🫂 Comparison Table
This table is based off of default configurations
NOT Exhaustive... impossible to cover everything!!
Make sure to read the notes below!
Please report any issues or inaccuracies!
Last updated October 16, 2025
| Maintained | Telemetry | Blocks emails from loading remote content | Generates link previews | Disables read receipts | Sends user agent (Browser/System info) in outgoing emails | Exposes system locale & date/time in email replies | Exposes locale & specific time via the date header | Leaks spellcheck dictionary info in outgoing emails | |
|---|---|---|---|---|---|---|---|---|---|
| Thunderbird - Upstream | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes |
| Dove - Config | Yes | No | Yes | No | Yes | No | No | No | No |
| Betterbird - Fork | Yes | No | Yes | Yes | No | Yes | Yes | Yes | Yes |
| Brace - user.js | Yes | No | Yes | Yes | No | No | Yes | No | Yes |
| Kicksecure - Config | No | No | Yes | Yes | No | No | Yes | No | Yes |
| thunderbird-user.js - user.js | Yes | No | Yes | No | No | No | No | No | No |
| Enables Google Safe Browsing (See here) | Sends metadata of downloaded files to Google | Enables Scam Detection | Enables CRLite Checks | Enables OCSP Checks | Hard-fails OCSP Checks | Enforces Strict Certificate Pinning | |
|---|---|---|---|---|---|---|---|
| Thunderbird - Upstream | Yes | Yes | Yes | No | Yes | No | No |
| Dove - Config | Yes | No | Yes | Yes | Yes | Yes | Yes |
| Betterbird - Fork | Yes | Yes | Yes | No | Yes | No | No |
| Brace - user.js | Yes | No | Yes | Yes | Yes | Yes | Yes |
| Kicksecure - Config | Yes | Yes | Yes | No | Yes | No | No |
| thunderbird-user.js - user.js | Yes | No | Yes | Yes | Yes | Yes | Yes |
| Automatically use End-to-end encryption for emails when possible | Cookies: | Sends emails in plaintext by default | Prevents revealing sensitive info in chat notifications | Sanitizes email HTML | Always shows full email addresses in UI | Displays information and headers of received emails in UI | Disables Mozilla's Email Provisioning | Disables FileLink | |
|---|---|---|---|---|---|---|---|---|---|
| Thunderbird - Upstream | No | Leaves all cookies enabled | No | No | Partially | No | No | No | No |
| Dove - Config | Yes | Enables Firefox's Total Cookie Protection and clears cookies on exit | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Betterbird - Fork | No | Leaves all cookies enabled | No | No | Partially | No | No | No | No |
| Brace - user.js | No | Enables Firefox's Total Cookie Protection, but leaves all cookies enabled | No | No | Partially | No | No | No | No |
| Kicksecure - Config | No | Blocks all cookies (Breaks logging into most email providers) | No | No | Partially | No | No | No | No |
| thunderbird-user.js - user.js | No | Leaves all cookies enabled | ? | Yes | Yes | Yes | Some | Yes | Yes |
| Default search engine | Enables Strong Tracking Protection (See here) | Web Content Blocking (See here) | Strips URL Tracking Parameters (See here) | Enables Global Privacy Control | Enables Do Not Track | |
|---|---|---|---|---|---|---|
| Thunderbird - Upstream | No | None | No | No | No | |
| Dove - Config | DuckDuckGo | Yes | uBlock Origin | Yes | Yes | Yes |
| Betterbird - Fork | No | None | No | No | No | |
| Brace - user.js | Yes | Basic | Basic | Yes | No | |
| Kicksecure - Config | No | None | No | No | No | |
| thunderbird-user.js - user.js | No | None | No | No | No |
| Requires secure connections for Email Autoconfiguration | Enables HTTPS-Only Mode | Requires safe connection negotiations | Supports Post Quantum Cryptography (Kyber) | Disables Network Prefetching | Enables DNS Over HTTPS | DNS Resolver (if DoH is active) | |
