I’d say both things go hand in hand.
Individual change is definitely easier to achieve, but even getting a certain idea out to let the individuals protect themselves on their own is difficult, privacy isn’t really easy to sell because, beside a basic level, most people don’t care about it or assume it’s unattainable.
So yes both are difficult in their own way, but the effect that policies have when they’re finally applied is more powerful and protects everyone by default, even without them knowing, e.g the GDPR

They’re on your side, why the friendly fire?

Sorry, I wasn’t saying it wasn’t, I just found it funny, I do trust you know what you’re talking about, had no reason to doubt you

New motto: open source, open purse

The a series is pretty good bang for your buck, if you can’t afford that and neither used ones, then maybe you could settle for one of the cheaper Asian ones supported by Divest OS

That’s really cool! And yeah the bootloader locking checks out with into from other guides.
That unbricking talk flies over my head on the other hand, it sounds like one of those fake tech speaks to my uncultured self lol

How did you install Graphene in the first place?

Not to mention I don’t know why anyone would use a provider that was happy to warn people they aren’t trustworthy.

That’s the most honest statement, because that’s email by nature. If you don’t encrypt anything yourself with PGP, emails will be readable by the server and there is no way around it, some providers have automatic encryption between users of the same provider (e.g. Proton) but that’s most likely less than 1% of your email traffic, unless you really use it to chat (for which there are much better suited tools already), most the others will be on their popular service that doesn’t do encryption at rest, let alone in transit (and I mean one where they don’t hold the keys) and, if you want to contact them, you either put up with the fact that your conversation is exposed or you convince them to set up PGP