[LinuxBender]

The advantage is that no other accounts including root can get chatty without my knowledge. i.e. telemetry of an OS gets added without my knowledge at least not leaking out of service accounts or root. I can also log when such things are added and notify the internet.

My account can still talk out so I have to firejail the browser and limit what directories, files and devices it can access. Those violations are also logged and I can tell the internet if the browser has been compromised. I can also log what applications are talking from my account beyond that of the browser. It is also easier to spot when something is talking and I did not request it to. watch+ss, iftop, etc... There are tools that get more granular such as OpenSnitch but I don't bother unless I start to see shenanigans. Firejail also removes network access for most applications that need not talk to the network and addresses most things that malware would try to access should it be able to run in the browser.

To stay off the janky sites I just mirror them with archive.org and archive.is so that others may take advantage of the de-fanged javascript snapshot.

All of that said this is not bullet-proof or idiot-proof but it's the maximum risk I accept for my browsing habits. I can always ratchet things down such as changing options in arkenfox custom user.js to further restrict browser capabilities. For now it's sufficient for my needs.