-
-
Notifications
You must be signed in to change notification settings - Fork 60
Зачем нам согласие со сбором данных?
14.05.2024
В связи с тем, что пользователи с опаской относятся к новому окну согласия со сбором данных, я публикую переписку с Мозиллой, где они требуют это окно добавить. Текстовую версию см. ниже.
Публикую текстом для удобства перевода.
Version 0.0.1.63 March 29, 2024 Disabled by Mozilla Review History
Source code uploaded by ilyaigpetrov 2 months ago
Rejection scheduled by Add-ons Review Team about a month ago
- Other, specifically Issue not covered by other reasons: Node 16 has reached end of life (https://endoflife.date/nodejs). Please upgrade your build tools and dependencies to supported releases.
Developer Reply by ilyaigpetrov about a month ago
Node 16 is not a requirement, you may use node v21.7.1 with npm v10.5.0 (my current setup). The README.md says "Tested on" not "Required version below or equal to v16".
Developer Reply by ilyaigpetrov about a month ago
Is my reply enough or do I have to reupload packages with fixed README.md again?
Developer Reply by ilyaigpetrov about a month ago
Dear Review Team, do I have to reupload modified archives of my extension to continue the review?
Rejected by Add-ons Review Team about a month ago
- Consent, specifically Nonexistent: For add-ons that collect or transmit user data, the user must be informed and provided with a clear and easy way to control this data collection. The control mechanism must be shown at first-run of the add-on. The control should contain a choice accompanied by the data collection summary. Depending on the type of data being collected, the choice to send cannot be enabled by default. If data collection starts or changes in an add-on update, or the consent and control is introduced in an update, it must be shown to all new and upgrading users. For the exact requirements, refer to https://extensionworkshop.com/documentation/publish/add-on-policies/#data-disclosure-collection-and-management . For an example of how to provide a consent and control dialog, see https://extensionworkshop.com/documentation/develop/best-practices-for-collecting-user-data-consents/ .
Also, if your add-on is listed on addons.mozilla.org, the listing needs to include a privacy policy, and a summary of the data collection should be mentioned in the add-on description.
- Consent, specifically Incorrect data choice type used: Collecting personal or potentially identifiable user data like the tab url requires affirmative user consent (i.e. explicit opt-in from the user). It must be clear to the user that they give consent to the collection of personal data.
Please see https://extensionworkshop.com/documentation/develop/best-practices-for-collecting-user-data-consents/ for an example of how to present the affirmative consent. Also, a summary of the data collection must be added to the add-on description and in the text accompanying the consent.
For more information, refer to https://extensionworkshop.com/documentation/publish/add-on-policies/#data-disclosure-collection-and-management .
runet-censorship-bypass\src\extension-common\70-menu-items.js
Developer Reply by ilyaigpetrov about a month ago
- Consent, specifically Nonexistent:
For add-ons that collect or transmit user data, the user must be informed and provided with a clear and easy way to control this data collection.
the user must be informed
The user gives "proxy" permission when installing the add-on, so he is informed that part of his traffic will be transmitted via proxy.
provided with a clear and easy way to control this data collection
This add-on allows accessing information otherwise censored in Russia. Yes, for sure, it transmits data via 3rd party proxies (https://antizapret.prostovpn.org). However it has some kind of control: user may replace 3rd party proxy-servers with any other working proxy-servers they provide to the extension.
- Consent, specifically Incorrect data choice type used:
Collecting personal or potentially identifiable user data like the tab url requires affirmative user consent (i.e. explicit opt-in from the user). It must be clear to the user that they give consent to the collection of personal data.
User gives the extension tabs
permission, expressing their trust in handling tab urls by the extension.
The tab url is sent to 3rd party web services like Google, archive.org, https://reestr.rublacklist.net (a registry of blocked web addresses) only after selecting a button from right-click menu on the extension icon. The menu items are named clearly and it is expected that user understands that by choosing items like "Open from archive.org", "Open via Google Translate" will disclose the current tab url to that services. These menu items are expected to be used explicitly by user in cases when proxying fails to unblock a censored web address.
Reviewer Reply by Add-ons Review Team 26 days ago
A consent dialog for data collection doesn't overlap or substitute the privacy policy and permissions user accepts when installing the add-on.
The consent dialog is an addition to the rest. For more information, please check out https://extensionworkshop.com/documentation/publish/add-on-policies/#data-disclosure-collection-and-management and https://extensionworkshop.com/documentation/develop/best-practices-for-collecting-user-data-consents/