[alias_neo]

> White-listing what addresses a web browser can reach seems to go against the intended use - you know, to browse the web.

Agreed, but that was an extreme example. Blocking FFs known addresses should be sufficient with some additional network monitoring just in case.

I can't response to the rest of your comment, as my point was specifically about not needing to trust FF/MZ if you're running your own sync server. Once the software is within your network, it is entirely up to you, your tools and your skills to determine what does and does not leave it and to where.