The majority of activists aren't going to be targeted by a 0-day. Most probably won't even be purposefully, directly targeted. They're more likely to have their data given/sold to the government as part of a larger batch (geo-fence, etc.). I would not recommend a Google product with that considered.
The activists that are legitimately, specifically targeted should probably be past the "101" series of infosec and not be using either without significant other considerations and protections.
My new line when people rebut this is just to ask: did the guide we're talking about lay this out, so that people could make up their own mind about whether their organization was likely to be targeted by federal law enforcement agencies, which license zero-day vulnerabilities and delivery platforms from 4-5 different providers, or instead by commercial telemetry?
Of course, none of them do, because the premise of that question is alien to them. It requires understanding that Firefox and Chrome have different runtime security postures, and to talk about that you have to be willing to push through a fogbank of people ideologically opposed to the idea that Chrome could be, at a technical level, better.
Your original comment sounded like (how I read it, at least) you think Chrome should be the default recommend in this (and similar) guides. Full stop, end of story.
This comment sounds like you think guides should be more nuanced regarding the specific threat model that is trying to be mitigated.
No, I think people should use Chrome. But my actual docket of security advice wasn't the point; my point was: if they got this wrong (and by suggesting that Firefox is a categorically better choice than Chrome, they have), what else did they get wrong?
As a security person, I have borne witness to many, many "which browser is really more secure?" or "has Firefox caught up to Chrome?" arguments. I have seen "you should use Chrome (or Chromium) no matter what" as responses; I have seen "it's complicated" as responses. I have never seen "you should use Firefox no matter what".
As a security person, I agree that this guide is not great. I agree with pretty much everything you've said. However, I disagree with your original comment that a recommendation in favor of Firefox means writing off a guide entirely.
But that's probably for some other time, I imagine we can leave it at agreeing "this guide is not great". I doubt it is good for my career to butt heads with the tptacek on a security topic.
I just think it's an interesting way to think about these things. There are a couple recommendations these kinds of guides recurringly make that are "tells" that the people writing it aren't, let's say, super engaged with the communities of expertise the recommendations are meant to be drawn from.
I learned last cycle not to waste too much energy red-penciling security guides; there will be more of them following this one. But I am interested in general rules of thumb for how to read any of them.
For what it's worth, I comment here worrying that 'saurik and 'comex and 'pbsd are at any moment about to hand me my ass. Wherever I am in the heirarchy, it's not close to the top.
The activists that are legitimately, specifically targeted should probably be past the "101" series of infosec and not be using either without significant other considerations and protections.