The latest stable version of ThirdStats is being supported with security updates.
To report a vulnerability, please issue a bug report.
1. Is the extension fully contained or does it request any data like (js packages) from third-party CDN servers?
This extension is fully contained. All dependencies are retrieved and minified on build. No CDN is contacted during installation or runtime or ever on your side. You can verify that by opening the network tab in the dev tools and browsing ThirdStats.
ThirdStats does store the processed stats data in Thunderbirds own extension storage for perfomance reasons, called the ThirdStats cache. You can clear and disable it in the add-on options, if you don't want that. ThirdStats will never store this data elsewhere, nor sent or sell it anywhere.
ThirdStats needs 3 permissions to work:
accountsRead: "See your mail accounts and their folders" - This is needed to iterate over all messages in all folders of your Thunderbird accounts to count and process them.messagesRead: "Read your email messages and mark or tag them" - This is needed to read the message header and retrieve the following information from it: author, bccList, ccList, date, read, recipients. ThirdStats never reads the email body or marks/tags emails.downloads: "Download files and read and modify the browser’s download history" - This is needed to export processed stats data as JSON file and provide it as a file download. ThirdStats never reads or modifies the download history.
No. It only runs locally. You can check the build files yourself anytime by renaming .xpi to .zip, unzip it and browse the files