pydolan
commented
6 years ago Same result on my end; here's the message in english: "This extension violates the Chrome Web Store policy." So what policy did it violate?
Open gabooh opened 6 years ago
pydolan
commented
6 years ago Same result on my end; here's the message in english: "This extension violates the Chrome Web Store policy." So what policy did it violate?
TamaraBintener
commented
6 years ago I also saw this just now. Was hoping to find some explanation on the reason why. Fortunately, re-enabling the extension worked just fine.
gabooh
commented
6 years ago Yes it works fine, but you won't be able to install it on new chrome setup / new computers, from the chrome store.
kprock
commented
6 years ago Too bad. This extension worked really well for me, and from what I could tell, wasn't collecting inappropriate data.
joeyespo
commented
6 years ago Sorry for the delay!
So what policy did it violate?
The violation is that there was no Privacy Policy page set for this extension.
Note that this extension never has and never will collect user information. The only data that may someday be collected would be error reports (#15) and anonymous usage information like "how many people use the Quiet Hours feature?" Both of these are currently TODOs and haven't been implemented.
So what happened?
Honestly, I dropped the ball. I received the following email from Google Chrome Store back on Dec 19:
Dear Developer,
We recently reviewed your item, "Inbox by Gmail Checker," with ID: mpjmeeikbbgccbjkbfabocnjcaejdpmj and found that it did not comply with our User Data Policy, which is part of the Chrome Web Store’s Developer Program Policies.
Your item violated the Privacy Policy & Secure Transmission Section of the policy, which requires that: If your Product handles personal or sensitive user data (see the FAQ to find specific examples), then you must: Provide a link to your privacy policy in appropriate field in the Chrome Web Store Developer Console and on the inline installation page (if applicable).If you’d like to re-submit it, please modify the item so that it complies with the policies, then re-publish it in your developer dashboard. Please reply to this email for issues regarding this item removal.
Your item is still published, but is at risk of being removed from the Web Store. Please make the above changes within 7 days in order to avoid removal. Once you have made these changes you may submit and publish a new draft in the developer dashboard. Your draft will be reviewed for policy compliance which typically takes a few business days. If the outcome of the review is successful, your store listing will remain published. If we find additional issues with your item, we will send you another email with details. If you have any questions about this email, please respond and the Chrome Web Store developer support team will follow up with you.
Important Note:
Your item will still be subject to review and may be removed from the store within the warning period. Repeated or egregious policy violations in the Chrome Web Store may result in your developer account being suspended or could lead to a ban from using the Chrome Web Store platform. This may also result in the suspension of related Google services associated with your Google account.
Thank you for your cooperation,
Google Chrome Web Store team
Developer Terms of Service: https://developers.google.com/chrome/web-store/terms
Program Policies: https://developers.google.com/chrome/web-store/program_policies
Branding Guidelines: https://developers.google.com/chrome/web-store/branding
Since it was during a workweek, and Christmas less than a week away, I skimmed just enough of it to mistakenly believe I had time. That I could wait for a free afternoon and dedicate the attention it seemed to require then. Anything related to sensitive data is no joke. It deserves attention.
But I figured, "hey, this project is an open-source derivative work of Google's Mail Checker sample. All Google has to do is take a peek. There's no reason this couldn't be snoozed until 2018."
In retrospect, I should have opened an issue right then and there.
The following weekend (the 29th and 30th), I set aside time to address this. That's when I read in detail what exactly this is. But by then the extension was already missing from the Chrome Web Store.
Again, I should have opened an issue right then and there.
Instead, I thought it would be an easy fix (and hey, it was still working if you already had it installed), so I began researching. That's when I came across this warning from TechCrunch. (I do agree with this effort. And very much appreciate that I can continue to suggest Chrome over Explorer to friends and family. However, I'm left frustrated that this particular problem flew below my radar until the last minute.)
I searched for and found a number of examples of Privacy Policy documents. Here's a few big ones.
