If you want to use a web browser on reasonable secure way, you could use firejail:
https://wiki.archlinux.org/title/Firejail
It’s not as powerful as @qubesos but it’s well enough:
Eg.I run @librewolf with firejail using firefox profile:
firejail --x11=xephyr --xephyr-screen=1024x900 --net=wlan0 --seccomp --caps.drop=all --nonewprivs --noroot --profile=/etc/firejail/firefox.profile openbox --startup “librewolf”
you can set up a symlink and create your own librewolf profile for it.
why do you need a firefox profile when upstream firejail provides a librewolf one? On Artix (Arch, no systemd):
/etc/firejail/librewolf.profile
Also, one simple way to use firejail or firejail + apparmor, is to use firejail by default, and enable apparmor support with “Enable Apparmor globally in /etc/firejail/globals.local and disable as needed through the use of ignore apparmor in /etc/firejail/ProgramName.local”, so not a complex thing, if one takes a look at firejail and apparmor wikies in general.
@somenxavier@mathstodon.xyz do you happen to know ho to disable that librewolf can only download to wherever the xdg download directory is set? I have specific places, not under such directory, where I download certain things as receipts, bank stuff, and so on…
kde has a GUI in system settings for firejail/firewalld
Web browsers have some of the most security out of any applications out there. What, specifically, is firejailing going to do?
Also if your goal is security rather than blanket privacy, Chromium browsers are better: https://madaidans-insecurities.github.io/firefox-chromium.html
@OsrsNeedsF2P perhaps what I achieve is not spying what I type and where my cursor is.
I will not enter to blame wars. But trusting in a very evil company is a bit ironic (don’t you remember when they scan open wifis with google maps cars?)