[META] Bumps to v78.1

> see #17

.eslintrc.yml

@@ -0,0 +1,45 @@
+%YAML 1.2
+---
+
+root: true
+
+extends: 'eslint:recommended'
+
+globals:
+  # From <https://searchfox.org/mozilla-central/rev/c938c7416c633639a5c8ce4412be586eefb48005/modules/libpref/parser/src/lib.rs#296>
+  pref: true
+  user_pref: true
+  sticky: true
+  locked: true
+  sticky_pref: true
+
+rules:
+  # Expect a semicolon after each statement.
+  semi:
+    - "error"
+    - "always"
+    -
+      omitLastInOneLineBlock: false
+
+  # As internal code style, don't allow tabulation.
+  no-tabs: "error"
+  # ... nor trailing spaces !
+  no-trailing-spaces: "error"
+
+  # Expect only double-quoted strings.
+  quotes:
+    - "error"
+    - "double"
+
+  # Don't allow whitespace before semicolons.
+  semi-spacing:
+    - "error"
+    -
+      before: false
+
+  # Don't allow irregular whitespace characters in our sheet.
+  no-irregular-whitespace:
+    - "error"
+    -
+      skipStrings: false
+      skipComments: false

.github/FUNDING.yml

@@ -0,0 +1,4 @@
+# repo:     HorlogeSkynet/thunderbird-user.js
+# filename: FUNDING.YML
+
+liberapay: HorlogeSkynet

.github/ISSUE_TEMPLATE/bug.md

@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve Thunderbird User.JS
+title: "[BUG] "
+labels: 'bug'
+assignees: ''
+
+---
+
+**Describe the bug**
+<!-- A clear and concise description of what the bug is. -->
+
+
+**Expected behavior**
+<!-- A clear and concise description of what you expected to happen. -->
+
+
+**Screenshots**
+<!-- If applicable (i.e. graphical glitch), add screenshots to help explain your problem. -->
+
+
+**Environment**
+<!-- Please complete the following information: -->
+- Thunderbird version used (X.Y.Z) : 
+- `thunderbird user.js` template version used (X.Y or commit SHA) : 
+- Operating system and version : 
+- \[IF RELEVANT\] Graphical environment name and version : 
+
+
+**Additional context**
+<!-- If applicable, add any other context about the problem here. -->
+
+
+**Checklist**
+<!--- Put an `X` in all the boxes that apply : -->
+- [ ] I can confirm the bug is due to `thunderbird user.js` **template** and not an overridden preference nor an add-on ;
+- [ ] I have searched for `[SETUP-*]` tags and read them up ;
+- [ ] I have searched the GitHub project (issues and Wiki) for my issue.

.github/ISSUE_TEMPLATE/change_request.md

@@ -0,0 +1,30 @@
+---
+name: Change request
+about: Suggest a change for Thunderbird User.JS
+title: "[RFC] "
+labels: 'enhancement'
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+<!-- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->
+
+
+**List the concerned preferences**
+<!-- A clear and concise list of the preferences you want to add/remove/change. -->
+
+
+**Describe alternatives you've considered**
+<!-- A clear and concise description of any alternative solutions or features you've considered. -->
+
+
+**Additional context**
+<!-- Add any other context (Thunderbird version, OS, etc.) or screenshots about the feature request here. -->
+
+
+**Checklist**
+<!--- Put an `X` in all the boxes that apply : -->
+- [ ] I know `thunderbird user.js` is a **template** and personal preferences should be stored elsewhere ;
+- [ ] The change I want to propose should globally improve the `usability / ( privacy + security + anti-fingerprinting )` ratio ;
+- [ ] I agree that subsequent modifications to my change scope may occur in the future.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,28 @@
+<!--- Provide a general summary of your changes in the title above -->
+
+
+## Description
+<!--- Describe your changes in detail -->
+
+
+## Reason and / or context
+<!--- Why is this change required ? What problem does it solve ? -->
+<!--- If it fixes an open issue, please link to the issue here -->
+
+
+## How has this been tested ?
+<!--- Include details of your testing environment here -->
+
+
+## Types of changes :
+<!--- What types of changes does your code introduce ? Put an `X` in all the boxes that apply : -->
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] Typo / style fix (non-breaking change which improves readability)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to change)
+
+## Checklist :
+<!--- Put an `X` in all the boxes that apply : -->
+- [ ] My changes looks good ;
+- [ ] I agree that my code may be modified in the future ;
+- [ ] My code follows the code style of this project (see `.eslintrc.yml`).

