If I had to guess, they probably don’t use the APIs, inside using scrapping of some sort.

Maybe a setup FIDO2 LUKS unlocking, but that requires a security key: https://www.privacyguides.org/en/security-keys/

You could setup LUKS TPM unlocking.

Yes, which is why i very much like what GrapheneOS does with Storage and Contacts Scopes.

Understandable. Though the security difference between Flatpak and Xen VMs, or even between Flatpak and Snap, is pretty big. Flatpak is mostly sandboxed to provide a consistent run environment to apps across distros, and id say 50% or more of the Flathub apps seem to have weak default sandbox security settings. Snap does a better job security-wise of reducing sandbox escape potential, but is still a far cry away from the containerization of Qubes.

Android doesn’t expose any app data and requires a permission for accessing storage (unlike Linux).

Freebsd is also on distrowatch. Qubes is not desktop Linux because it doesnt function like normal linux. It uses the Linux kernel, but in a similar way to how Android isn’t Linux, neither is Qubes.

Your hardware is most likely not free and open source. If you use non-free hardware, it is better to have security fixes then leave it unpatched. If you are using non-free hardware it doesn’t matter how free your distro is, you still must depend on hardware blackboxes. Your hardware can directly interact with your distro and do something malicious regardless of the presence of firmware blobs.

Those distros (Fefora & Debian) are fully free, but acknowledge that hardware isn’t in most cases. And like responsible and reasonable developers they choose what is best for stability and security.

Recommended Distros

General Use:

• Fedora KDE
• openSUSE Slowroll with KDE

Gaming Focused:

• PikaOS
• Bazzite
• Nobara
• CachyOS

When picking a distro for gaming, I always recommend using one that gets frequent/fast updates. All my recommendations get fast updates. If you are mainly just gaming, go with a gaming focused distro. If you want a system without many apps or modifications, go the general use route.

I can elaborate on each of my picks on request.

For setting up and selecting Piper TTS voices, use Pied. Then use KMouth by KDE to have an app to paste text in an make use of Piper TTS voices.

That plus KMouth would be exactly what OP wants. KMouth is an app you can paste text in and have speechd play it.

Mullvad has many methods of obscuring the fact that you are sending VPN traffic, specifically designed to fight VPN censorship and firewalls.

Matrix with either Element or Fluffychat

Officially from the Tor Project there is also oniux. From the blog, “a small command-line utility providing Tor network isolation for third-party applications using Linux namespaces”.

I liked qdirstat

I sleep till 11am. Yes I am unemployed. Yes I wish I had a job but nobody who is hiring cares about my degree or experience.

Seconding fish shell. Very nice experience and the only real downside (or upside depending on perspective) is the non-POSIX syntax for some things.

If all you need is a simple note taking app, I recommend Notesnook. It is free and open source and offers E2EE cloud syncing. That is what I used as a Google keep alternative. Silverbullet is good, but may be too feature-full for something as simple as a Keep replacement.

Pretty good unless your game doesnt enable anticheat support for Linux like the battlefield games or fortnite for example. Performance per game is either on par or better than Windows. Game support can be checked on https://protondb.com/

Website’s style breaks without 3rd party scripts permission. Not that that’s indicative of the quality of the distro, but I don’t like websites that depend heavily on Google, Cloudflare, and external CDNs for scripts since it makes the website less secure.