Firefox Addons site search tool offers no way to mark privacy-adressing extensions

RESOLVED WONTFIX

Status

addons.mozilla.org Graveyard
Search
RESOLVED WONTFIX
8 years ago
2 years ago

People

(Reporter: lct, Unassigned)

Tracking

Details

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.3) Gecko/20100501 Gentoo IceCat/3.6.3 (like Firefox/3.6.3)
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.3) Gecko/20100501 Gentoo Firefox/3.6.3

When you try to search a plugin for Firefox via addons.mozilla.org, there is no way to filter or mark addons, that have "privacy policy".
Such addons are often heavy on datamining.
This makes a lot of addons that behave as spyware or do datamining to be placed in search list, even if user does not wishes them there and prefers normal opensource or donation-powered addons.

There are addons which collect personal data even though they do not need this to function.

The whole situation makes addons repository look like spyware infested software bank.

Examples:
https://addons.mozilla.org/ru/firefox/addon/11255/
https://addons.mozilla.org/ru/firefox/addon/10828/
https://addons.mozilla.org/en-US/firefox/addons/policy/0/7498
https://addons.mozilla.org/ru/firefox/addons/policy/0/9825  (no idea why it collects personal info)

This is critical bug, a lot of users are unaware of eula mentioning datamining.

Reproducible: Always



Expected Results:  
At least an option in the search on site to include addons affecting privacy, or a marker. I have to click every plugin I browse to determine if it spies or not.

Updated

8 years ago
Component: Security → Search
Product: Firefox → addons.mozilla.org
QA Contact: firefox → search

Comment 1

8 years ago
(In reply to comment #0)
> When you try to search a plugin for Firefox via addons.mozilla.org, there is no
> way to filter or mark addons, that have "privacy policy".
> Such addons are often heavy on datamining.

That's a gross generalization. There are plenty of addons that have a privacy policy to explicitly state that they don't do bad things. The existence of a privacy policy does not say one way or another whether the addon is spyware. The really bad potential is the ones without a policy that do things without telling you, or worse yet, have a policy and lie about it.

What we need is better disclosure about practices, yes. There was a proposal a bit back to have a set of disclosure points which addons would use that would cover this area. ("this addon does x", "this addon does y", etc.) With that in place one should then be able to filter by it, which is exactly what you want but with better enforcement and clarification. I can't find the bug for it at the moment but this could be duped there.
Severity: critical → normal

Comment 2

8 years ago
That disclosure system was designed in bug 511706. Data collection (both personal and aggregate) would fall under the purview of that, I think, however it looks like that idea was dropped in favor of requiring developers to make everything more opt-in. I think something along the lines of a multiple choice privacy policy to go with the full text version would help to let users better see what's going on, in any case.

Another thing that might help with your perceived problem is a better stating that outright spyware isn't even allowed on AMO.
https://addons.mozilla.org/en-US/developers/docs/policies/reviews
I agree with Dave Garret's assessment.  We don't have plans to start indexing privacy policy.  It's not a useful facet for most of our users.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → WONTFIX
(Assignee)

Updated

2 years ago
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.