Mozilla Connect

That is an excellent question! "Collect" includes all data or information the add-on transmits outside of boundaries of the extension or the local browser, such as to an external web server or another program or process on the users computer.

Processing data locally within the add-on and browser, in the examples that you give, probably aren't considered data collection as they're happening locally.

Just to be absolutely clear since I read something conflicting elsewhere.

I can request all the following permissions in the manifest.json:

	"host_permissions": [
		"<all_urls>"
	],
	"permissions": [
		"bookmarks",
		"alarms",
		"clipboardRead",
		"clipboardWrite",
		"tabs",
		"storage",
		"downloads",
		"history",
		"scripting",
		"menus",
		"webRequest",
		"webRequestBlocking"
	]

And can still declare this:

	"data_collection_permissions": {
		"required": [ "none" ]
	}

As long as the extension don't transmit data to an external server?

Yes, that is correct. The permissions and data collection permissions are separate so you can declare them in the way you suggest if you don't transmit data outside of the extension.

Thanks for the feedback, I really appreciate it!  To answer your questions.

For existing enterprise extensions that collect data using 3rdparty, will the consent popup still appear during installation?

I am not personally familiar with 3rdparty, but if your extension collects personal data from users you will need to specify this in the manifest and it will show this information to users during the install for them to agree to.

If an extension is deployed via admin policies like Extensions (Install) or managed through ExtensionSettings, will the consent popup still be shown in those cases?

Firefox doesn't show the installation prompts when extensions are installed via admin policies, and this same behaviour will be applied to the consent popup.

I’ve previously published a signed add-on. If I plan to submit an updated version, should I adopt this new consent mechanism? 

Yes, you should adopt this in the future.  We are still in the development phase for this feature, so there's no need for you to do anything right now.  We will publish on our add-ons blog and in many other places when this feature is available for you to use in your extensions, as well as any timelines.  We expect to phase this in gradually, so there will be plenty of time for you to submit a new version that takes advantage of this feature!

Thanks again for your feedback!

Edit: Formatting

Thanks for your questions!

1. If you specify that the extension has no required data collection, the installation screen will show "The developer says this extension doesn't require data collection"

2. You can't use this in production yet, and addons.mozilla.org won't let you upload an extension with these settings in the manifest just yet. We want to make sure we consider all the feedback before we enable this, but we will plan to do so in the coming months.  I'll be sure that we provide as much notice and communication as possible when it is enabled.

3. The plan is for the data_collection_permissions property to be only meant to be in the gecko property and shared by both Firefox Desktop and Firefox for Android

Hi JNavas - I really appreciate you taking the time to engage with this topic and provide your feedback!

I do agree that this solution is not perfect, and doesn't address all the points you raise. My goal as a product manager when working on products and features is to continually improve them - not to make them immediately perfect.  "Perfect is the enemy of good" as they say.

Here is some of the background context as to why we made the decisions we have:

Firefox's add-on policies have long required developers to clearly state, and gain consent, for the collection and transmission of personal data. This is not a new requirement.  The goal of this feature is to reduce the overhead on and make it easier for developers to be compliant with these policies.

Unfortunately we cannot rely on implied consent, as Firefox extensions can be hosted on and installed from 3rd party websites and we have no idea how these extensions are messaged to the user on those. For this reason we require the developer to get explicit consent from the user on install, rather than on download.  Not all extensions transmit data only when a user explicitly performs an action. Some extensions run in the background, transmitting data, and we want to ensure that the user is aware of this.

Finally, if an extension has access to the URLs that are browsed, and transmits them to some 3rd party server or application, then this information can be used to build a very personal profile. Some websites also include user or given names, and potentially anything personal as part of their URL structure, so it can very easily become personal data.

Your point about market share is also well taken, and one that we are very aware of here at Firefox! Firefox was created to give users choices about what browsers they have access to and what principles govern the development and maintenance of those browsers. I feel very strongly that user privacy, choice, and transparency around data collection are non-negotiable and that has always been reflected in our add-on policies.

My goal here at Mozilla is to balance this user choice with the needs of our awesome extension developer community.  We're not always going to get it right - but I will never stop trying! 

I hope this helps explain some of the decisions that were made and why. And as an Australian, I admit that working with holes is very ingrained in our culture - as you can see by this iconic scene in the classic Australian film called The Castle 😀

@alanmbyrne 
Thank you for the detailed reply.
My response (in reverse order):

1. Holes. Mozilla is digging an ever deeper hole, and more of the same isn't the answer:
   To recover, Firefox needs to give users a compelling reason to choose and stay with Firefox over other browsers, and making an issue of consent is just annoying and often counterproductive. So, what is that strategy?
   "We can't solve problems by using the same kind of thinking we used when we created them." —Albert Einstein 
2. Developer support. The combination of tiny, declining market share along with increasing platform differences and hassles are making it harder and harder for developers like me to continue Firefox support. I've spent more time trying to grok cryptic rejections and appease Mozilla than I've spent writing extensions.
3. False sense of security. If a URL has personally-identifying information, then the cat is already out of the bag, and no amount of extension transparency or consent can fix that. 
4. Consent. Implied consent is just as valid as any other form. Regardless, when an extension has been fully disclosed and the user then chooses to install it, that's affirmative consent, especially when there is no background activity that's not under explicit user control.
   Requiring redundant consent is annoying at best if not alarming.
   If background activity is what concerns you, then that is what you should be focusing on. 
   

   
   

   
   Last image is my onboarding, worded to try to appease Mozilla. I'm now halfway through a cryptic 14-day removal notice of a 4.8 star extension with over 16.000 users but with no response to my messages or my new submission. Chrome and Edge versions were quickly accepted. Another cryptic Mozilla rejection and I'm gone.
5. Standards. Mozilla used to be a champion of standards, so it's disappointing to see it pursuing a non-standard Manifest implementation that could interfere with cross-platform support. That's what standard Permissions are supposed to be. My guess is that granularity and lack of clarity and stability will likely make it even harder to satisfy Mozilla. 
6. Distribution. Your management of consent can only work if you control distribution. But you automate the signing of unlisted extensions, which can then be distributed outside of your control, and you then have no way of managing consent unless Firefox is breaking your own privacy policies to phone home.

To be clear, I'm not upset with you, or even Mozilla.
I'm upset with myself for putting up with all the grief and hassles.

John

This doesn't really tell most readers anything without a link to the code for your extension and some information about the rejection you received.

• My Mozilla rejection was a typically vague failure-to-obtain-consent despite several efforts to comply.
• My Archive Page extension is live on chromium-based browsers, the great majority of the market, with well over 100,000 users.
• In suddenly rejecting my extension Mozilla screwed well over 10,000 of its users. 
• I'm not looking for support or help. I'm fed up with Mozilla.

Thanks for the comment, I appreciate you engaging with us on this. We would expect the extension developer to document this in their privacy policy. Our add-on store allows the developer to supply a link to this policy, or enter the privacy policy text directly, which a user can then access via the add-ons listing page on addons.mozilla.org. 

We're also exploring allowing the developer to add some text to explain why they collect the data and what will be done with it, which will be part of a later release.