Can I improve at something?

Browser: Brave, Tor
Mobile Browser: Brave, Tor
VPN: Mullvad
DNS: Mullvad
MAC: Randomized
Operating System: Arch Linux (Whole drive encrypted)
Encrypted Mail: Proton Mail (with PGP Encryption)
Encrypted Messenger: Signal
Password Manager: KeepassXC
2FA: Aegis
Apps: All google apps replaced with Fossify apps
Maps: CoMaps
App Stores: Autora Store, Obtainium (All apps from their Github Pages)
Phone: Motorola Edge 50 neo. Encrypted (Default on Android 15)

Depends on your use case I guess, but usually an Alias Provider (Addy or SimpleLogin) fits on most of usecases (and you can set PGP encryption from that layer so Email Provider receives PGP encrypted emails that comes from Alias Provider).

Oh yeah. I forgot to mention that I am using SimpleLogin (with PGP)for email aliases.

Without your threat model there is no context to this post. For all we know you have a setup that is far beyond what you need.

• My Personal Threat Model

  1. What do I want to protect?

  I want to protect:

  • My passwords
  • My online accounts (email, banking, social media, etc.)
  • My two-factor authentication (2FA) codes
  • My personal identity information (email, name, address, etc.)
  • My devices (phone, computer)
  2. Who do I want to protect it from?

  I want to protect my information and accounts from:

  • Hackers and cybercriminals
  • Data brokers and advertisers
  • People who gain physical access to my devices
  • Malicious software such as keyloggers or spyware
  3. How likely is it that I will need to protect it?

  It’s moderately likely. Even if I’m not directly targeted, common threats like phishing, data breaches, credential reuse, and malware are widespread and can still affect me.
  4. How bad are the consequences if I fail?

  The consequences could be severe:

  • Losing access to important accounts
  • Leaking my personal or identity data online
  • Financial loss
  • Losing access to 2FA without backup
  • Being impersonated or having my accounts used for scams
  5. How much trouble am I willing to go through to try to prevent potential consequences?

  A lot. I’m willing to take extra steps, use secure practices, and manage things manually if it means protecting my data, identity, and access to important accounts.

This seems like an obvious avenue for improvement, if its possible to get a Pixel and install GrapheneOS or an iPhone in your region.

I don’t know if I’m right but all IPhone activity is tied to your Apple ID and Apple ID requires a phone number that can identify you.

You might want to check out this discussion - https://discuss.privacyguides.net/t/iphones-for-privacy

I can’t buy a new phone

That’s my threat model

My only note is that I’d recommend you use SimpleX in addition to Signal

If you count protecting data from exploitation, then secureblue.

Anything else?

Your digital security setup looks good as you have presented it. I hope to bring awareness to nuances not yet presented such as how you use those tools and what you will do when something goes wrong. For instance, how much of your traffic is over Tor, how much isn’t? How often do you use email, how often do you use Signal? Do you have secure fallbacks in case the Signal server goes down or Signal becomes unavailable? Do you have plans in case you have a security incident?

There is meatspace to consider too. If you habitually carry a phone, what measures do you take to prevent leaking your information and location? Are your living and work environments places where anyone from the public can come and go, if yes, could that be a problem? What about the surveillance cameras in those places? What measures can you take against being photographed or recorded on video? Can you openly discuss your life and activities with the people around you, or do you and your contacts need an appropriate security culture for certain topics or activities?

Change your mindset: Assume everything is compromised. You can’t trust Mullvad, Tor and other "privacy solutions” which are being preached by the privacy priests. Your adversaries are the most powerful entities in the world. They have endless ressources and they control the infrastructure of the internet.

What should I do then?

Don’t listen to the doomsayers. Look at your threat model, do the best you can and then just live with that decision (and maybe occasionally adjust it as needed).

add to your list Arkenfox , maybe you like it

p/s i use both arkenfox + brave and little mullvad

please check https://discuss.privacyguides.net/t/brave-is-not-fingerprint-resistant-enough/22775

Firefox (gecko engine) is not good for security

Adjust your threat model. Be realistic: you will not have 100% perfect protection of your data. The best way to do that is to ditch electronics and live in the mountains, but that’s not likely a good tradeoff. Decide where you want your tradeoffs of privacy/security to accessibility, and see if you have defended against what you want to.