.github/workflows/linting.yml

@@ -0,0 +1,17 @@
+---
+name: Linting
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    name: Run ESLint on user.js
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: actions/setup-node@v2
+
+      - run: npm install -g eslint
+      - run: eslint user.js

.travis.yml

@@ -1,8 +0,0 @@
-language: node_js
-node_js:
-  - 'node'
-
-before_script:
-  - npm install -g acorn
-script:
-  - acorn --silent user.js

LICENSE

@@ -1,8 +1,8 @@
 MIT License
 
-Copyright (c) 2019-2020 HorlogeSkynet
+Copyright (c) 2019-2021 HorlogeSkynet
 Copyright (c) 2019      dngray
-Copyright (c) 2019      ghacksuserjs
+Copyright (c) 2019      arkenfox [prev. ghacksuserjs]
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -35,6 +35,7 @@ Also be aware that this `user.js` is made specifically for Thunderbird and has o
 
 ### :blue_square: Related Projects
 
-* [~~CHEF-KOCH/TBCK~~](https://github.com/CHEF-KOCH/TBCK)
 * [Privacy Handbuch](https://www.privacy-handbuch.de/handbuch_31p.htm)
 * [Privacy Haters](http://r-36.net/scm/privacy-haters/file/README.md.html)
+* [12bytes.org's user-overrides.js](https://codeberg.org/12bytes.org/thunderbird-user.js-supplement)
+* ~~CHEF-KOCH/TBCK~~

user.js

@@ -1,15 +1,13 @@
 /******
 * name: thunderbird user.js
-* date: 1 November 2020
-* version: v78-beta1
-* authors: v52+ github | v51- www.ghacks.net
+* date: 14 December 2021
+* version: v78.1
 * url: https://github.com/HorlogeSkynet/thunderbird-user.js
 * license: MIT (https://github.com/HorlogeSkynet/thunderbird-user.js/blob/master/LICENSE)
 * releases: https://github.com/HorlogeSkynet/thunderbird-user.js/releases
 
 * README:
-  0. Consider using Tor, use TorBirdy as well.
-    * https://addons.thunderbird.net/addon/torbirdy
+  0. Consider using Tor
   1. READ the full README
     * https://github.com/HorlogeSkynet/thunderbird-user.js/blob/master/README.md
   2. READ this
@@ -208,6 +206,16 @@ user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [FF58+
 user_pref("mail.instrumentation.postUrl", "");
 user_pref("mail.instrumentation.askUser", false);
 user_pref("mail.instrumentation.userOptedIn", false);
+/* 0371: disable about:rights notification on fresh profiles
+ * When a profile is loaded for the first time, a bottom notification appears with a button
+ * showing "Know your rights...". If clicked, the _special_ page about:rights appears.
+ * When `mail.rights.override` is unset (default), Thunderbird falls-back on `mail.rights.version`
+ * value. If it's unset (default too) or lower than the current version, notification is displayed.
+ * false=always show the notification
+ * true=never show the notification
+ * [1] https://searchfox.org/comm-esr78/rev/384830b0570096c48770398060f87fbe556f6f01/mail/base/content/specialTabs.js#1218 ***/
+user_pref("mail.rights.override", true);  // [DEFAULT: unset]
+   // user_pref("mail.rights.version", 1)  // [DEFAULT: unset]
 /* 0390: disable Captive Portal detection
  * [1] https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy
  * [2] https://wiki.mozilla.org/Necko/CaptivePortal ***/
@@ -276,7 +284,7 @@ user_pref("browser.safebrowsing.downloads.remote.url", "");
      * Linux: "/usr/lib/firefox/browser/features" (or similar)
 
      [1] https://firefox-source-docs.mozilla.org/toolkit/mozapps/extensions/addon-manager/SystemAddons.html
-     [2] https://dxr.mozilla.org/mozilla-central/source/browser/extensions
+     [2] https://searchfox.org/mozilla-central/source/browser/extensions
 ***/
 user_pref("_user.js.parrot", "0500 syntax error: the parrot's cashed in 'is chips!");
 /* 0503: disable Normandy/Shield [FF60+]
@@ -326,6 +334,9 @@ user_pref("network.http.speculative-parallel-limit", 0);
  * [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/
 user_pref("browser.send_pings", false); // [DEFAULT: false]
 user_pref("browser.send_pings.require_same_host", true);
+/* 0610: don't refresh nor reload pages when tab/window is not active or in idle state
+ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=518805 ***/
+user_pref("browser.meta_refresh_when_inactive.disabled", true);
 
