I don’t like this but it’s gonna take more for me to switch. I am very happy with Firefox for my use-case and workflow it works really well. However I think they are shooting themselves in the foot by starting to take away some of the most crucial advantages with Firefox compared to Chrome. I mean if both are awful for privacy then why use Firefox?

I think you’re missing the context. We’re not talking servers here but desktops. Arch is typically used on desktop systems. The threats that face desktops and servers are not the same. Same goes for risk and potential damage. Also please provide a source if you’re trying to debunk “common misconception”.

Your comparison was with random exes on the most targeted, malware infested operating system out there.

Many eyes are always better than no eyes. I’m not saying you shouldn’t vet the code stop misinterpreting but no one knows or catches everything by themselves. That’s why security needs transparency. If it’s as insecure as you’re saying we would have way bigger problems but we don’t. AUR is not as safe as the Arch repository sure, but definitely safer than installing random exes on Windows. It’s a flawed comparison you’re making.

If you’re paranoid you should be on an immutable distro cause xz backdoor was in some official repos. Repo maintainers do not catch everything either it was just a mere coincidence someone caught it(again thanks to transparency & many eyes on code) before mass deployment. Installing anything with root access is a risk. Going online is a risk. But there are ways to mitigate risk. Some security you’re always gonna have to trade for convenience.

They want you to buy their new games. They also want you to be more likely to buy the old games again when they eventually do a sloppy re-release of the old games or tie it to increase the value of their subscription offerings. Basically to make more money.

Well there is far less malware on Linux tbf so comparison is not completely accurate. But same caution applies, try to vet and understand what you install. That part is also easier with the AUR as it’s transparent in the packagebuild what it does unlike random exes with closed source. It’s also a large community with many eyes on the code so unless it’s a package with few users then it’s gonna get caught pretty quickly.