Security configuration of Instantbird
Disable Instantbird's auto-updater and crash reporter OTR is enabled by default and other non-OTR communication is disabled entirely
- CA verification: TOFU? Pinning?
Disable older TLS/SSL suites Ensure that all plugins are disabled (Java, Flash)
- Ensure that there is a whitelist of the most popular Instantbird extensions that we have to check to see if they could introduce leaks
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information