https://mitmdetection.services.mozilla.com/ is contacted over catch-all circuit
If one triggers a MitM-warning (e.g. on https://mitm-software.badssl.com/) what seems to be a background request is sent over the catch-all circuit to https://mitmdetection.services.mozilla.com:
[10-25 07:50:12] Torbutton INFO: tor SOCKS: https://mitmdetection.services.mozilla.com/ via
--unknown--:3c6a3286392291d7459b9e131ebc8f73Either we properly do FPI here OR we just omit contacting Mozilla here at all (I think the latter sounds fine).