Private space is identical to work profile. In the past, private space didn't exist and people used work profile instead as a workaround, but now that's not needed.
Private Space has a superior approach to isolation and encryption matching user profiles. Work profiles have some compromises for historical reasons. Private Space should be preferred over a work profile and the only reason to use a work profile for your own local usage is to use both a work profile and Private Space at the same time. Once GrapheneOS has support for multiple Private Spaces within a user, the use case for work profiles will be limited to the intended Bring Your Own Device enterprise deployment purpose. The intended purpose of work profiles is companies not having to give their employees work phones but rather owning/controlling a specific profile on their device with some influence over the overall device via rules for lock method, etc.
Not OP, but I feel like moving from Google to Zoho is just kicking the can down the road. You don't know how these big corporations will change their product or (more importantly for cash strapped organisations like Universities) their pricing structure.
It seems like a much safer to bet to move to an open source project instead. The costs of hosting it would be well known and predictable.
Blocking the advertising itself only shields you from the advertising, it still lets these services set up the underlying surveillance/advertising system that harms society (and you) in the long run.
Of course it's not always possible, but it would be ideal to use services that don't have advertisements for anybody.
If you're interested in self-hosting your orchestration server, you can look into Netbird. It's a very similar tool, but has the server open sourced as well. So you have a self-hosted control server with a nice GUI and all the features the paid version does.
Compared to Headscale, Netbird has so many moving pieces! It looks robust, and powerful, and featureful... yet, self-hosting Headscale is super simple, and less demanding.
I've been slowly moving everything over from Tailscale to Netbird and aside from some shenanigans with Tailscale taking over the entire CGNAT route, it works wonderfully!
Tailscale is still running for now, but I'm getting closer and closer to decommissioning it and switching entirely to Netbird.
If I've understood correctly, it might not be necessary to isolate everything in different containers. As long as you block social logins using an adblocker, the total cookie protection in firefox shouldn't allow websites to know what other sites you're visiting.
I've been trying out Ptyxis for a few weeks now and it's quite nice to use with Distrobox or other containers. It's easy to set up profiles with particular docker containers and it automatically picks up distrobox containers.
It also has the "top bar color changes as a state indicator feature". eg: when I run a "zypper ref" the top bar goes red. The multi tab overview can be useful too, and it has a lot of color themes OOTB. These are nice touches.
Going by the pattern of the comment, I would assume this was a typo. Maybe they intended to say:
"If it's no problem and we DON'T avoid it = No problem"
The simplest way of doing this would be to export your bitwarden vault in plaintext (as a json or csv) and then store it as a password protected zip file.
This should be easy to encrypt and decrypt on all operating systems, and would make it easy to move your vault to a new password manager.
