[freediver]

The browser should be a secure app to begin with, without making any automatic external requests (if anything, theses can make it less secure). Almost every other application behaves in this way.

Besides, malicious URLs directory and content blocking hardly qualify as 'security’ features.

Telemetry can be useful, and totally feel free to have as much of it as you want, as long as users opt-in into it. You seem to be making a lot of choices on the behalf of the user, when your default setup has whopping 70 requests “home".

There is a way to achieve everything you want, and for a privacy respecting product (or one claiming to be one) these choices absolutely need to be users' and not yours (by the very definition of the term privacy)

[jonathansampson]

The browser is secure "to begin with" because it is designed to adapt to the moving threat landscape of the Web. Attackers aren't static; we don't want to their targets to be static either. A browser that doesn't adapt rapidly, dies.

[freediver]

This is what the automatic update mechanism is for (and which should be opt-in as well like an OS would do it).

[jonathansampson]

You don't want to tie everything to one, single update. That means you have to delay smaller filter-rule updates until you deliver larger app-based updates. Or, you have to force a restart of the app to apply changes to filter lists, which is also not idea. Having a component-based system, where items can be updated and managed individually, is far better for everybody.