Reading these gave me pause. Most were wordy. Most dealt with actually sending sensitive user information back to a server, whereas this project does not. Nearly all were hosted on a dedicated site. I started wondering. Should I host it outside GitHub? I have more extensions on the way, but Chrome Web Store gives only you one Privacy Policy field to cover all your extensions. I should probably plan for that. Should I use a template, or write one from scratch? Should I involve a lawyer?
Seemingly simple meta-work quickly turned to doubt and hesitation.
One of my ongoing personal goals is to publish as many projects and productivity / dev tools built on the side. Whether tweaking my setup around habits, ~procrastinating~ seizing productivity opportunities, or learning while having fun, I publish it.
(Another goal is to blog. I haven't exactly gotten around to that yet. So I'm posting this here instead.)
This project was no different. Having an Inbox-equivalent to the Gmail button was something I absolutely wanted. And applying Pomodoro techniques via distraction-free modes was an experiment I wanted to continue to explore. (This is actually my second iteration of the idea.) The project was useful to me, so I wanted to share it. (And according to the numbers on the Chrome Store, it was indeed worth sharing.)
But taking on personal liability for sake of sharing a solution that worked well for me isn't something I'm particularly interested in. If Chrome Extensions had a "Deploy to Heroku" equivalent, I'd take that option hands-down.
Going back to full-time while being a father of two has undoubtedly decreased my responsiveness in open-source. Being async with side projects and responding to issues in batches has allowed me to keep them moving while maintaining a healthy life balance up until now.
However, it's obviously not the best process for urgent issues like this, especially when others are affected. And for that, I'm sorry. I do hope the extension can grow past this, despite the loss of trust this ultimately caused. And I'll do what I can to prevent surprises like this from happening again.
I just subscribed to Chromium's blog, which would have given me the initial heads up. I also pledge to be more transparent by opening any future time-sensitive issues right away.
Anyone looking for an open source project to collaborate on? To help respond to issues and/or write some code from time to time? (I'm happy to guide you if you're new to programming or open-source. For those looking for something more ambitious, a move to ES6 + Babel for readability is badly needed! Everyone else, rest assured--I'll continue to personally review all code changes.)
If this sounds like something you'd be interested in, say hello joeyespo@gmail.com
And finally, here's my work-in-progress for the Privacy Policy page:
Chrome Extension Privacy Policy
===============================
*Updated January 12, 2018*
#### All extensions
- Joe Esposito does **not** collect any personal information that the extension may have access to
#### Inbox by Gmail Checker
- Google user data is accessed by the extension in order to display it via the icon and notifications
- Google user data is **not** shared with anyone else other than the extension userCan anyone weigh in?
Does it cover enough? Do you agree it's a good approach to cover multiple extensions in one policy? (e.g. this one, and another I've been meaning to publish that provides "match selection" support to any text in Chrome.) Any other advice?
Thanks for reading, and sorry again for any inconvenience this may have caused you.
DonSerrot
commented
6 years ago I don't know if I was just a little slow on noticing or if it just now took effect for me. I just did the manual install from github and that seems to be working as a separate installation. Do you know if the old version will reactivate/update once the privacy policy issue is corrected or if it'll be a completely new installation I'll have to do later? For now at least the manual install version from here works in the mean time.
EDIT: Huh. Now the original seems to be working again even though it's still gone from the Chrome Store.
joeyespo
commented
6 years ago @Donhorn Thanks for trying that out. Good to hear it's working despite being removed for now.
I'm pretty sure it'll come back as it was once a proper Privacy Policy is in place. I think I'm going to go with what's written above unless anyone can weigh in.
I'll be sure to post here after I complete the process.
Thanks again for your patience ❤️
bradvogel
commented
6 years ago Might want to just copy https://mixmax.com/privacy.html :)
worksewell
commented
6 years ago For lazy people that don't want to wait for it to get re-published:
git clone http://github.com/joeyespo/inbox-by-gmail-checker.git ~/some-pathDeveloper mode in upper rightLoad Unpacked under search~/some-path directory
nickkaczmarek
commented
6 years ago @joeyespo Is there anything I can do to help get this update out? I am still able to use it, but it would be nice to have chrome manage this again.
And it was disabled automatically here.