It’s better to avoid re-encoding as it lose quality.

While it’s a good thing to avoid WhatsApp there is no way to know if Signal is safe from Graphite, they used to claim to be able to target it.

Sadly Firefox has no tab sandboxing on mobile so yeah, it is less secure.

And while I agree the Brave company is shady, the browser has good security features.

I’ve had NixOS absolutely refuse to run some compiler toolchain I depended upon that should’ve been dead simple on other distros, I’m really hesitant to try anything that tries to be too different anymore.

Yes, some toolchain expect you to run pre-compiled dynamically linked binaries. These won’t work on NixOS, you need to either find a way to install the binary from nix and force the toolchain to use it or run patchelf on it somehow.

if it’s being read from, it can be written to.

Why would being able to read imply being able to write?

Having an extra step or two in the way doesn’t make it “extremely secure”.

Well it can greatly improve security by preventing a compromised app to achieve persistence.

Fuzzy finding really shine for this use case, no need for a mouse.

No one is saying Chrome is the ethical choice, why are you reducing this to a 2 options choice?