Bumps to v68-beta5

> Closes #9.

LICENSE

@@ -1,5 +1,7 @@
 MIT License
 
+Copyright (c) 2019-2020 HorlogeSkynet
+Copyright (c) 2019      dngray
 Copyright (c) 2019      ghacksuserjs
 
 Permission is hereby granted, free of charge, to any person obtaining a copy

README.md

@@ -4,22 +4,29 @@
 
 ### :large_blue_diamond: user.js
 
-An `user.js` is a configuration file that can control hundreds of Thunderbird settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/HorlogeSkynet/thunderbird-user.js/wiki/1.1-Overview) wiki page.
+An `user.js` is a configuration file that can control hundreds of Thunderbird settings.  
+For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/HorlogeSkynet/thunderbird-user.js/wiki/1.1-Overview) Wiki page.
 
 ### :large_blue_diamond: thunderbird user.js
 
-The Thunderbird `user.js` is a **template** which aims to provide as much privacy and enhanced security as possible. It differs from the `ghacks user.js` in that the focus is to keep Thunderbird as an **email client** and disable as many web browsing features as possible. We believe web browsing should be done in a web browser, and not an email client.
+The Thunderbird `user.js` is a **template** which aims to provide as much privacy and enhanced security as possible.  
+It differs from the `ghacks user.js` in that the focus is to keep Thunderbird as an **email client** and disable as many web browsing features as possible. We believe web browsing should be done in a web browser, and not an email client.
 
-- If you're using Thunderbird with Tor we suggest that you install the [TorBirdy](https://addons.thunderbird.net/addon/torbirdy) addon. If you are using Tor, you should also consider using [Tails](https://tails.boum.org/) or [Whonix](https://www.whonix.org/).
+- If you're using Thunderbird with Tor we suggest that you install the [TorBirdy](https://addons.thunderbird.net/addon/torbirdy) add-on. If you are using Tor, you should also consider using [Tails](https://tails.boum.org/) or [Whonix](https://www.whonix.org/).
 - If you're a **Gmail** user see [this article about OAuth2](https://github.com/HorlogeSkynet/thunderbird-user.js/wiki/3.1-OAuth2-Users).
-- For information about [extensions](https://github.com/HorlogeSkynet/thunderbird-user.js/wiki/4.1-Extensions), see the wiki. **Calendar** users should [see this page](https://github.com/HorlogeSkynet/thunderbird-user.js/wiki/4.1.1-Calendar).
+- For information about [extensions](https://github.com/HorlogeSkynet/thunderbird-user.js/wiki/4.1-Extensions), see the Wiki. **Calendar** users should [see this page](https://github.com/HorlogeSkynet/thunderbird-user.js/wiki/4.1.1-Calendar).
 
 Also be aware that this `user.js` is made specifically for Thunderbird and has only been tested in the latest stable release.
 
-### :large_blue_diamond: acknowledgments
+### :large_blue_diamond: Acknowledgments
 
 * [tya99](https://github.com/tya99) most of the ground work and initial port from the Firefox version of [ghacks user.js](https://github.com/ghacksuserjs/ghacks-user.js)
 * [dngray](https://github.com/dngray) continual maintenance and Wiki
 * [HorlogeSkynet](https://github.com/HorlogeSkynet) continual maintenance
 
+### :large_blue_diamond: Related Projects
+
+* [CHEF-KOCH/TBCK](https://github.com/CHEF-KOCH/TBCK)
+* [Privacy Handbuch](https://www.privacy-handbuch.de/handbuch_31d.htm)
+
 ### :large_blue_diamond: [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

user.js

@@ -1,7 +1,7 @@
 /******
 * name: ghacks thunderbird user.js
-* date: 24 November 2019
-* version v68.0-beta: "Knock on Pants"
+* date: 1 May 2020
+* version v68.0-beta5: "Knock on Pants"
 * authors: v52+ github | v51- www.ghacks.net
 * url: https://github.com/HorlogeSkynet/thunderbird-user.js
 * license: MIT (https://github.com/HorlogeSkynet/thunderbird-user.js/blob/master/LICENSE)
@@ -18,6 +18,17 @@
     * Auto-installing updates for Thunderbird and extensions are disabled (section 0302's)
     * Real time binary checks with Google services are disabled (section 0414's)
     * Browsing related technologies, and JavaScript disabled. Use your web browser for browsing.
+    * You will need to make changes, and to troubleshoot at times (choose wisely, there is always a trade-off).
+       While not 100% definitive, search for "[SETUP". If required, add each pref to your overrides section at
+       default values (or comment them out and reset them in about:config). Here are the main ones:
+        [SETUP-INSTALL] if you experience any issue during Thunderbird setting up, read it
+        [SETUP-FEATURE] if you miss some (expected) Thunderbird features, read it
+       [SETUP-SECURITY] it's one item, read it
+            [SETUP-WEB] can cause some websites to break
+         [SETUP-CHROME] changes how Thunderbird itself behaves (i.e. NOT directly website related)
+           [SETUP-PERF] may impact performance
+         [SETUP-HARDEN] maybe you should consider using the Tor Browser
+    * [WARNING] tags are extra special and used sparingly, so heed them
   4. BACKUP your profile folder before implementing (and/or test in a new/cloned profile)
   5. KEEP UP TO DATE: https://github.com/HorlogeSkynet/thunderbird-user.js/wiki#small_orange_diamond-maintenance
 
