I know Mullvad protects against WebRTC leaks and (jf connected to their VPN) you can test by visiting mullvad.net

No, nothing runs as root in a Flatpak. The problem is that Flatpak stops apps from using unprivileged user namespaces, which is used by all modern browsers to isolate web contents. Because the browser (Firefox) can’t use namespaces, a malicious website can use a single exploit instead of needing to chain two separate exploits, making it significantly more likely to break the sandbox.

The Firefox Flatpak has much weaker isolation because the Flatpak sandbox interferes with the browser sandbox. This means a malicious site can compromise other sites and even the whole browser with a single exploit instead of the two normally required (which is a significant degradation in protection). The specific part blocked by Flatpak is user namespace sandboxing by Firefox. If you can help it, DO NOT install as Flatpak. Snap does not have this problem, but nobody likes Snap. Chromium has a similar problem as a Flatpak.

For higher quality Text-to-Speech, install Pied (Flatpak or Snap), which offers a GUI for installing and configuring Piper TTS voices.

Ok. I guess I never noticed because I actively don’t like any of those features and I definitely don’t want Discord to have unrestricted filesystem access. The file picker in Vesktop works for me without giving full access.

What features? Discord was working perfect for me on a custom client (Vesktop) but is broken now because they hate me using a VPN.

I think is very dependent on the apps you install because i haven’t need to do really any workarounds and i install all my apps through Flatpak. The only messing around with permissions i do is disabling everything that i dont need (like printer or smartcard access). I also have over a hundred apps installed.

I recommend Swappa.com because you get better quality assurance, 30 day money back, and there is basically zero chance it has its IMEI blacklisted (some sellers on eBay and Amazon may sell stolen phones).

Librewolf offers a setting to re-enable FF Sync. There are similar toggles for other things.

You say “all the privacy settings on”, but what does that mean. I assume FFP but probably not RFP. I also assume it keeps JS JIT enabled which is a massive attack surface. I am not going to get into more detail but if people are looking for a more security/privacy focused Firefox fork, use Librewolf. If all you are looking for is Firefox with the privacy settings on, just use Firefox. Even with Librewolf, you can (mostly) replicate the experience by using Phoenix or Arkenfox with vanilla Firefox. I recommend everyone reconsider using a fork that is amounts to a few preinstalled extensions and just some (good) default settings. Using a fork just introduces a new party into the mix, which at best slows down how fast you get (security) updates from upstream, and at worst leads to supply chain attacks.

That being said, I keep seeing people talk about how much they like Waterfox. I tried it and figured it wasn’t for me. That isn’t me saying that it isn’t the right choice for others. I would love to better understand what people enjoy about Waterfox over/instead of Firefox/Librewolf/Zen/etc., pros/cons and the like.

I don’t like Brave or the amount of bloat. Sadly what is missing from basically all Chromium forks is even basic browser anti-fingerprinting. The only other real example I can think of is Cromite, which is what i recommend people use instead of Brave.

While I agree snapper (what CachyOS uses) I very useful, it is important to draw a distinction between snapshots (snapper) and a proper backup tool (borg or restic). Snapshots are usually stored on the same drive, so in the event of a drive failure/corruption you are still very fucked. Proper backup programs also have other important features, like the ability to select remote locations, setup encryption, etc. DO NOT rely on snapper to (always) save your ass.

That being said, I fucking love snapper and it was the main feature I was missing from openSUSE.

Okular by KDE

Chimera Linux uses musl libc, Void Linux has the option of musl libc, and of course Alpine uses musl libc.

They are more energy efficient and better quality. At the very least get a bronze rated one. Only use reputable brands. A bad or cheap PSU could be defective and fry all the parts connected to your board and cause a fire.

Wydm? Rockchip copied their code, changed the license and didnt attribute FFmpeg. FFmpeg is a small team of enthusiasts who are responsible for plenty of important innovation and remain largely unpaid even with such substantial widespread use of their code in like SOOOO MANY big software projects. It isn’t their fault that people aren’t following the simple rules of the license to use their code.

I tried Waterfox and didnt really get it? Why use it over for example Zen or Librewolf? It just seemed way to close to Firefox but like with a couple of preinstalled extensions. Idk, just wasn’t for me.

My browser(s) is just a tool. I use many browsers for different things. I wish there were good alternatives to the main browser engines (Gecko, Blink, WebKit), but I am fine with just using good derivative browsers like Librewolf, Mullvad, Cromite, etc.

Waterfox is Gecko. I still agree with the comment that mentions it is written by a right-winger. I rather root for Servo, especially because Ladybird is just another web engine written C. Memory safety vulnerabilities are the largest represented class of vulnerabilities discovered every year. Servo being fully written in Rust is a good thing for its security, as long as they also design a strong sandboxing/isolation strategy on all OS platforms.

It is only going to be disabled-by-default

One perk of being in this community is everyone is so fucking cute/pretty in their pictures. I can not take good pictures of myself.