Torbrowser/Torbirdy insecure settings
Described for Torbirdy, applicable in the same way to Torbrowser.
security.OCSP.enabled must be 0, after program restart 1 Leak of used https-certificates, also leak of certificates used to check signatures of e-mails, thus history of used certificates (i.e. website, signatures, keys, if tied to a certificate).
furthermore leak of fingerprint (in case of Torbirdy, should be secured with Torbrowser) Accept: Accept-Language: Accept-Encoding: ...