Whenever some app or service claims to respect your #privacy, check for two things:
1. Is it open-source on both client and server (if applicable) ?
2. Is the service itself decentralized in some way (federated, allows self-hosting etc.) ?
Now evaluate everything you use - iPhones, WhatsApp, Telegram, Signal, Gmail etc. using this checklist.
Try to find and use software/services which satisfy both of the above conditions.
If a protocol is open-source, chances are an open-source implementation is out there.
PGP (OpenKeychain, gpg, etc. no reason yet to self-host a keyserver)
IMAP (K9-mail for client, dovecot for server)
SMTP (Exim for server, there are others)
XMPP (think whatsapp):
Client: Conversations (free on F-droid)
STOCK ANDROID: AOSP
I'd love to see more!
I'm sporting a Nexus 5X running LineageOS without Google Apps. I know a Samsung phone would do the same things, but it would be less flash-friendly (I presume from my experience with S3mini, YMMV). It was more expensive, but I knew it's repairable and that the target demographic are DEVS, so long-term support.
If you can, try to look up a teardown video of a device you want to buy. How difficult is it? How much glue is there? Does something break every time you open (glass back)?
Check the availability of spare parts for your phone. Even batteries, if a phone has a "non-removable battery", can be replaced with 20 minutes of time and a youtube video. You'll do future you a favour.
A Mastodon instance for info/cyber security-minded people.