yes, it’s that.

You can lock your password database with a key file (this is a standard feature in keepassxc) and transfer the key file once between devices via sneakernet (microsd or usb drive). That way even if someone intercepts your database file, AND knows your password, it is still virtually impossible to crack. Should be a good enough solution, unless you are quantum-tier paranoid

Marginally better than using discord itself as your password manager (also a true story!)

If you’re on Linux and you like minimalism, pass is also a great option

I mean he’s not wrong about paper being more secure than password manager (provided you have good physical security and trust the people you live with)

Okay, I just tested Tor on windows, and it shows a bunch of microsoft fonts that my linux box doesn’t have.

But what I did notice is that the fingerprint changed on my linux box after a full restart of tor browser. So I guess their approach is to randomize fingerprints between sessions, rather then to keep everyone’s fingerprint the same?

how much of the internet is unusable with js disabled

Quite a lot actually. A lot of articles / blogs / news sites are actually more usable without javascript than with, because none of the annoying popups and shit can load. I suggest having two browser profiles: one with javascript enabled by default, and one with javascript disabled. So for things like online shopping, you’d open the js profile. And for things where you expect to do a lot of reading, use the nojs profile. Ublock origin also lets you temporarily enable/disable js for a particular website pretty easily.

This is what I though as well, but brave on stock windows doesn’t show any noto fonts. Haven’t tested tor browser on windows yet tho, so idk

I’m running Brave and Librewolf from flatpak. Nope, it doesn’t help, at least with default sandbox settings.

I’m slowly starting to agree with @ssm that safeguarding against fingerprinting is an exercise in futility though…QubesOS sounds like something that might help though, since it makes it easy to browse from a virtual machine with fonts and other settings that may be leaked set to the most bog-standard defaults.

On a related note, disabling javascript can actually improve your user experience quite a lot for certain types of tasks. A lot of news/blogs/article-style websites nowadays are actually more usable without javascript, because you don’t have to waste time closing all of the ads and cookie popups. I have a separate browser profile with js disabled and use it quite a lot.