The average user's probably got their SSN, DoB, address, full name, employment history, credit card track 2's, passport details, and more spread across multiple breaches, being sold across multiple darkweb markets, precisely because they have zero regard for privacy.

Suggesting that usage of GrapheneOS is "LARP"ing a "paranoid" opsec level is dismissive of the very-real threats facing domestic abuse victims, whistleblowers, journalists & political activists/dissidents in repressive, authoritarian regimes, and countless others.

Just because you live in a safe, privacy-respecting, liberal democracy doesn't mean everyone else does, and it absolutely isn't reasonable justification to demean those who don't by painting them as irrationally paranoid. That's gaslighting real victims who actually have to be concerned about these companies handing out their data to countries that will put them through, in extreme cases, excruciating torture, before killing them or imprisoning them for life.

Not everyone is lucky enough to live your life, so stop assuming your threat model is automatically the "right" one for everyone else, and that any more intensive threat models than yours are inherently "irrational", "unrealistic", or "paranoid".