Disable outgoing connections by default

Currently can you even disable them?

From https://www.unixsheikh.com/articles/choose-your-browser-carefully.html#librewolf:

A network dump reveals that the very first time Librewolf is started it immediately contacts the Mozilla add-on CDN, Amazon Cloudfront, and several other places even though automatic updates of extensions is disabled by default.

The network dump reveals some of the following domains and IP addresses (I have shortened the list):

addons.cdn.mozilla.net
server-13-33-240-122.hel50.r.cloudfront.net
ec2-34-253-97-22.eu-west-1.compute.amazonaws.com
content-signature-2.cdn.mozilla.net
rt4bb146-89-147.routit.net
invidio.us
static.213-133-100-23.clients.your-server.de
132.145.233.26
52.142.124.215
167.99.237.63
194.187.168.100

While it is true that the project themselves do not collect any telemetry, the domains that the browser visits the very first time you open up the browser do log these requests, which - besides from timely updates - is the only problem I have with Librewolf.

On the Librewolf FAQ the following is stated (as of 2022-03-07):

Does LibreWolf make any outgoing connections?

Yes, but they aren't in any way privacy invading and they were carefully evaluated. Specifically they are needed to fetch and update the blocking lists used by uBO, Tracking Protection and CRL, which we considered more important than disabling all outgoing connections, especially ones that are harmless. LibreWolf also makes an occasional connection to check wether you have received push notifications from websites you have subscribed to.

With that being said, LibreWolf is still commited to removing all privacy invading connections, and to keep all connections to the bare minimum required to maximize and balance privacy and security.

I am sorry, but this is just not good enough.

Of course we need to keep our block lists and what not updated, but the problem is that the user isn't provided with a choice. Not all users want these things fetched automatically, sometimes for good reasons (e.g. a temporary failure in a VPN connection that reveals the true IP address - and thereby the location - of the user).

All update features needs to be opt-in only and not something that is enabled by default if Librewolf is to be regarded as truly privacy respecting.

Maybe there could be an option to provide these things offline.

So that you can fetch them from another machine/connection.