 /*** [SECTION 0700]: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/
 user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!");
@@ -892,12 +903,12 @@ user_pref("javascript.options.baselinejit", false);
  * [NOTE] In FF71+ this no longer affects extensions (1576254)
  * [1] https://developer.mozilla.org/docs/WebAssembly ***/
 user_pref("javascript.options.wasm", false);
-/* 2426: disable Intersection Observer API [FF55+]
- * [NOTE] Unlike arkenfox/user.js, we explicitly disable it
+/* 2426: disable Intersection Observer API [FF55+] [RESTART]
+ * [NOTE] Disabling it may break the error console (CTRL+SHIFT+J)
  * [1] https://developer.mozilla.org/docs/Web/API/Intersection_Observer_API
  * [2] https://w3c.github.io/IntersectionObserver/
  * [3] https://bugzilla.mozilla.org/1243846 ***/
-user_pref("dom.IntersectionObserver.enabled", false);
+   // user_pref("dom.IntersectionObserver.enabled", false);
 /* 2429: enable (limited but sufficient) window.opener protection [FF65+]
  * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/
 user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF78+]
@@ -1078,8 +1089,9 @@ user_pref("dom.storage.enabled", false);
 user_pref("browser.cache.offline.enable", false);
 /* 2740: disable service worker cache and cache storage
  * [NOTE] We clear service worker cache on exiting Firefox (see 2803)
+ * [NOTE] Unlike arkenfox/user.js, we explicitly disable it
  * [1] https://w3c.github.io/ServiceWorker/#privacy ***/
-    // user_pref("dom.caches.enabled", false);
+user_pref("dom.caches.enabled", false);
 /* 2750: disable Storage API [FF51+]
  * The API gives sites the ability to find out how much space they can use, how much
  * they are already using, and even control whether or not they need to be alerted
@@ -1100,7 +1112,7 @@ user_pref("dom.storageManager.enabled", false);
        Firefox interface as "Browsing & Download History" and their values will be synced
 ***/
 user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!");
-/* 2802: enable Thunderbird to clear items on shutdown (see 2803)
+/* 2802: enable Thunderbird to clear items on shutdown (see 2803) ***/
 user_pref("privacy.sanitize.sanitizeOnShutdown", true);
 /* 2803: set what items to clear on shutdown (if 2802 is true) [SETUP-CHROME]
  * [NOTE] If 'history' is true, downloads will also be cleared regardless of the value
@@ -1158,14 +1170,15 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out");
 user_pref("privacy.firstparty.isolate", true);
 /* 4002: enforce FPI restriction for window.opener [FF54+]
  * [NOTE] Setting this to false may reduce the breakage in 4001
+ * [NOTE] Unlike arkenfox/user.js, we explicitly set them
  * FF65+ blocks postMessage with targetOrigin "*" if originAttributes don't match. But
  * to reduce breakage it ignores the 1st-party domain (FPD) originAttribute. (see [2],[3])
  * The 2nd pref removes that limitation and will only allow communication if FPDs also match.
  * [1] https://bugzilla.mozilla.org/1319773#c22
  * [2] https://bugzilla.mozilla.org/1492607
  * [3] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage ***/
-   // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true]
-   // user_pref("privacy.firstparty.isolate.block_post_message", true); // [HIDDEN PREF ESR]
+user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true]
+user_pref("privacy.firstparty.isolate.block_post_message", true); // [HIDDEN PREF ESR]
 
 /*** [SECTION 4500]: RFP (RESIST FINGERPRINTING)
    This master switch will be used for a wide range of items, many of which will
@@ -1407,9 +1420,6 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!");
 /* UX BEHAVIOR ***/
    // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [DEFAULT: false on Linux]
    // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART]
-/* UX FEATURES: disable and hide the icons and menus ***/
-   // user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New [FF69+]
-   // user_pref("extensions.pocket.enabled", false); // Pocket Account [FF46+]
 /* OTHER ***/
    // user_pref("network.manage-offline-status", false); // see bugzilla 620472
    // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR)
@@ -1424,7 +1434,7 @@ user_pref("mail.identity.id1.header.InReplyTo", "");
 /*** [SECTION 6000]: THUNDERBIRD (AUTO CONFIG / UI / HEADERS / ADDRESS BOOK)
    Options general to Thunderbird's mail configuration and user interface
 
