You keep trying to shift this conversation into sandboxing. Of course, any form of sandboxing is going to add defense in depth to anything. It isn't of any particular relevance to this conversation.
You said:
> Unless you're going out of your way to run your browser in a container or dedicated VM on Linux, there are substantial risks associated with browsing the web in terms of exposing all of your information in /home, which might include ssh and pgp private keys, basically everything your user can access.
You're saying that there's this particular substantial risk in this particular OS, in this particular scenario. When I ask for any details that can back it up, you reply "All it takes is a browser exploit".
I would hope it would be self-evident that that is no reason to think that the particular risk you mentioned is real, or at least any more real than it is for any other OS, for any other app, or in any other circumstance.
My only interest in the comment was determining if the particular risk is real, but now it seems it was just FUD.
It's not FUD, that person is telling the truth. Don't interpret it the wrong way though. Browser exploits are a popular 0-day on any platform and it is indeed likely the security situation on other platforms is just as bad.
You said:
> Unless you're going out of your way to run your browser in a container or dedicated VM on Linux, there are substantial risks associated with browsing the web in terms of exposing all of your information in /home, which might include ssh and pgp private keys, basically everything your user can access.
You're saying that there's this particular substantial risk in this particular OS, in this particular scenario. When I ask for any details that can back it up, you reply "All it takes is a browser exploit".
I would hope it would be self-evident that that is no reason to think that the particular risk you mentioned is real, or at least any more real than it is for any other OS, for any other app, or in any other circumstance.
My only interest in the comment was determining if the particular risk is real, but now it seems it was just FUD.