Thanks Paramount-paranoid for your obviously constructive reply,
1) Is it correct to say from your response that the private space in the owner profile isn't recommended for:
a) Play Store apps. Nor;
b) Non Play store apps?
2) "You can also take it a step further and have certain profiles for certain apps, banking, games, social media etc. "
I acknowledge the point you make for leveraging the capacity for multiple profiles. I personally don't see myself having more profiles than a max of:
a) Owner (as mentioned, currently empty other than the stuff in the private space)
b) Play store apps
c) Non play store apps
I need banking apps and am having some challenges with some of those that I'm not going into here. I'm abandoning/rejecting social media (in a life of blunders, this seems one of the few decisions I've gotten right). Hence the only social media app I intend to have on grapheneos is Newpipe. I still quietly maintain a LinkedIn profile, even though I no longer post any comments etc on LInkedIn. If something comes up that I need to login to LinkedIn for, I do so using a browser.
I'm not a gamer so have no gaming app considerations.
3) F-droid & Aurora
I have both of these on the Android phone I am migrating away from. The youtube tutorial by Side of Burritos I used when installing grapheneos, scared me somewhat when advising there's security concerns re both F-droid & Aurora. Cross-verifying that on the web, at least some other people share those concerns. Hence so far I've not installed F-droid nor Aurora on Grapheneos.
4) Accrescent
I like Accrescent and use it. For apps I can't get in GrapheneOS app store nor Accrescent, my next port of call is using Obtainium for tracking and updating apps that are made available such as via Github. I have this working well, other than WhatsApp for which I have a separate post. My dream is the world abandons WhatsApp for e.g., Signal. Obviously though that doesn't seem likely.
5) Notepad apps
I use Quillpad which has been more than adequate for my need. I was unaware of Notes Nook until you mentioned it, so I've just looked it up. Seems there's some people complaining the free version of Notes Nook is enshittifying, to drive users to the paid Notes Nook product. If others prefer Notes Nook, fine by me. I don't though personally for the moment at least, see a need for me to change products.
6) Cryptomator
I've never used Cryptomator before, although it seems an interesting product. I don't have much data and can easily fit into the free tier of online cloud storage products that claim to offer E2EE. I nest the data on my laptop in the Filen folder, within the Mega folder. Hence I've 3 copies of the data. I can't imagine why any law enforcement people would go to the trouble of getting an order for a cloud storage provider to de-crypt my data. Your point though that potentially there could be a policy change with the cloud storage provider, meaning they remove E2EE. Your comment is thought provoking. I personally consider the risk of that unlikely as present, since it would drive away customers who filter out using cloud storage that isn't E2EE.
I've also started toying with Ente on grapheneos for E2EE photos cloud storage.
I respect though that there is still some risk in my threat model. I may tinker with cryptomator at some point in future when I get a little spare time; thanks for suggesting it.
7) Email masking tools
I've looked at these recently. I'm unconvinced by then personally. I much prefer the other solution you suest of custom domains. I've been dabbling in custom domains for a few months, with the following findings:
a) name.com - this is the 1st registrar I was naive enough to use. That was a mistake for the reason you highlight; whois privacy is an cross-sell and not free with name.com
b) namecheap
Subsequent to point a), I did some looking around on the net at reviews. namecheap came up quite a lot, with people generally not recommending it. The 2 that people seemed to recommend are below:
c) cloudflare
Seems to be the gold standard in domain registration. Domains are registered at cost price. Whois privacy is free (although doesn't redact the state nor country of the domain owner). Even in the free tier, cloudflare security features are superb
d) Porkbun
Pricing is with a small markup. The bundled in whois privacy makes registration 100% anonymous. People like the quality & friendliness of the customer service. Even if registering with Porkbun for their 100% whois privacy, use cloudflare for DNS, SSL etc (assuming the 2 recent cloudflare outages don't become the new normal)
e) Netim
Pricing similar to Porkbun. EU based for those who want that. Again, also use cloudflare
f) LCN
I regret my experience is that they are untrustworthy due to a combination of them being:
i) Incompetent
ii) Rip off merchants
If you want a difficult life, LCN are the people for you.
For reasons touched on above, I've not actually tried namecheap. Hence namecheap could be better than all those I mention.
7) Proton
I swapped my VPN this year from Nord to Proton. Too many sites didn't when Nord was turned on. I found the quality of Nord support to be useless when I took that up with them. ProtonVPN seems also break many sites. Scarred by my dealings with Nord support, I've not yet had the courage to raise these concerns with ProtonVPN support.
I've had a proton email account for a few years, primarily for evaluation. I've instead used Tuta since:
a) Proton doesn't strip out meta data
b) Too much trouble giving other people my pgp private key. I like that instead I can send an encrypted message to someone using Tuta, and pass the email password to someone else via a back channel.
My concern with Tuta is that approx 18 months ago they:
a) Tripled the price of their lowest paid tier
b) Enshittified the lowest tier paid product to existing users of that product tier (to try to drive users to pay the tripled price)
Another email vendor I've been exploring this year is Zoho. I'm getting a little side gig up and running. Tuta business pricing is way out of my league (especially for something for which I don't expect much revenue, and possibly won't make any revenue). Zoho's free forever plan seems worth checking out (although if you are in e.g., Canada, you may need a VPN to connect to the data centres in which the forever free plan is offered; EU, India & USA).
Who is to say they won't pull a stunt like that again? Trust is a priceless commodity.
As part of my job at the time, I looked at Proton Pass when it was 1st released. I was doing a technical evaluation of the password manager market. For a business class password, my recommendations at the time from that evaluation was Keeper. Technically, Keeper was one of the few of the 28 products I looked at that met all our requirements. Of those up to spec, Keeper got the nod in the end due to their non-profit discount (since at the time i was working for a non-profit). For a personal password manager, my personal suggestions from that evaluation were either Bitwarden or NordPass.
Historically I've always kept an air gap firewall between my password manager (laptop) and 2FA app (phone). Prompted by your reply, that is potentially worth re-visiting; I could potentially have a password manager in 1 profile and and a 2FA app in a separate profile.
Thanks again for your reply. I welcome further input from either you and/or anyone else.