-   [1] https://dxr.mozilla.org/comm-release/
+   [1] https://searchfox.org/comm-esr78/source/
    [2] http://kb.mozillazine.org/Mail_and_news_settings
 ***/
 user_pref("_user.js.parrot", "6000 syntax error: this parrot is blind!");
@@ -1462,6 +1472,14 @@ user_pref("mail.cloud_files.inserted_urls.footer.link", "");
 user_pref("pref.privacy.disable_button.view_cookies", false);
 user_pref("pref.privacy.disable_button.cookie_exceptions", false);
 user_pref("pref.privacy.disable_button.view_passwords", false);
+/* 6014: Prevent access to emails until the master password is entered
+ * If a master password has been set, Thunderbird will prevent access to locally available emails
+ * until the secret is provided.
+ * This preference MAY mitigate risk due to intimate relationship threat in some cases (see [2])...
+ * [WARNING] This DOES NOT encrypt locally cached emails anyhow (poor man's application security)
+ * [1] https://support.mozilla.org/en-US/kb/protect-your-thunderbird-passwords-master-password
+ * [2] https://www.schneier.com/wp-content/uploads/2020/06/Privacy_Threats_in_Intimate_Relationships-1.pdf ***/
+user_pref("mail.password_protect_local_cache", true);  // [HIDDEN PREF]
 
 /** HEADERS ***/
 /* 6020:
@@ -1500,11 +1518,18 @@ user_pref("mailnews.display.date_senders_timezone", false);
    // user_pref("mailnews.use_received_date", true);
 
 /** ADDRESS BOOK ***/
-/* 6030: Address book collection
- * [SETUP-FEATURE] Disable address book email collection
- * Consider using https://addons.thunderbird.net/addon/cardbook instead ***/
-user_pref("mail.collect_addressbook", "");  // [DEFAULT: "jsaddrbook://history.sqlite"]
+/* 6030: Address book collection [SETUP-FEATURE]
+ * Disable Thunderbird internal address book email collection
+ * Consider using CardBook extension instead (https://addons.thunderbird.net/addon/cardbook/)
+ * [SETTING] Preferences>Composition>Addressing>Automatically add outgoing e-mail addresses...
+ * [SETTING][CARDBOOK] CardBook>Preferences>Email>Collect Outgoing Email ***/
+   // user_pref("mail.collect_addressbook", "jsaddrbook://history.sqlite");
 user_pref("mail.collect_email_address_outgoing", false);
+/* 6031: Only use email addresses, without their Display Names [CARDBOOK] [SETUP-FEATURE]
+ * By default, CardBook extension incorporates contacts display names in addresses fields.
+ * This could leak sensitive information to all recipients.
+ * [SETTING][CARDBOOK] CardBook>Preferences>Email>Sending Emails>Only use email addresses... ***/
+user_pref("extensions.cardbook.useOnlyEmail", true);
 
 /*** [SECTION 6100]: EMAIL COMPOSITION (ENCODING / FORMAT / VIEW)
    Options that relate to composition, formatting and viewing email
@@ -1591,7 +1616,7 @@ user_pref("mail.inline_attachments", false);
  * [2] http://forums.mozillazine.org/viewtopic.php?f=39&t=2949521 */
 user_pref("mail.compose.big_attachments.notify", true); // [DEFAULT: true]
 /* 6119: Set big attachment size to warn at */
-   // user_pref("mailnews.message_warning_size", 20971520); // DEFAULT size
+   // user_pref("mailnews.message_warning_size", 20971520); // [DEFAULT: 20971520]
 
 /** VIEW ***/
 /* 6130: Disable JavaScript
@@ -1618,7 +1643,7 @@ user_pref("permissions.default.image", 2);
 user_pref("_user.js.parrot", "6200 syntax error: this parrot is not tweeting!");
 
 /** CHAT ***/
-/* 6201: Disable chat functionality ***/
+/* 6201: Disable chat functionality [SETUP-FEATURE] ***/
 user_pref("mail.chat.enabled", false);
 /* 6202: Disable logging of group chats ***/
 user_pref("purple.logging.log_chats", false);
@@ -1632,6 +1657,8 @@ user_pref("purple.conversations.im.send_typing", false);
  * 0=Do not connect / show the account manager,
  * 1=Connect automatically. (Default) ***/
    // user_pref("messenger.startup.action", 0);
+/* 6207: When chat is enabled, do not report idle status ***/
+   // user_pref("messenger.status.reportIdle", false);
 
