I’ll provide full transcript.
Review Team:
Sources, specifically Sources or instructions missing: Your add-on contains minified, concatenated or otherwise machine-generated code. You need to provide the original sources, together with instructions on how to generate the exact same code used in the add-on. Source code must be provided as an archive and uploaded using the source code upload field, which can be done during submission or on the version page in the developer hub. Instructions can be provided in a top-level README file inside the source code package or in the “Notes to Reviewers” field on the version page in the developer hub.
Me:
I did provide source code, and the README.md contains instructions on how
to build it.
Anything missing here?
Review Team:
Hi. You have provided the source code, but the build instructions are not clear.
Me:
Hopefully this helps. … (more instructions)
Review Team:
Thank you. I have a match on the build. However there are some remaining issues:
Review Team:
- Consent, specifically Nonexistent: For add-ons that collect or transmit user data, the user must be informed and provided with a clear and easy way to control this data collection. The control mechanism must be shown at first-run of the add-on. The control should contain a choice accompanied by the data collection summary. Depending on the type of data being collected, the choice to send cannot be enabled by default. If data collection starts or changes in an add-on update, or the consent and control is introduced in an update, it must be shown to all new and upgrading users. For the exact requirements, refer to https://extensionworkshop.com/documentation/publish/add-on-policies/#data-disclosure-collection-and-management . For an example of how to provide a consent and control dialog, see https://extensionworkshop.com/documentation/develop/best-practices-for-collecting-user-data-consents/ .
Also, if your add-on is listed on addons.mozilla.org, the listing needs to include a privacy policy, and a summary of the data collection should be mentioned in the add-on description.
- Consent, specifically Incorrect data choice type used: Collecting personal or potentially identifiable user data like the tab url requires affirmative user consent (i.e. explicit opt-in from the user). It must be clear to the user that they give consent to the collection of personal data.
Please see https://extensionworkshop.com/documentation/develop/best-practices-for-collecting-user-data-consents/ for an example of how to present the affirmative consent. Also, a summary of the data collection must be added to the add-on description and in the text accompanying the consent.
Me:
The extension doesn’t collect any data. There’s nothing to control.
Review Team:
Sending the tab url to a remote server is considered data collection. You need to ask consent from the user, sincer the tab url is considered personal data. The user has to opt-in and make a conscious choice when accepting the tab url to be sent to a 3rd party server.
Me:
The extension does not collect or send a Tab URL any where.
Review team:
Review team again says the source code wasn’t provided even though they found it and managed to reproduce before (same version).
Now extension is disabled.