Since this is my computer, and well maybe I enable a "Guest" user - but then we have used UID=0 and UID=100 - 'me'.
WMy proposal is to make 'me' a group - not "staff" and then I log in as 'me' with uid = 'me' - then let the applications - "LibreOffice" be given a 'uid' but they are in the same "group" as 'me'. The browsers must belong to the uid "Internet" - best specific per browser.
Then a "sandbox" can be made: "Firefox" has only access to its files, and must ask 'me' should I want to upload anything on the net, or receive anything.

Then "special users" can use uid 10 to say 50 - and 0 is used during boot only, 1 is for kernel and kernel ugrade.2 is for "system administrator" or "software manager" - not root. Let 11 be default uid for "root" and uid = 1 used only by the kernel modification, 2 for all software update. "Me" is 100 and can belong to GID=1 or GID = 11 - "Me" and GID for everyone else is higher.

This is using the GID and UID in a new way to secure the systems. These were intended for organisations where the same computer was used by thousands. Let us make a new suited definition, and change systems and obtain an enhanced security.