I wouldn’t say that I go to the effort of making myself unidentifiable, but my “defaults” are with relative anonymity and privacy in mind anyway, ie donations in Monero, anti-fingerprinting, VPN, lack of persistent browser storage, full disk encryption. So I guess I don’t take steps because my regular browsing is already reasonably private, private enough that I don’t feel the need to take extra steps for minor shit like buying drugs online or donating to things. I do take extra steps to make sure there’s no simple way something can be traced to me for more serious stuff but I don’t think making a donation to a piracy website is serious.

In terms of using paypal, unless it’s illegal or criminalised to donate to piracy in your country, it should be fine too. Normally it’s just actually pirating (or sometimes only distributing) that’s illegal so donating shouldn’t be prosecutable, again unless that actually is a law where you live.

It’s fine to be paid for labour eg programming.

If only the user has the key then there’s no real concern with the data being handed over

Sure, but tracking period data can be very helpful for people. For a threat model of abortion criminalisation (or maybe trans healthcare criminalisation with treatments stopping periods, or really any kind of restrictions on medical autonomy), encryption at rest of locally stored period data is perfectly sufficient. They are not going to send military intelligence agencies after a random person having an abortion. It is actually a relatively low threat model, like equivalent to buying drugs online or something like that.

I wonder how many average users would be bothered to export their period database and transfer to a new phone every time they get a new phone. I do that when I get a new phone (not often, I use my phones till they break/are literally unusable and unfixable), but I’ve had real trouble getting other people to do these kinds of things.

Even if they owned the whole LF, the Linux Foundation does not develop systemd lol

I have heard from friends that they got banned for using adblockers on free Spotify. I used a tool, forgot what it’s called, for the brief time I had Spotify Premium where you could give it access to your account via the API and it’d search music piracy websites to download all the songs and albums in your library. After I had downloaded my library I cancelled my subscription. So that was entirely within Spotify’s ToS. (Music piracy is still illegal, but the violation didn’t happen against Spotify.) I suppose if you wanted to do this then doing something like that, where you just look the song up on music piracy sites and don’t actually download from Spotify directly, would be less likely to get your account banned. You still need Premium to access the API, but you could just scrape the webpage if you want.