Mozilla Introduces New Requirements For Firefox Add-ons That Work With Personal Data

Mozilla announced a change in placement rules add-ons in the AMO catalog (addons.mozilla.org). Starting November 3, all new Firefox add-ons that collect or transmit personal data to external servers are required to define this activity in the manifest.json file. During installation of the add-on, information about operations with personal data will be displayed along with a request for permissions.

Information about data collection will also be displayed in the add-on manager (about:addons) in the “Permissions and Data” section and on the add-on page in the addons.mozilla.org directory.

Types of operations with personal data must be specified in the file manifest.json via object “browser_specific_settings.gecko.data_collection_permissions“. The developer can define both always applicable methods for working with personal data, and optional methods that can be disabled by the user.

Among the documented types of personal data identifying information (full name, email, telephone, address, age, etc.), financial information (credit card and account numbers, payment history), medical information (data on illnesses, tests), authentication parameters (logins, passwords, PIN), personal communications (email, chat messages, posts on social networks), location data (GPS, region), browser activity (information about visited sites), site content (images and text from pages), interaction with sites (information about clicks, mouse and keyboard actions), search queries, bookmark information, technical data (device information).