|---|---|---|---|---|---|---|---|
| Thunderbird - Upstream | No | No | No | Yes, except for WebRTC | No | No | Cloudflare |
| Dove - Config | Yes | Yes | Yes | Yes | Yes | Yes w/o Fallback | Quad9 |
| Betterbird - Fork | No | No | No | Yes, except for WebRTC | No | No | Cloudflare |
| Brace - user.js | No | Yes | Yes | Yes | Yes | No | Quad9 |
| Kicksecure - Config | No | No | No | Yes, except for WebRTC | Yes | No | Cloudflare |
| thunderbird-user.js - user.js | Yes | Yes | Yes | Yes | Yes | No | Cloudflare |
| Disables JavaScript | Disables JavaScript JIT | Disables WebGL | Disables WASM | Fingerprinting Protection | Disables Total Cookie Protection (dFPI) storage access heuristics | |
|---|---|---|---|---|---|---|
| Thunderbird - Upstream | No | No | No | No | Standard windows: Very basic, Private windows: Basic (FPP) | No |
| Dove - Config | Yes, with exceptions for email providers that require it for log-in & the ATO for installing add-ons | Yes | Yes | Yes | Strong (Hardened FPP) | Yes |
| Betterbird - Fork - Upstream | No | No | No | No | Standard windows: Very basic, Private windows: Basic (FPP) | No |
| Brace user.js | No | Yes, except for extensions | Yes | Yes | Strong (RFP) | No |
| Kicksecure Config | No | No | No | No | Standard windows: Very basic, Private windows: Basic (FPP) | No |
| thunderbird-user.js - user.js | Yes, without exceptions, causing severe breakage | Yes, except for extensions | Yes | Yes | Standard windows: Very basic, Private windows: Basic (FPP) | No |
| Enables Remote Debugging | Protects against IDN Homograph Attacks | Trims cross-origin referers | Strips cross-origin referers | |
|---|---|---|---|---|
| Thunderbird - Upstream | Yes | No | No | No |
| Dove - Config | No | Yes | Yes | Yes |
| Betterbird - Fork - Upstream | Yes | No | No | No |
| Brace user.js | No | Yes | Yes | Yes |
| Kicksecure Config | Yes | Yes | No | No |
| thunderbird-user.js - user.js | No | Yes | Yes | Yes |
What else do I need to know?
- Dove provides additional protection against malicious domains by setting Quad9 as the default DNS resolver.
- On top of Mozilla's blocklist, Dove also includes an enhanced extension blocklist of its own.
NOTES:
Safe Browsing
Safe Browsing is a powerful tool that provides real-time protection against malicious downloads & domains.
Firefox/Thunderbird's implementation of Safe Browsing is generally privacy-respecting, with the only concerns being:
- Safe Browsing exposes your IP Address to Google (Use a VPN/Proxy or some other way to mask your IP Address, which you should be doing anyways)
- By default, Safe Browsing also shares metadata of your downloaded files with Google. (Where this applies is documented on the table)
You should take advantage of Safe Browsing where possible.
Content Blocking
Out of the box, Thunderbird does not enable any content blocking for web content. Kicksecure & thunderbird-user.js do not improve this situation, & also leave it disabled.
Brace enables Firefox's basic built-in content blocking.
Dove installs uBlock Origin, and enhances uBlock Origin's default configuration as explained here.
Strong Tracking Protection
Dove and Brace manually enable various tracking protections; roughly equivalent to Firefox's Strict Enhanced Tracking Protection.
URL Tracking Parameters
Dove and Brace enable Firefox's built-in Query Stripping feature. Unfortunately, this feature only covers a very small list of parameters.
Dove enable the AdGuard URL Tracking Protection and Actually Legitimate URL Shortener Tool filter lists in uBlock Origin for stronger coverage, as well as enhances Firefox's default query stripping list.