HTTP Authentication data is still sent to third parties with ESR 52 based Tor Browser
Testing a build based on ESR 52 and our patches in #20680 (moved) it turns our that HTTP Authentication data seems to leak to third parties as can be seen on the http://ip-check.info test.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information