To add some points, that I do:

• Proper logging: So I could realize something unusual is going on
• rootless podman container: harder to escalate privileges and gain root
• Apparmor: same, plus it could trigger suspicious log entries

If a firefox add-on is okay: Brief

Is this “Don’t be evil!”?