@@ -118,7 +129,7 @@ user_pref("intl.regional_prefs.use_os_locales", false);
 user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!");
 /* 0301b: disable auto-CHECKING for extension and theme updates ***/
    // user_pref("extensions.update.enabled", false);
-/* 0302a: disable auto-INSTALLING Firefox updates [NON-WINDOWS FF65+]
+/* 0302a: disable auto-INSTALLING Thunderbird updates [SETUP-INSTALL] [NON-WINDOWS FF65+]
  * [NOTE] In FF65+ on Windows this SETTING (below) is now stored in a file and the pref was removed
  * [SETTING] General>Firefox Updates>Check for updates but let you choose... ***/
 user_pref("app.update.auto", false);
@@ -140,16 +151,18 @@ user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF]
 user_pref("extensions.htmlaboutaddons.recommendations.enabled", false);
 user_pref("extensions.webservice.discoverURL", "");
 /* 0330: disable telemetry
- * the pref (.unified) affects the behaviour of the pref (.enabled)
+ * the pref (.unified) affects the behavior of the pref (.enabled)
  * IF unified=false then .enabled controls the telemetry module
  * IF unified=true then .enabled ONLY controls whether to record extended data
- * so make sure to have both set as false
+ * so make sure to have both set as false.
+ * Restoring prompted=0 would make TB ask you on fresh install.
  * [NOTE] FF58+ `toolkit.telemetry.enabled` is now LOCKED to reflect prerelease
- * or release builds (true and false respectively), see [2]
+ * or release builds (true and false respectively), see [2].
  * [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html
  * [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/
 user_pref("toolkit.telemetry.unified", false);
 user_pref("toolkit.telemetry.enabled", false); // see [NOTE] above FF58+
+user_pref("toolkit.telemetry.prompted", 2);
 user_pref("toolkit.telemetry.server", "data:,");
 user_pref("toolkit.telemetry.archive.enabled", false);
 user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [FF55+]
@@ -522,8 +535,9 @@ user_pref("security.family_safety.mode", 0);
    // user_pref("security.nocertdb", true); // [HIDDEN PREF]
 /* 1223: enforce strict pinning
  * PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict
- * [WARNING] If you rely on an AV (antivirus) to protect your web browsing
- * by inspecting ALL your web traffic, then leave at current default=1
+ * [SETUP-INSTALL] If you rely on an AV (anti-virus) to protect your web browsing
+ * by inspecting ALL your web traffic, then leave at current 1 (default).
+ * [NOTE] It needs to be set to 1 when connecting to the ProtonMail's Bridge for the first time.
  * [1] https://trac.torproject.org/projects/tor/ticket/16206 ***/
 user_pref("security.cert_pinning.enforcement_level", 2);
 
