GrapheneOS Their seccomp-bpf filter is not a complete sandbox and you are claiming to know their perspective when you do not.
I am referring to their positions in these threads, especially the comments of Gian-Carlo Pascutto (Mozilla):
GrapheneOS Flatpak packages for browsers have weaker internal sandboxing than traditional ones but you're wrong about what the differences are.
The way I understand it is that the native Firefox install has a multi-process architecture with content processes and other processes (like GPU, extension and so on). In the native version the parent process is basically unrestricted and confines the other processes, especially the important content/renderer type processes. It does this through secomp-bpf filters and unprivileged user namespaces
The latter in turn is used to set up different namespaces and chroots, depending on the process type to confine. If a process needs something from outside its own sandbox, it has to use IPC to request it. Because of the multi-process-architecture of FF, the sandbox for each process can be tailored to its process type (e.g. content process).
On the Flatpak version, it is different. Flatpak itself uses namespaces, chroots and secomp-bpf-filter for its own lax sandbox, which encompasses the app as a whole. It uses a secomp-bpf-filter for generic container types on Linux which blocks namespace and chroot creation inside of a flatpak app, because these syscalls would otherwise lead to easy escapes of flatpak's own generic sandbox. But since these syscalls are blocked, FF also can only use secomp-bpf-filters for its own processes and not chroots and namespaces anymore to confine its processes as it does on the non-flatpak version. So the namespaces and chroots around each process got replaced by a more generic flatpak sandbox encompassing the whole app. This leads to a less tailored and thus weaker sandboxing architecture, which neither protects sites, nor stored browser data, nor the system as a whole better than the native version.
Is my explanation correct? @GrapheneOS