Mozilla Connect

alanmbyrne · ‎05-09-2025

Calling all Firefox extension developers!

Hello, Alan here again - Product Manager working on Firefox extensions. 👋

In a recent blog post I explained that we’re working to streamline the data consent experience for extensions.

I’m pleased to announce that the initial version of this feature is now available in Firefox Nightly version 139 (and later) for extension developers to test out and provide feedback! We want to make sure that the new data consent experience is easy for extension developers to adopt, and works as a drop-in replacement for any existing custom consent experiences you may have created. We also need to know if the data categories available to choose from are appropriate for your extension.

Please take a look at how you can implement this new experience for your extensions in Firefox Nightly, and then please share any feedback or comments that you have to help make this better below!

Thanks in advance!

lilydjwg · ‎05-09-2025

I have a simple question: what does "collect" here mean? Does an extension that merely processes data locally count? E.g. an extension that searches / reorders / groups the user's bookmarks in some way, or an extension that deletes certain history based on user's input, or an extension that injects code into a webpage that doesn't cause any data to be sent.

alanmbyrne · ‎05-09-2025

That is an excellent question! "Collect" includes all data or information the add-on transmits outside of boundaries of the extension or the local browser, such as to an external web server or another program or process on the users computer.

Processing data locally within the add-on and browser, in the examples that you give, probably aren't considered data collection as they're happening locally.

arielg · ‎05-21-2025

Just to be absolutely clear since I read something conflicting elsewhere.

I can request all the following permissions in the manifest.json:

	"host_permissions": [
		"<all_urls>"
	],
	"permissions": [
		"bookmarks",
		"alarms",
		"clipboardRead",
		"clipboardWrite",
		"tabs",
		"storage",
		"downloads",
		"history",
		"scripting",
		"menus",
		"webRequest",
		"webRequestBlocking"
	]

And can still declare this:

	"data_collection_permissions": {
		"required": [ "none" ]
	}

As long as the extension don't transmit data to an external server?

alanmbyrne · ‎05-21-2025

Yes, that is correct. The permissions and data collection permissions are separate so you can declare them in the way you suggest if you don't transmit data outside of the extension.

rasisilambu9 · ‎05-14-2025

Really appreciate the new built-in consent popup feature—it’s a great addition! I have a few questions regarding this new consent flow:

For existing enterprise extensions that collect data using 3rdparty, will the consent popup still appear during installation?
If an extension is deployed via admin policies like Extensions (Install) or managed through ExtensionSettings, will the consent popup still be shown in those cases?
I’ve previously published a signed add-on. If I plan to submit an updated version, should I adopt this new consent mechanism?

Please specify the timeline if possible from when it comes to live, so that I will plan my upgrade accordingly.

Thanks in advance for any insights!

alanmbyrne · ‎05-14-2025

Thanks for the feedback, I really appreciate it! To answer your questions.

For existing enterprise extensions that collect data using 3rdparty, will the consent popup still appear during installation?

I am not personally familiar with 3rdparty, but if your extension collects personal data from users you will need to specify this in the manifest and it will show this information to users during the install for them to agree to.

If an extension is deployed via admin policies like Extensions (Install) or managed through ExtensionSettings, will the consent popup still be shown in those cases?

Firefox doesn't show the installation prompts when extensions are installed via admin policies, and this same behaviour will be applied to the consent popup.

I’ve previously published a signed add-on. If I plan to submit an updated version, should I adopt this new consent mechanism?

Yes, you should adopt this in the future. We are still in the development phase for this feature, so there's no need for you to do anything right now. We will publish on our add-ons blog and in many other places when this feature is available for you to use in your extensions, as well as any timelines. We expect to phase this in gradually, so there will be plenty of time for you to submit a new version that takes advantage of this feature!

Thanks again for your feedback!

Edit: Formatting

regseb · ‎05-16-2025

I have some questions:

What does the popup display if there is no data_collection_permissions property in the manifest?
Can I add the data_collection_permissions property now (with "required": ["none"] value)? It will be ignored by current versions of Firefox.
Do I need to declare data_collection_permissions twice for gecko and gecko_android (if they have the same values)?

alanmbyrne · ‎05-16-2025

Thanks for your questions!

1. If you specify that the extension has no required data collection, the installation screen will show "The developer says this extension doesn't require data collection"

2. You can't use this in production yet, and addons.mozilla.org won't let you upload an extension with these settings in the manifest just yet. We want to make sure we consider all the feedback before we enable this, but we will plan to do so in the coming months. I'll be sure that we provide as much notice and communication as possible when it is enabled.

3. The plan is for the data_collection_permissions property to be only meant to be in the gecko property and shared by both Firefox Desktop and Firefox for Android

erosman · ‎05-19-2025

Please also note the WECG discussion https://github.com/w3c/webextensions/issues/516

Mozilla Connect

New Extension Data Consent Experience now available in Firefox Nightly