@@ -587,13 +601,13 @@ user_pref("browser.display.use_document_fonts", 0);
 /* 1403: disable icon fonts (glyphs) and local fallback rendering
  * [1] https://bugzilla.mozilla.org/789788
  * [2] https://trac.torproject.org/projects/tor/ticket/8455 ***/
-   // user_pref("gfx.downloadable_fonts.enabled", false); // [FF41+]
-   // user_pref("gfx.downloadable_fonts.fallback_delay", -1);
+user_pref("gfx.downloadable_fonts.enabled", false); // [FF41+]
+user_pref("gfx.downloadable_fonts.fallback_delay", -1);
 /* 1404: disable rendering of SVG OpenType fonts
  * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/
 user_pref("gfx.font_rendering.opentype_svg.enabled", false);
 /* 1405: disable WOFF2 (Web Open Font Format) [FF35+] ***/
-   // user_pref("gfx.downloadable_fonts.woff2.enabled", false);
+user_pref("gfx.downloadable_fonts.woff2.enabled", false);
 /* 1408: disable graphite which FF49 turned back on by default
  * In the past it had security issues. Update: This continues to be the case, see [1]
  * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/
@@ -619,7 +633,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false);
 user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!");
 /* 1601: ALL: control when images/links send a referer
  * 0=never, 1=send only when links are clicked, 2=for links and images (default) ***/
-   // user_pref("network.http.sendRefererHeader", 2); // [DEFAULT: 2]
+user_pref("network.http.sendRefererHeader", 0); // [DEFAULT: 2]
 /* 1602: ALL: control the amount of information to send
  * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
    // user_pref("network.http.referer.trimmingPolicy", 0); // [DEFAULT: 0]
@@ -640,8 +654,8 @@ user_pref("network.http.referer.XOriginTrimmingPolicy", 0); // [DEFAULT: 0]
  * [1] https://www.w3.org/TR/referrer-policy/
  * [2] https://developer.mozilla.org/docs/Web/HTTP/Headers/Referrer-Policy
  * [3] https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/ ***/
-   // user_pref("network.http.referer.defaultPolicy", 3); // [DEFAULT: 3]
-   // user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2]
+user_pref("network.http.referer.defaultPolicy", 0); // [DEFAULT: 3]
+user_pref("network.http.referer.defaultPolicy.pbmode", 0); // [DEFAULT: 2]
 /* 1610: ALL: enable the DNT (Do Not Track) HTTP header
  * [NOTE] DNT is enforced with Tracking Protection regardless of this pref
  * [SETTING] Privacy & Security>Content Blocking>Send websites a "Do Not Track"... ***/
@@ -948,7 +962,7 @@ user_pref("security.dialog_enable_delay", 700);
      accessible to websites except shared/service workers where the cookie setting *must* be "Allow"
 ***/
 user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!");
-/* 2701: disable 3rd-party cookies and site-data [SETUP-WEB]
+/* 2701: disable cookies and site-data [SETUP-WEB]
  * 0=Accept cookies and site data (default), 1=(Block) All third-party cookies, 2=(Block) All cookies,
  * 3=(Block) Cookies from unvisited sites, 4=(Block) Third-party trackers (FF63+)
  * [NOTE] Value 4 is tied to the Tracking Protection lists
@@ -958,7 +972,7 @@ user_pref("network.cookie.cookieBehavior", 2);
 /* 2710: disable DOM (Document Object Model) Storage
  * [WARNING] This will break a LOT of sites' functionality AND extensions!
  * You are better off using an extension for more granular control ***/
-   // user_pref("dom.storage.enabled", false);
+user_pref("dom.storage.enabled", false);
 /* 2720: enforce IndexedDB (IDB) as enabled
  * IDB is required for extensions and Firefox internals (even before FF63 in [1])
  * To control *website* IDB data, control allowing cookies and service workers, or use
@@ -984,7 +998,7 @@ user_pref("offline-apps.allow_by_default", false);
  * [1] https://developer.mozilla.org/docs/Web/API/StorageManager
  * [2] https://developer.mozilla.org/docs/Web/API/Storage_API
  * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/
-   // user_pref("dom.storageManager.enabled", false);
+user_pref("dom.storageManager.enabled", false);
 /* 2755: disable Storage Access API [FF65+]
  * [1] https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API ***/
    // user_pref("dom.storage_access.enabled", false); // [DEFAULT: false]
@@ -1290,10 +1304,10 @@ user_pref("mail.identity.id1.header.InReplyTo", "");
 user_pref("_user.js.parrot", "6000 syntax error: this parrot is blind!");
 
 /** AUTO CONFIG ***/
-/* 6001: Disable autoconfiguration
- * These options disable autoconfiguration of mail server settings in Thunderbird.
+/* 6001: Disable auto-configuration
+ * [SETUP-INSTALL] These options disable auto-configuration of mail servers in Thunderbird.
  * Such settings require a query to Mozilla which could have privacy implications
- * if the user wishes to keep the existance of the provider private
+ * if the user wishes to keep the existence of the mail provider private.
  * [1] https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration ***/
 user_pref("mailnews.auto_config.guess.enabled", false);
 user_pref("mailnews.auto_config.fetchFromISP.enabled", false);
@@ -1336,9 +1350,10 @@ user_pref("mailnews.headers.showUserAgent", false);
  * score. ***/
 user_pref("mail.smtpserver.default.hello_argument", "[127.0.0.1]");
 /* 6007: Displayed dates and times
- * When your e-mail program displays the e-mail's date and time, it normally converts them to your
- * time zone. If your computer's time zone settings are wrong, then you will see the wrong time
- * (and possibly the wrong date). To turn this conversion off, you can use a preference setting.
+ * [SETUP-INSTALL] When your e-mail program displays the e-mail's date and time, it normally
+ * converts them to your time zone. If your computer's time zone settings are wrong, then you will
+ * see the wrong time (and possibly the wrong date).
+ * To turn this conversion off, you can use a preference setting.
  * It affects the headers that you see in e-mails that you open or preview, but it does not affect
  * the Date column in folders.
  * [1] http://kb.mozillazine.org/Time_and_time_zone_settings
@@ -1352,11 +1367,11 @@ user_pref("mailnews.display.date_senders_timezone", false);
  * to make Thunderbird show the time when the message arrived on your mail server, based on the
  * "Received" header. Set the following preference. New messages will show the time the message
  * was received, rather than when it was sent. ***/
-user_pref("mailnews.use_received_date", "true");
+   // user_pref("mailnews.use_received_date", true);
 
