search

w3c / webextensions

Charter and administrivia for the WebExtensions Community Group (WECG)
Other
578 stars 50 forks source link

Proposal: Consensus on Data Collection & Privacy Policy #516

Closed erosman closed 5 months ago

erosman commented 5 months ago

Privacy Policy and Data Collection

IMHO, the policy would benefit from further clarification as the current wording e.g. "collect" (both on AMO & Chrome web-store) can be misunderstood by the users and developers.

Please consider the following scenarios. There is a difference between "stored" and "collected". In the 2nd & 3rd cases, using the word "collected" is cause for misunderstanding as the extension does not collect user data.

A Password utility extension that stores data remotely

In this case, user data is "collected", sent and stored on a 3rd party site associated with the extension. In fact, any extension that stores user data remotely anywhere associated with the extension, must clearly state so.

A Password utility extension that stores data locally

In this case, user data is not "collected", and not sent and stored on a 3rd party site associated with the extension. The data remains in the browser and is removed if the extension is uninstalled. The extension merely facilitate sending password that user has entered, to the site that user has selected.

A Proxy extension with authentication

Similar to above, data is stored only in the browser and is removed once extension is uninstalled. Extension simply facilitate sending password that user has entered, to the proxy server that user has selected.

hanguokai commented 5 months ago

The statement is confusing. But Extension Store Policy is out of scope in WECG. (I added it in charter.md)

xeenon commented 5 months ago

As @hanguokai mentioned store issues are out of scope for this group and should be raised with the individual companies.

erosman commented 5 months ago

The proposal was to define what is considered "data collection by extensions".

(I added it in charter.md)

Was it not added to the scope?

dotproto commented 5 months ago

Data collection is a concept that is enforced by individual stores, not the WebExtensions platform.

@hanguokai created this PR to reflect consensus from browser vendors on what topics they considered of if scope for the group. If you follow the PR link, @hanguokai links back to a comment by @xeenon on another issue where he summarized consensus reached during meeting discussion.