Hello, extension developers! I’m Alan, the Product Manager at Mozilla responsible for the Firefox add-ons ecosystem.
I wanted to share news about a project we’re working on that will streamline how extension developers implement user data consent experiences.
Firefox extension data collection policies protect our users
Today, our Add-on policies dictate that any extension that collects or transmits user data must create and display a data consent dialog. This consent dialog must clearly state what type of data is being collected and inform the user about the impact of accepting or declining the data collection.
Whilst the policy is a great example of Firefox’s commitment to transparency and protecting user data, it can add significant overhead for developers who want to build on our platform, and it creates a confusing experience for end users who often encounter many different data consent experiences for every extension they install. These custom data consent experiences also increase the time it takes for add-on reviewers to process a new extension version, as they need to verify this custom code is compliant with our policies.
We’re simplifying how extensions gets consent to collect data
In 2025 we will launch a new data consent experience for extensions, built into the Firefox add-on installation flow itself. This will dramatically reduce the:
- development effort required to be compliant with Firefox data policies
- confusion users faces when installing extensions by providing a more consistent experience, giving them more confidence and control around the data collected or transmitted
- effort it takes AMO reviewers to evaluate an extension version to ensure it’s compliant with our data collection policies
Developers won’t need to bother with creating their own custom data consent experiences. Soon, developers will simply be able to specify in the manifest what types of data the extension collects/transmits and this will automatically be reflected in a unified consent experience across all Firefox extensions.
When a user then adds an extension to Firefox, the installation prompt will show what required types of data the extension collects, if any, alongside a list of permissions that the extension requests. Users will have a choice to opt in/out of providing the optional technical and usage data if the add-on has requested it, as well as any optional data collection the developer requests. As always, the user then has the choice to continue adding the extension if they agree to the required permissions and data collection, or cancel the installation flow. We plan to extend the existing WebExtensions permissions APIs to include these data collection options, making it as easy as possible for developers to adopt this new functionality.
The data collection information will also be displayed on AMO extension listing pages to help Firefox users make informed download decisions. We’re also exploring ways to let developers provide more context about their data practices, if they wish.
We will eventually accept this standardized approach instead of requiring a developer to build custom consent screens, but acknowledge this will take time as we gather feedback from our community of developers and users. To begin with, we will be adding this functionality to the Nightly version of Firefox for desktop in an upcoming release so that we can gather feedback on how this approach compares with their existing consent experiences. We’ll be sure to announce here on this blog with further technical details about how to use it, so stay tuned!
Help us make this better
We would love our Firefox extension developers to help us shape the future of this feature and we encourage you to test it out in Nightly when it’s released and send us your feedback. Finally, if you’re an extension developer, please help us build this feature by completing a survey about how you’re using permissions and data in your own extensions. This will help us make sure we’re not missing anything important during this stage of design!
No comments yet
Post a comment