I recommend Librewolf. It’s a privacy focused fork of firefox. They apply their own patches to every new firefox release so you always have the newest features of firefox minus the bloat.
Comes preinstalled with ublock-origin, no Telemetry, no Mozilla VPN, no pocket, no prompts to create a mozilla account, no ads on the start page, default search engine is ddg and deletes all cookies (exept for whitelisted sites) on launch.
Yes, you can have more narrow permissions, and the examples you listed are all valid and examples of apps with sensible permissions.
But since app developers can choose their apps permissions on their own, many apps have broad permissions like the access to the entire filesystem.
Some examples listed in the post:
GIMP, Gedit, VLC, Libreoffice, Audacity, VSCode, Dropbox and Skype
All of these have either the filesystem=home or filesystem=host permission, giving the app acess to basically everything and compromising security.
Flatpaks can have more narrow permissions but aren’t required to have narrow permissions. The post’s statement that many applications have broad permissions remains true.
Didn’t HEVC work by default for Years now?