Firefox with uBlock Origin should always be your starting point.
Except Firefox is not secure on Android.
Avoid Gecko-based browsers like Firefox as they’re currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn’t have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API.
I’m not on Debian, but a quick search led me to this wiki link from Arch. Give it a whirl:
https://wiki.archlinux.org/title/GDM#Hide_user_from_login_list
Edit: context of the Arch wiki link, in case better answers can be gleaned from it, I found it on AskUbuntu: https://askubuntu.com/questions/2471/how-to-hide-users-from-the-gdm-login-screen