Not entirely true. There is other sandbox software out there (such as firejail, distrobox, docker, chroot, any VM products, etc) although they should also be cautious about claiming to be more secure. Flatpak, however, is not considered a sandbox by some.

Care to explain?

If your distro doesn’t work unless you use Flatpaks, then stick to flatpaks ig. Its your system.

There are quite a few reasons to avoid flatpaks tbh.

• You have no control over the dependencies. A flatpack can include a very old dependency and there is nothing you can do about it. You are at the mercy of the developer.

• Many Flatpak applications available on flathub are not effectively sandboxed by default. Do not rely on the provided process isolation without first reviewing the related flatpak permission manifest for common sandbox escape issues.

• Running untrusted code is never safe; sandboxing cannot change this. It can be a false sense of security.

• It is generally not a good idea to run unattended updates via systemd, as the applications can get new permissions without the user aware of the changes. See this blogpost for examples

• Flatpak does not run on the linux-hardened kernel unless you do additional kernel modifications that could have negative security implications.

What are the benefits of flatpacks? Like why not just install the actual Tor browser on your system? The one that is released and maintained by The Tor Project?

[edit] Looks like the Tor Project does support this flatpack. Im a silly goose.

Wow! I wish I could learn from copyrighted materials as freely as OpenAI!

Get fucked, advertisers.