 /** CALENDAR ***/
 /* 6210: Disable calendar integration
@@ -1647,17 +1674,18 @@ user_pref("calendar.useragent.extra", "");
 /* 6212: Set calendar timezone to avoid system detection [SETUP-INSTALL]
  * By default, extensive system detection would be performed to find user's current timezone.
  * Setting this preference to "UTC" should disable it.
- * You may also directly set it to your timezone, i.e. "Pacific/Fakaofo" ***/
+ * You may also directly set it to your timezone, i.e. "Pacific/Fakaofo"
+ * [SETTING] Edit>Preferences>Calendar>Calendar>Timezone ***/
 user_pref("calendar.timezone.local", "UTC");  // [DEFAULT: ""]
 
 /** RSS ***/
-/* These features used not to do anything as they weren't implemented.
- * [1] https://dxr.mozilla.org/comm-release/source/mail/base/content/mailWindowOverlay.js#649
- * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=458606#c9 ***/
+/** These features don't actually do anything as they aren't implemented
+ * [1] https://searchfox.org/comm-esr78/rev/384830b0570096c48770398060f87fbe556f6f01/mail/base/content/mailWindowOverlay.js#925
+ * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=458606#c9
 /* 6220: What classes can process incoming data.
  * (0=All classes (default), 1=Don't display HTML, 2=Don't display HTML and inline images,
  * 3=Don't display HTML, inline images and some other uncommon types, 100=Use a hard coded list)
- * [1] https://www.privacy-handbuch.de/handbuch_31j.htm ***/
+ * [1] https://www.privacy-handbuch.de/handbuch_31j.htm
 user_pref("rss.display.disallow_mime_handlers", 3);
 /* 6221: How to display HTML parts of a message body
  * (0=Display the HTML normally (default), 1=Convert it to text and then back again
@@ -1665,14 +1693,15 @@ user_pref("rss.display.disallow_mime_handlers", 3);
  * (in trunk builds later than 2011-07-23)
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=602718
  * [2] https://hg.mozilla.org/comm-central/rev/c1ef44a22eb2
- * [3] https://www.bucksch.org/1/projects/mozilla/108153/ ***/
+ * [3] https://www.bucksch.org/1/projects/mozilla/108153/
 user_pref("rss.display.html_as", 1);
 /* 6222: Prefer to view as plaintext or html
  * true=Display a message as plain text when there is both a HTML and a plain
  * text version of a message body
  * false=Display a message as HTML when there is both a HTML and a plain text
- * version of a message body. (default) ***/
+ * version of a message body. (default)
 user_pref("rss.display.prefer_plaintext", true);
+**/
 /* 6223: Feed message display (summary or web page), on open.
  * Action on double click or enter in threadpane for a feed message.
  * 0=open content-base url in new window, 1=open summary in new window,
@@ -1701,9 +1730,9 @@ user_pref("_user.js.parrot", "6300 syntax error: this parrot is talking in codes
 /* These used to be inversed, however it seems upstream has changed this behavior
  * [1] https://www.privacy-handbuch.de/handbuch_31f.htm ***/
 /* 6301: Silence the Enigmail version header ***/
-user_pref("extensions.enigmail.addHeaders", false); // Default
+user_pref("extensions.enigmail.addHeaders", false); // [DEFAULT: false]
 /* 6302: Silence the Enigmail comment ***/
-user_pref("extensions.enigmail.useDefaultComment", true); // Default
+user_pref("extensions.enigmail.useDefaultComment", true); // [DEFAULT: true]
 /* 6303: Silence the version ***/
 user_pref("extensions.enigmail.agentAdditionalParam", "--no-emit-version --no-comments");
 /* 6304: Specifies the hash algorithm used by GnuPG for its cryptographic operations:
@@ -1723,7 +1752,7 @@ user_pref("extensions.enigmail.protectedHeaders", 2);
 /* 6306: Text to use as replacement for the subject, following the Memory Hole
  * standard. If nothing is defined, then "Encrypted Message" is used.
  ***/
-user_pref("extensions.enigmail.protectedSubjectText", "Encrypted Message"); // Default
+user_pref("extensions.enigmail.protectedSubjectText", "Encrypted Message"); // [DEFAULT: "Encrypted Message"]
 
 /** AUTOCRYPT ***/
 /* 6307: Choose whether to enable AutoCrypt