I'd meant smaller as in feature set, but I take your point.
IMO, using Gecko instead of WebView-- which is based on Chromium-- is a plus. Chrome itself gets some bad press for being invasiveness and anti-adblockiing. Yes, Mozilla Foundation has been getting too cozy with their advertiser handling and telemetry practices, but you can still disable those. They have a lot more credibility with me still than Google & Chrome/Chromium, who are first and foremost an advertising platform.
You've asked a similar question here before this post. Have you been naughty? :-)
At your uni, you probably have what's called a reasonable expectation to privacy-- the terms of use for accessing the computer and network facilities would be spelled out at your uni's IT website.
The information observed and reported on by their tools most likely amounts to what websites and services you looked up by name, and the IP addresses & ports you accessed while using their network. It will be things like start & stop times, protocol used, number of bytes transferred, and maybe some "flags" on the connection. Flags in this case are special markings on the data flow to give the network hints about how to hand that traffic most efficiently.
MS Office Online, Notion, Gmail, they all use secured HTTPS connections, so the content is secured between you and the remote service.
As long as you're not doing anything illegal or that severely violates the terms of use laid out by the University, nobody will even notice your traffic. Hack away.
Eduroam is just a network of RADIUS servers that cross-honor authentication among participating institutions. If your org participates in Eduroam, it means users from your org can connect to the eduroam WiFi SSID at other orgs, and vice-versa. It's helpful for traveling academics and visitors from other .edus
It's also frequently used to authenticate access to online resources like online libraries, journals, and research infrastructure. Useful for when schools collaborate on grant projects.
The eduroam service requires a CA certificate to validate the APs broadcasting eduroam's SSIDs are providing the real service. The issuer of that certificate isn't one of the well-known SSL certificate resellers, so it needs to be installed in your device's CA store, or configured in your 802.1x WPA supplicant. The protocol used is EAP-TLS, if you're curious.
So what can the hosting institution see? Not much, from an authentication standpoint. Transactionally, the hosting institution sees a username and org name in an outer transaction. An encrypted payload with your user credentials is then tunneled to your home org's servers which either validate or invalidate those credentials. If the home org validates, then the hosting org lets you connect.
Beyond that, the network admins can "see" whatever they can normally see when you're using someone else's infrastructure: your DNS queries, the application ports you use, a lot of encrypted SSL/HTTPS traffic, plus the contents of anything that isn't encrypted or sent over SSL.
Some orgs disallow tunneling traffic out when you're on their eduroam, so sometimes IPSec, SSH, Tor, and maybe even WireGuard are disallowed.
