You raise an important issue around persistence of state.
The question isn't whether you need to recompile source, change config
files, download application plugins or set-up a bunch of check-boxes
in a nice GUI.
It's whether you can trust those settings to stick.
I've lost count of people telling me that phone settings I suggested
simply "reverted" or somehow turned themselves back on/off.
Even some Linux distros that use Snap alongside auto-updates etc are
really quite sneaky.
But to my mind web browsers (and I include all of them, Chrome,
Firefox or whatever) are utterly treacherous.
Any careful security stance requires constantly checking and
re-checking that policies are still in effect.
The question isn't whether you need to recompile source, change config files, download application plugins or set-up a bunch of check-boxes in a nice GUI.
It's whether you can trust those settings to stick.
I've lost count of people telling me that phone settings I suggested simply "reverted" or somehow turned themselves back on/off.
Even some Linux distros that use Snap alongside auto-updates etc are really quite sneaky.
But to my mind web browsers (and I include all of them, Chrome, Firefox or whatever) are utterly treacherous.
Any careful security stance requires constantly checking and re-checking that policies are still in effect.