Sooo: their phone is way less secure than a Google Pixel, their OS is paid but possibly less secure than GrapheneOS as they need to remove features like Memory Tagging that is only available on Pixels.
Hell I dont even know if they have a secure element.
If you mean that extension, that doesnt work. It downloads a separate firefox binary and creates a separate profile for each app with customized CSS.
It is very nice and I will try to recreate it using Librewolf Flatpak, but I wouldnt (and cant) use that app currently, as my system hard hardened_malloc as memory allocator which breaks Firefox. Either compile it with a custom parameter or use the flatpak and remove that env variable.
I dont get the "alt" do you want CentOS (which doesnt exist, but I think Stream is better anyways) or Fedora?
Run Davinci resolve in a container, no internet access maybe, fixed dependencies that dont update. Ublue has a container image that you can run with podman.
Havent used Vivaldi in some time. Have a look at floorp but of course they dont have all the addons vivaldi has like notes and stuff.
And yes, regular FF is simply a "just works" browser but with lots of stupid bloat. Librewolf is actually great as they have a modern CI/CD build pipeline and do all the hardening for you, its more sustainable and secure to share effords.
I recommend Fedora Kinoite or Silverblue. These are Systems built differently, they have an immutable core that is not changed and is thus very stable. You can add and remove packages, which will only be applied after a reboot, and in general keep this as minimal as possible.
You can easily reset your system to be running again.
As a mac user I recommend to use GNOME, maybe with dash-to-panel, so use Silverblue which is Fedoras "atomic" version of GNOME.
After installation you may want to rebase to ublue and their silverblue-main image to get more goodies.
Install a distrobox with ubuntu or fedora, install pipx there and whatever IDE etc. you need.
distrobox create -i (press tab to get the image list) Dev
distrobox enter Dev
# add some repositories for pycharm and more
sudo dnf install fedora-workstation-repositories
# add repo for VS Codium (FOSS version of VSCODE)
sudo rpmkeys --import https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/-/raw/master/pub.gpg
printf "[gitlab.com_paulcarroty_vscodium_repo]\nname=download.vscodium.com\nbaseurl=https://download.vscodium.com/rpms/\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/-/raw/master/pub.gpg\nmetadata_expire=1h" | sudo tee -a /etc/yum.repos.d/vscodium.repo
sudo dnf install -y pipx pycharm thonny codium whatever
# export the apps so they appear in your app drawer
distrobox-export --app pycharm
distrobox-export --app thonny
distrobox-export --app codium
Explanation: Distrobox uses a Podman container, and allows to install a "separate linux distro" in there. This will be very minimal version and you can do crazy things there and your base OS will not be touched.
That way you can install Ubuntu, Debian, Fedora, Arch/AUR, Opensuse and more apps.
Using the "export" function the graphical apps will appear in your app drawer and work perfectly fine. Be sure do do a distrobox upgrade --all once in a while.
The experience is really painfree.
On the main OS, get your rest apps as Flatpaks which are sandboxed like on Android, work very well, are up to date and also dont touch your base system.
Updates go in the background without you noticing, once you reboot you are on your updated system. If an update broke something, do rpm-ostree rollback and stay on that version. If you do something crazy like adding a ton of apps to the base OS, do a sudo ostree admin pin 0 to always save the currently used system as a backup.
It is way better than Windows, not sure about MacOS but it is for sure way more free. If you want a well working, elegant and simple desktop, GNOME / Fedora Silverblue is a very good option.
Iceraven is a mess. Their extension list is totally random, has tons of duplicates and fundamentally incompatible ones. I went through all of them and tested them and reported what was broken and what was missing.
That alone is enough to convince me not to use their browser. Mull is based.
Aaah that Apostrophy OS thing.
Sooo: their phone is way less secure than a Google Pixel, their OS is paid but possibly less secure than GrapheneOS as they need to remove features like Memory Tagging that is only available on Pixels.
Hell I dont even know if they have a secure element.
Until we get Sourcecode I wouldnt trust them.