or randos on the internet then?
I mean isn't that practically everyone on the Internet that you don't know personally? Or do you actually know the Firefox and/or Librewolf team, and audit their code as well?
If no to both...sounds like you are putting some measure of trust into "randos on the Internet." Which is not abnormal. Trust is required at some point in most processes.
My thing against Firefox/Librewolf is lack of security...unless it's improved?
Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn't have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox's sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn't happening for their Android browser yet.
old system of writing them down on paper
That's harder to steal/hack by someone across the globe.
all media organisations use X
NPR quits Twitter after being falsely labeled as 'state-affiliated media'
Your data has monetary value to google. Giving them access, without getting any money from them (or even knowing what ways it will be used) is not something you must do.
To be fair, while you may not be getting money in its direct form (cash, bank deposit, etc) from Google, they are providing you a service which costs them money for free. So they are providing something of monetary value.
Only the individual can determine if their data is worth that free (to the individual, not free to Google) service. I'm assuming that most people in a privacy community would be against that, though.
CalyxOS relocks the bootloader and they supported the FP5 right after launch.
CalyxOS is not a hardened OS, and GrapheneOS requires more than than just relocking the bootloader.
Fairphone's devices do not meet basic security requirements for hardware, firmware and the software device support including drivers. Please look at the hardware requirements at https://grapheneos.org/faq#future-devices and check for yourself how many of those are provided by the Fairphone. Even the Fairphone 5 has a CPU core from 2021 without even PAC and BTI.
You can still be part of a project without being lead, to be part of the "we." Did he contribute and/or is he part of GrapheneOS, yes? So he's part of the "we."
Or does only the lead developer get the "we?" Wouldn't that make it more of an "I" instead?
We've heard this one in 2016.
He was a convicted felon who had the Supreme Court in his pocket who granted him immunity as well as an attempted insurrection in his honor and he saluted hostile generals?
I don't remember if he promised to be a dictator on day one or had already praised dictators back then, so I'll grant you that one out of...everything else he's done since then which was not covered in 2016.
It's a game of chicken now.
And if you're not scared of a convicted felon who promises to be a dictator on day one and has the Supreme Court in his pocket who granted him immunity as well as a cult like following who stormed the Capitol to attempt an insurrection yet who also praises dictators and salutes their generals and has nothing to lose getting ahold of the Presidency then I don't know what to tell ya. But sure, let's play chicken with the saner and lesser of the two evils and help MAGA win.
Why do people phish, dumpster dive, or social engineer? So they can snoop and grab anything of value.
And hopefully does something about. Disciplinary for the poor OPSEC and/or better resources to avoid it and/or better laws to stop this unfettered data collection and/or better training to avoid it in the future. Here's hoping. Holds breath