 /** ADDRESS BOOK ***/
 /* 6007: Address book collection
- * Disable address book email collection
+ * [SETUP-FEATURE] Disable address book email collection
  * Consider using https://addons.thunderbird.net/addon/cardbook instead ***/
 user_pref("mail.collect_addressbook", false);
 user_pref("mail.collect_email_address_outgoing", false);
@@ -1383,7 +1398,7 @@ user_pref("mailnews.send_default_charset", "UTF-8");
 user_pref("mailnews.reply_in_default_charset", true);
 
 /** COMPOSITION ***/
-/* 6105: Check spelling before sending
+/* 6105: Check spelling before sending [SETUP-FEATURE]
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=667133 ***/
 user_pref("mail.SpellCheckBeforeSend", false);
 /* 6106: Never send HTML only emails. (0=Ask, 1=Send as plain text, 2=Send as HTML anyway,
@@ -1392,8 +1407,8 @@ user_pref("mail.SpellCheckBeforeSend", false);
  * [1] https://drewdevault.com/2016/04/11/Please-use-text-plain-for-emails.html
  * [SETTING] Edit > Preferences > Send Options > Send the message in both plain text and HTML ***/
 user_pref("mail.default_html_action", 3);
-/* 6107: Send email in plaintext unless expressly overidden.
- * Sometimes HTML is useful especially when used with Markdown Here
+/* 6107: Send email in plaintext unless expressly overridden.
+ * [SETUP-FEATURE] Sometimes HTML is useful especially when used with Markdown Here
  * [NOTE] Holding down shift when you click on "Write" will bypass
  * [1] http://kb.mozillazine.org/Plain_text_e-mail_%28Thunderbird%29
  * [2] https://support.mozilla.org/en-US/questions/1004181
@@ -1401,7 +1416,7 @@ user_pref("mail.default_html_action", 3);
 user_pref("mail.html_compose", false);
 user_pref("mail.identity.default.compose_html", false);
 /* 6108: Downgrade email to plaintext by default
- * Only use HTML email if you need it, see above
+ * [SETUP-FEATURE] Only use HTML email if you need it, see above
  * [SETTING] Edit > Preferences > Composition > Send Options > Send messages as plain-text if possible ***/
 user_pref("mailnews.sendformat.auto_downgrade", false);
 /* 6109: What classes can process incoming data.
@@ -1419,13 +1434,13 @@ user_pref("mailnews.display.disallow_mime_handlers", 0);
  * [2] https://hg.mozilla.org/comm-central/rev/c1ef44a22eb2
  * [3] https://www.bucksch.org/1/projects/mozilla/108153/ ***/
 user_pref("mailnews.display.html_as", 3);
-/* 6111: Prefer to view as plaintext or html
+/* 6111: Prefer to view as plaintext or html [SETUP-FEATURE]
  * true=Display a message as plain text when there is both a HTML and a plain
  * text version of a message body
  * false=Display a message as HTML when there is both a HTML and a plain text
  * version of a message body. (default) ***/
 user_pref("mailnews.display.prefer_plaintext", false);
-/* 6112: Inline attachments
+/* 6112: Inline attachments [SETUP-FEATURE]
  * true=Show inlinable attachments (text, images, messages) after the message.
  * false=Do not display any attachments with the message ***/
 user_pref("mail.inline_attachments", false);
@@ -1477,7 +1492,13 @@ user_pref("purple.conversations.im.send_typing", false);
    // user_pref("messenger.startup.action", 0);
 
 /** CALENDAR ***/
-/* 6206: Disable calendar integration ***/
+/* 6206: Disable calendar integration
+  * [SETUP-FEATURE] Lightning calendar add-on is integrated in Thunderbird 38 and later.
+  * Keeping this preference false allows us to properly show the opt-in/opt-out dialog
+  * on new profiles fresh start, see [3].
+  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=401779
+  * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1130854
+  * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1130852 ***/
 user_pref("mail.calendar-integration.opt-out", false);
 /* 6207: Set user agent for calendar ***/
 user_pref("calendar.useragent.extra", "");