wow, "nothing more than a container of jails"
it was also my idea, but.. we still need to boot-strap this borg-alien from a firmware (1) and an OS (2).
- firmware is almost closed-source (maybe except core-boot) + is based on close-source CPU/GPU/APU devices...
- OS (even Linux) could have kernel drivers with blobs/firmware + we need to compile it ourself! (with a gcc/clang built by ourself -- do not trust the trusty)
- and then we get out in the world using middle the man IPS (internet server provider)+ back-bone (link-cells) exposed to tampering. Oh, boy!
My expensive solution (for now) is to use a dedicated device (PC/laptop etc) with NO private document on it. If it crash, if it is hacked / spied, ransomed whatever, then.. so be it! It is like we pay for the food, because we enjoy it; so we pay for the paranoic security because we care (are we?).