I think there’s an element of prestige people are missing. At least in my country there were online options prior to the pandemic even, they however lacked the prestige / name recognition that other institutions had. Keeping mandatory in-person classes is another way to maintain this prestige, a differentiating factor, from the other institutions.

I also have to agree with most of the comments here. From an instructional point of view online classes are lacking, they can be less engaging, and pedagogically neutered. And in fields with lots of laboratory work, it’s frankly impossible to get rid of at least part of the in-person educational component. Even for the humanities, having access to a large on-campus library of scholarly resources is integral to research.

In my personal experience I’ve been quite grateful to have access to a large archival collection, items that could not be shipped to remote students because they are too old to leave a temperature & humidity controlled environment. An online experience would prevent someone like me from doing some manuscript / original publication related research.

Now, I do think online options are helpful. ESPECIALLY for summer classes, where students may wish to retake a class while also moving away for summer work. But I do not think they should become the default, they should be an option where possible, but not the new normal.

Normally I would say community forks have the power to continue the project. However, in this case I think chrome / safari would eventually add enough new features that Firefox forks can’t add quick enough. Mozilla at least has some power in pushing the direction of web-standards, which these forks would lack, as well as the larger development team and some corporate usage of the browser which Mozilla has. I also don’t see the smaller development community keeping up with security issues found in the browser, particularly pertinent for corporate marketshare and individuals with a stricter threat model (journalists, dissidents, etc.)

The only other factor, is whether Firefox dissapearing would officially create impetus for an anti-trust case against Google. I doubt so under the current American presidency, but I could see the EU being concerned (even if they lack the power the US has to force the company to split). If something were to happen here there would be substantial change in the browser market, but I wouldn’t be too hopeful of this happening.

What are your goals?

I would say it’s really a combination of the instances policies and their jurisdiction, and in terms of jurisdiction it also depends on where you live (e.g. you may have more protections under law if the instance is hosted in your country)

There’s also nothing stopping you from using multiple instances — siloing your interaction in different types of communities in different accounts on different instances. This may be useful if part of your privacy concerns are having all of your post / comment data on one account on one instance.

Edit: You can also use an email aliasing service to avoid even giving your email out. There are aliasing services such as Addy.io, Simplelogin (subsidiary of Proton AG), Firefox Relay (Mozilla), as well as some email providers which provide (iCloud, Proton, Mailbox.org to name a few)

For iOS devices the most up to date client is “Strongbox”. I don’t think it is FOSS, but is compliant with the standard. It’s sadly a freemium app, but is quite well made in my testing. It cannot sync with syncthing, but does support several cloud services, its own service (which uses iCloud), and local file transfer over LAN. They also have a version of the app with all network connectivity removed for security (if you prefer)

This is perhaps overkill, but you can also encrypt the contents of your online cloud storage with CryFS / Cryptomater. This is particularly useful if you wish to store sensitive documents (healthcare, finances etc) in a cloud environment in case of catastrophic destruction of property (destroying computers / on site backups of data).

In this case you can also backup your keepass file in this encrypted virtual storage medium, on top of the prexisting encryption of the database itself.

My personal choice right now is KeePassXC (PC) / KeePassDX (Android) + Syncthing And Aegis (Android) for 2FA codes, with a yubikey for services that support FIDO keys.

Overall I like this setup because it’s decentralized and does not rely on a third party server structure. The only “weak” point would be the Syncthing relay servers or the Tailscale VPN that I use, but this goes back to ensuring encryption of the database is adequate with a long password, and using an open source synchronization protocol that ideally has been vetted by a trusted third party (or yourself if you’re capable)

I used to use Bitwarden, and I highly recommend it. I really appreciated it’s ability to integrate with email aliasing solutions to generate new aliases from within the bitwarden UI itself. However, my main reasons for switching were the following

• I don’t have the money to pay for it (uni student)
• I prefer a more self-hosted approach (I will consider using vaultwarden in the future when I have more money)
• I wanted to move away from using a browser extension for password management on desktop. KeePass’ auto type feature is really good, and a more secure input method than a browser extension autofill.

The only additional advice I have for both recommendations is that I do not think it advisable to add Totp 2fa information to your password manager even if it supports it. I feel like this should be separate, on a single device, and backed up in ~2 locations (one preferably off site). This is really to avoid problems if a device is compromised and if your password manager is compromised, but this is definitely in the more unlikely category I feel.

My only major issues with keepass are the potential for sync conflicts and the some feature differences between platforms. A centralized server config like vault/bitwarden prevents the sync conflict issues, at the cost of having one point of failure. The feature differences problem isn’t too great, but autotype doesn’t work on Linux if you install with flatpak, and you can’t prevent screen capture of the app on Linux (only on Android and Windows from my understanding)

Edit: I also tried gopass, it’s really fun to have an entire CLI based password manager, but frankly the state of mobile companion apps are appalling. The Android option only is good if you use a dev version, and the iOS one I thought was just ok. I also dislike the metadata leaking that is inherent to the format, and that PGP is the main form of encryption for the time being (some clients were looking at using AGE at some point). Overall it’s a cool but flawed concept, and I feel my other two recommendations are superior.

I think you summed up my thoughts on the matter much better than I could have. In particular, the “digital” / “corporate” right to be forgotten is distinct and much more specific in its scope than a broader right, and is a rather important consumer protection in my opinion.