Thunderbird making Telemetry and outbound connections on startup

Thunderbird is now since Tails release 7.1 is making new outgoing connections every time you start or rather launch the application.

These are the domains on port 443 I observed in onioncircuits when starting Thunderbird. (sorry no screenshot).

autoconfig.thunderbird.net:443
live.thunderbird.net:443
location.services.mozilla.com:443
thunderbird‑settings.thunderbird.net:443

I was going to make this report earlier but wanted to see if it was fixed.

Prior to 7.1 release I only saw thunderbird‑settings.thunderbird.net in connections going back like, I wanna say three release ago so 6.18?

It looks like thunderbird‑settings.thunderbird.net is part of its remote settings “Normandy” service. The same mechanism Mozilla uses in Firefox to push feature‑flags, UI tweaks, experiment payloads and other configuration data to clients.

This doesn't look good since that could be attack surface in my honest opinion especially Normandy like setting.

I tried settings pref("services.settings.server", "") but it still made requests so that didn't disable it.

As far as the other three connections these might do the trick but I haven't tested them yet.

Location services via location.services.mozilla.com:

pref("browser.region.network.url", "");
pref("geo.provider.use_geoclue", false);
pref("geo.provider.network.url", "");

Live and autoconfig via autoconfig.thunderbird.net:443 & live.thunderbird.net:443:

pref("app.releaseNotesURL", "");
pref("mailnews.auto_config_url", "");

In closing I think URL places in prefs should be re-examined at and see what URL's could be set blank in aa_tails.js to essentialy strip them out just like Tor Browser does and a "defense in depth" situation even though some might be disabled by a boolean pref.