It has been a thing for longer that extensions are not allowed to make connections to the internet, unless it’s actually required for the functionality they advertise. And I believe, they have some rudimentary code scans in place to check for that. Besides that, there’s also their Recommended Extensions program, where they do thorough code reviews for a subset of available extensions.
Well, I guess they could. But at least its in the rules and people can report. And if it indeed violates the setting, then the addon could be removed from the repository. So there is an incentive for addon developers not to break that “promise”. At least this is the right direction.
Yes, it also narrows down the number of potential targets for analysis / report. If an extension is not marked “none” then no need to go out of your way to figure out if it does it.
Yes, but it’s about the tiniest step they could possibly take. It just officially makes violating “trust me, bro” against the rules, but does absolutely nothing to prevent it, nor allow the user to directly prevent such abuse. Some extensions don’t need Internet access at all, but there’s no (easy) way to stop it from happening. Others only need occasional access for updates, but there’s no user control for whether that’s all they’re doing.
So I can just declare ‘none’ and happily collect data?
Or is there actually some type of control?
It has been a thing for longer that extensions are not allowed to make connections to the internet, unless it’s actually required for the functionality they advertise. And I believe, they have some rudimentary code scans in place to check for that. Besides that, there’s also their Recommended Extensions program, where they do thorough code reviews for a subset of available extensions.
Well, I guess they could. But at least its in the rules and people can report. And if it indeed violates the setting, then the addon could be removed from the repository. So there is an incentive for addon developers not to break that “promise”. At least this is the right direction.
Yes, it also narrows down the number of potential targets for analysis / report. If an extension is not marked “none” then no need to go out of your way to figure out if it does it.
Yes, but it’s about the tiniest step they could possibly take. It just officially makes violating “trust me, bro” against the rules, but does absolutely nothing to prevent it, nor allow the user to directly prevent such abuse. Some extensions don’t need Internet access at all, but there’s no (easy) way to stop it from happening. Others only need occasional access for updates, but there’s no user control for whether that’s all they’re doing.