Hello! I had been previously installing all of my applications, including browsers, through Flatpak. This is because they have some level of sand-boxing which can be manually configured with overrides, whether graphically or through “flatpak override”. However, I have learned that these sand-boxin…

Until flatpak supports Unprivileged User Namespaces, it is better to layer your browser.

Follow the recommendations on the website of whatever app you’re trying to obtain. I know Brave recommends using the native app over the Flatpak option for their browser

[image] Duck: So, what is the best way to install it? Avoid installing Chromium and Firefox based browsers as Flatpaks . [image] Duck: Whether you value sand-boxing between sites or sand-boxing from the browser and the operating system? By using a browser you must trust it, just as you…

I recommend check Installing tor browser on secureblue thread Edit: Typo

[image] Duck: I would like to use Mullvad browser for the better resistance to fingerprinting as recommended by Privacy Guides. So, what is the best way to install it? FWIW the fingerprinting differences of using the flatpak version have not yet been tested.

Well, Mullvad doesn’t even list Flatpak on their installation page ( Mullvad Browser for Linux ) and the Flatpak on Flathub ( https://flathub.org/en/apps/net.mullvad.MullvadBrowser ) isn’t official, so it is likely safe to say they recommend installing it as an RPM. I do wonder, however, if I should la…

I agree we must trust our software at least mostly, but if trust it all completely, would there be no point in sand-boxing? But yes, it seems that being more vulnerable to websites is more of a concern.

I was asking specifically about security, but I now realize fingerprinting could even be an issue! I am now leaning more towards layering the browser, though I am not yet fully convinced. By the way, as a developer of LibreWolf, what would you recommend? I know there is an official Flatpak ( https:/…

Bonus question: Does most security concerns go away if we globally disable JavaScript?

Thank you, but now I realize my setup brings more complication. My operating system (secureblue) globally disables user namespaces except for the included browser (Trivalent) and Flatpaks. If this is the case, I suppose whether or not I use Flatpak won’t matter as the namespaces are disabled anyway…

[image] Duck: Although if Flatpak starts to support the unprivileged user namespaces like you say, that would be even better, right? Yes, depending on how strict the settings are set for the flatpak. [image] Duck: Also, if we disable JavaScript, should we care very much about browser san…

Is it best (for security) to install browsers via Flatpak or via a distribution's repositories on Linux?

Questions

any1 May 3, 2026, 6:05pm 12

Yes, depending on how strict the settings are set for the flatpak.

While JavaScript, especially JIT, is a big attack surface, you should still care about sandboxing, since there are still possible exploits in other components of the browser.

Topic		Replies	Views
Correct way to install browsers on Linux securely? Questions software	19	3003	April 29, 2025
Flatpaks and browsers Questions please-eli5	2	446	January 27, 2026
Most secure browsers for things like bank logins Questions	5	2528	June 17, 2025
Don't link to Brave's Flatpak (Desktop Browsers) Site Development	4	1610	April 26, 2025
How secure is the Mullvad Browser, because Privacy ≠ Security Questions browsers	31	6100	January 10, 2025

Is it best (for security) to install browsers via Flatpak or via a distribution's repositories on Linux?

Related topics