

After a brief scroll through their source repo, I think it’s a set of patches which gets applied by a script while compiling the browser from source.
So it’s unlikely that it will be susceptible,
unless they forget to patch some telemetry out during a release, which is unlikely, since the projects goal is data privacy + security.
I get the sentiment,
however when the user base of a FOSS alternative grows beyond the closed source alternative, a switch can happen.
So it would be a good thing to have a FOSS alternative out there, which can accumulate a user base over time.
Without any alternatives being developed,
a switch can never happen.