Permit developers to provide a link to a privacy policy for their extensions

RESOLVED FIXED in 3.0

Status

addons.mozilla.org Graveyard
Developer Pages
--
major
RESOLVED FIXED
12 years ago
2 years ago

People

(Reporter: shaver, Assigned: fligtar)

Tracking

Dependency tree / graph

Details

We should make this (by policy) a mandatory thing for extensions that phone home in any way, and give them a field to put a URL in.

Comment 1

12 years ago
Depending on whether we want them to be able to edit it or whatever, we may want to host it ourself. That way, we can track changes to it. We also need to inplement UI so users can confirm that they've read the privacy policy before they're allowed to install the addon.

Also.. terms of use? terms of service? anything else?
Version: unspecified → 2.0

Comment 2

12 years ago
Instead of a link, I think this should be an internal page extension/privacy.xhtml.

Comment 3

12 years ago
It might be more prudent for these cases to allow only a link to the plugins' homepage, than to allow it to install directly from the mozilla site.
In a sense the lack of proper disclosure is not the responsability of mozilla.org, but the presence on the extension site does seem similar to a "seal of approval" (at least to unsuspecting users). And since mozilla/ff are free and clean, people tend to expect that from hosted extensions as well.
(Assignee)

Comment 4

12 years ago
I created a Privacy Policy system, but rather than upload the 5 attachments (v1 patch, v2 patch, 2 new files, and the sql query) I figured I'd post a working example and I can make any changes based on feedback first.

The developer changes can be viewed at:
https://update-staging.mozilla.org/~fligtar/v1-privacy/developers/
There is a next textarea when adding an extension and editing an extension for the privacy policy. It only shows up for extensions, not themes.

If that field isn't empty, a link will be displayed on the approval queue to the mozilla-hosted privacy policy (https://addons.mozilla.org/firefox/100/privacy-policy/)

The public changes can be viewed at:
https://update-staging.mozilla.org/~fligtar/v2-privacy/public/htdocs/addon.php?id=3116
Unfortunately, my .htaccess is not properly rewriting URLs right now, so you can't really navigate from page to page. The addon overview page will only display the privacy policy checkbox and add a sidebar item if the policy is set.

The /privacy-policy/ rewrite goes to https://update-staging.mozilla.org/~fligtar/v2-privacy/public/htdocs/privacy-policy.php?id=3116

If we implement the mandatory privacy acceptance, we would also need to add checkbox support to the main page and recommended page before downloading those extensions, if they set a privacy policy. Is that something we want to do? And do we like the checkbox in the green box format or something else?

Also, how do we want bug 342973 to blend with this one?
(Assignee)

Updated

12 years ago
Assignee: morgamic → fligtar
(Assignee)

Updated

12 years ago
Status: NEW → ASSIGNED
(Assignee)

Comment 5

12 years ago
After discussions in #amo with shaver and others today, the Privacy Policy is for information only. I updated this in my test pages and posted those links in bug 342973. I am working on this bug and bug 342973 together, along with bug 335708.

They will all be in the same patch, so it might be better to mark 1 or 2 of these extra bugs as dups of 342973, but I'll let someone else decided that.
(Assignee)

Updated

12 years ago
Depends on: 352560
(Assignee)

Comment 6

11 years ago
This has been fixed on the Developer Pages side in Remora, although it's meant to be the actual Privacy Policy, not just a link.
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.0
Duplicate of this bug: 335708
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.