I have no idea what a DreamMachine is (and wikipedia does not help) so here’s the long answer :)

If you want a VPN tunnel to your own home, for secure access to your LAN, I’d recommend you look into NetBird and/or TailScale, which at their core are wireguard plus NAT punch-through (you can also run wireguard or openvpn directly, but it may be a pain since you most probably have a dynamic IP and possibly a CGNAT).

If you want to hide your traffic while connecting through networks you don’t trust (such as the work one or some cafe’s wifi), you can either use NetBird/Tailscale as above and connect though your home (well, assuming you trust your ISP of course) or some third party VPN which connects to their servers (I’d say look into Proton first).

Keep in mind that VPNs actually do very little for your online privacy (ie. it’s not like google or facebook can’t track or fingerprint you). They do is prevent man-in-the-middle traffic analysis from your ISP (or the admin of whatever LAN you are using), but then the VPN provider can do the exact same things, so… make sure to double-check the privacy guarantees of your VPN provider and compare them with those of your ISP.

What do you (think you) need a VPN for?

Lineage OS is not designed to relock the bootloader.

I don’t understand why so many people worry about that… doesn’t it only ensure that data is wiped if some agent secretly installs a rootkit or sorts on your phone before giving back the device to you?

To me, bootloader locking is mostly a way for phone manufacturers to make it harder to run anything but the ROM they have chosen (and it’s a PITA and the most laborious part of installing a ROM).

https://wiki.lineageos.org/devices/ and make sure to double-check that unlocking the bootloader isn’t too much bother (ie. read the installation instructions)

What is that you care to preserve? Can’t you just register a new account and kill the old one? (genuinely curious)

I don’t see the reasoning in your answer (I do see its passive-aggressiveness, but chose to ignore it).

I asked “why?”; does your reply mean “because lack of manpower”, “because lack of skill” or something else entirely?

In case you are new to the FOSS world, that being “open source” doesn’t mean that something cannot be criticized or that people without the skill (or time!) to submit PRs must shut the fu*k up.

Those are outside Signal’s scope and depend entirely on your OS and your (or your sysadmin’s) security practices (eg. I’m almost sure in linux you need extra privileges for those things on top of just read access to the user’s home directory).

The point is, why didn’t the Signal devs code it the proper way and obtain the credentials every time (interactively from the user or automatically via the OS password manager) instead of just storing them in plain text?

The wayland project was originally started by George Soros… what did you expect?

Didn’t you know? Disabling ad blockers ensures free speech and apparently may also peacefully end the current crisis in the middle east… oh, did I mention it helps with world hunger too?

The really important sosftware gets ported to all the platforms