Not sure, it’ll be for notifications functionality when the GUI is closed but I’m unsure practically if Firefox uses this.
- Detect network devices using mDNS/DNS-SD
You’ll break WebRTC functionality with your local network, so that applications such as Discord; which might be able to establish a P2P connection within your NAT, will instead be forced to establish this through the public internet increasing latency and exposing data unnecessarily.
If you don’t use these types of apps or have other devices, you might not ever notice.
This one needs context of the actual files its giving access to as it’s not pre-defined. For Firefox, I know that one of them is for /etc/firefox
which enables the system administrator to set policies at a system level. You’d break this but perhaps more.
This can probably be turned off, it allows Firefox to access the users host gsettings (system configuration akin to the Windows Registry) . However, the underlying packages I believe work differently if they detect they’re in a snap anyway so this MIGHT be safe to remove but I’m unsure fully how much you’re risking.
- Access hardware information
You’ll want to keep this available so that Firefox can enable quirks for stuff like GPU drivers, as well as potentially detecting peripherals.
, possibly safe to remove but I can’t think of hypothetical cases for it.
Likely to help with efficiency of background tabs and services, but similar to the above.
You absolute could remove this, but you’d be forcing everything to run on the CPU, including video acceleration, and would be effectively setting your browser performance back 15 years in doing so. All this does is let Firefox access your GPU.
Pretty safe to remove but pretty pointless to do so, some apt packages might install tutorials and documentation to your system. This provides Firefox the ability to open that documentation and avoid permission errors. These docs are literally copy and paste between every user and read only too. You might never notice not having it, but there’s basically nothing to lose in doing so.
- Read/write access to U2F devices exposed
If you have yubikeys and the like, keep this on. If you don’t, you can technically remove it. It’ll power WebAUTH API’s so would be silly to remove if you were using these peripherals, but if you’re not, you’ll probably never notice it. That said, it’s scoped to the point I’d say don’t bother too.
Putting background tabs to sleep & etc.
In effect, you technically can remove a fair few of these, but I also can’t see any that I’d say are worth bothering with.
This should be enabled by default, and would suggest someone at some point has changed it. The default installation in Ubuntu as well as the default setup when not included by default but installed everywhere should have this on by default.