[jl6]

Doesn’t help if the exfiltration only occurs monthly and you only monitored for a week, or if there’s something locally malicious, or if side channels are involved, or if it’s manipulating data sent to legitimate sites (e.g. instructions to your bank, while logged in as you).

[GhettoComputers]

Keep it on, you can keep a firewall on, locally malicious files can be seen on your machine and if they aren't transmitted what is the worry?

If its manipulating data sent to legitimate sites you'd notice while you used it. These concerns aren't absent in other official browsers either.

[jl6]

Quite right that these concerns apply to any software, but they are significantly mitigated by sourcing software from organizations you trust.

There’s no way I would be able to spot the operation of malware-masquerading-as-browser without committing totally to a forensic examination of every system call it makes. Imagine how much attention you’d have to pay to stop it capturing your bank credentials and then making transactions in an invisible tab (the browser doesn’t have to render a site in order to interact with it).

[GhettoComputers]

But trust is just assumed and not a real security measure, trust just means you are not going to audit it.