Help with some privacy concerns in regards to phone, apps, software, currency and email

Hi, sorry if this isn’t the best place to ask stuff like this as most posts seems a bit more focused or intent on deeper discussions. I wasn’t sure where else to ask these things so figured I would try here. A few of these I managed to get answers elsewhere, but at the same time, I also found someone saying the direct opposite in places, so I’m highly unsure on most of them. I’m certain to ask a few stupid questions, but I’ll hopefully keep them somewhat reasonable…

I’m current in the process of privatizing my phone and I wasn’t certain on several things:

1. My phone isn’t really supposed for any of the recommended OS’s so I’ll be using LineageOS until I can get enough money for a Google Pixel, is there anything about LineageOS I should be worried about in regards to privacy?
2. Are there any types of apps I should be worried about downloading on my system? For instance is something being GSF dependent dangerous? Are there other things they ask for that I should look out for; or are there other ways to tell if an app could be extracting unwanted info from my system before or after downloading it?
3. Likewise, would me installing something like a bank app or bus/train route/ticket app be detrimental to my phone’s privacy as a whole, or could I keep my identity isolated to those apps? I wouldn’t say I live in a “free” country, so I thoroughly expect these apps to be government spyware if they were capable of seeing anything else. Is it possible for these apps to see what else I’m doing on my phone, see what other apps I use, my other accounts/passwords. Would they be properly sand-boxed by default, do I need a separate profile? ect…
4. Assuming I’m using a VPN like Mullvad, is there anything my SIM card (Cell provider/Tower operator/ect) can actually see outside of my location, and direct phone calls/messages? For the later I can use different apps so that’s no problem, and I’ve just accepted that preventing location tracking would make using a phone normally very difficult. Can they see anything that would travel over the internet in any way. Is there a difference on what data they could see if I was using wi-fi or connecting to the internet via their towers?.
5. What international cell providers would be recommended? Is Silent.link solid when I get a phone that supports ESIM, or perhaps something else? Since they only have data plans would JMP.chat be good for VOIP numbers or is there something better?

I’m also trying to take control of my own fiances and planned on keeping a good portion of savings in monero. However, turing my entire salary into gift cards or sending it via mail seems unfeasable.

1. What is the most private/least suspicious way to get my salary to my local monero account? This is somewhat gone over on the website, but I just wanted clarification.
2. I assume using a KYC exchange to do this is unavoidable, though I would love to know another option if possible. What all KYC’s are considered okay if my bank only accepts certain exchanges? Is there really any difference in KYC exchanges from a privacy standpoint? If not, what would you recommend as the cheapest?
3. When doing the exchange is it safe to just buy monero straight form my bank? Is this suspicious? Would it be better to buy bitcoin then exchange that for monero? If so, would you just do it on the same exchange platform, or would you use some other place to exchange the bitcoin into monero?
4. When transfering monero, can anyone see what wallet is that I’m sending it to if it’s straight from an exchange to my local wallet? Or would it be better to do something like “Bank>KYC>Fake Monero Wallet>Real Monero wallet”. I assume monero wallet to monero wallet is fine, but I had my concerns of just going from a place that knows my identity to my personal wallet as I’m unsure what can be see in the transaction.
5. Does all of this function the same way when getting my money back out of my monero wallet?
6. I’m assuming no, but is there a service I can put money into that is transferred from my monero account that would be anonymous and use to shop for everyday items like food? Basically a debit card not attached to my identity.

One of the things I had planned to do was make a new discord account that was more anonymous and keep private info out of it; as I can’t seem to avoid using it for things these days… I"m currently using webcord to sandbox it; however is it possible for discord the know the new account is from the same owner as a discord account I had used in the app previously via “browser” fingerprinting; as the app is simply web discord wrapped up in electon? Would this be a concern for other platforms like the steam client if I changed accounts? Or is this mostly a non issue?

Lastly, I’ve been using Anonaddy to funnel emails to my Tutanota account. However, Tutanota does no use OpenPGP.

1. Should I be concerned about a 3rd party picking up my emails between my Anonaddy and my Tutanota account? I had concerns about both “to” the Tutanota account from Anonaddy and “from” the Tutanota account back to Anonaddy.
2. If something could read this data, is is feasible it has happened if I’m only on “Mass Surveillance” threat level?
3. I’ve opened a lot of accounts with Anonaddy emails, would all these be compromised if so?
4. Laws these days are becoming increasingly Orwellian; even if this hasn’t happened yet, should I switch to something that supports OpenPGP?
5. Is ElectronMail and acceptable desktop client for Protonmail so I don’t have to pay for the bridge?

There’s quite a lot there, but I’d really appreciate any input from anyone who could help me along on any of it. I’m fairly ignorant about most of this stuff; so anything is really appreciated.

Emails between AnonAddy and Tutanota will still be encrypted with TLS, so the only parties that could read them are AnonAddy, Tutanota, and you.

1. GitHub - beerisgood/Smartphone_Security: a collection of differently important stuff about mobile phones

Just a friendly reminder that if you owe the government some tax money, you should pay it diligently. No amount of opsec, anonymity or privacy will save you if the taxman decides that your finances look suspicious.

The only way to truly live privately and anonymously is to live like a lonely hermit in the mountain with 0 neighbors and 0 digital devices.

You can also try to be a “gold aggregator” that buys and sells gold. Check what is required to deal in gold. Buying monero looks weird and you would lose money in transaction fees. Gold also runs a different kind of risk (physical security).

Can you not pay in cash with your transportation fare? Timing your app usage pattern with all the surrounding CCTVs in the station will mKe it easier to track you.

Discord and privacy/anonymity do not mix like oil and water. Find a different community that does not exclusively dwell on Discord alone.

I know OpenPGP is “ideal”. What exactly does OpenPGP hide or encrypt that TLS wouldn’t take care of?

Thanks for the link, some really good information. I might hold off and really doing much to my phone until I actually manage to get a hold of the pixel.

I’m aware of all of this, but I’d like to do what I can. Privacy/Security is a spectrum, I don’t need to either just not care at all or become a hermit. Gold is hard to get a hold of here. Using cash is difficult, as we might as well be using CBDC’s at this point. I don’t really trust banks based on recent events, not that I ever did, so I’d like to at least do something to secure my finances and not leave it to someone else. I assume privacy guides wouldn’t recommend doing it at all if it was that dangerous, I just was curious as to the best way to go about it. I don’t plan to install the actual discord app itself on my computer, and don’t plan to put out any personal info in chat or voice, so as long as it’s isolated and nothing can be tied to it, that’s good enough for me. I was just curious about if the webcord fingerprinting thing was a real worry or if I should stick to keeping it open in a browser.