is no reason not to do what you propose. Go ahead and do it, you’ll save yourself lots of redundant typing and clicking.

Others here can keep performing their security theater to ward off the evil spirits.