Some Specific Questions About The Safety/Privacy Of The Extensions

I know this look a bit long but please bear with me, I believe I have some answer-worthy questions.

PS: I firstly posted this to the mozilla support, got decent answers and advised that I may find better answers here. So here I am.

Hello everyone,

I searched the community to find some specific answers but I could not. I am sorry if I missed some content but I don’t think so since I think my questions appear to be a bit more specific. These are:

1- Extensions ask for permissions and permissions may access your information according to their descriptions explained on: https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions

That’s ok but extensions are updated frequently, right? So, can extensions’ permission settings be changed via an update? If yes, does firefox inform us that the extension has changed it’s permission settings?

I would not like to have an extension having little permissions to be updated to some kind of data recorder without me knowing. (And yes people check these but that’s my 2nd question)

2- Yes, (sometimes) people check the updates that are made to certain extensions, in case that’s a ‘recommended’ extension, it is always checked by real people, that’s great. But I could not find any information about what would be the aftermath of an extension which changed in a bad way. What happens then? Is it immediately blocked? Does it automatically stop working? Does the safe old version keep working and the new-bad-update never sees the light of the day? That would be great to know.

3- This one is about privacy. Since one of the most important aspects of Firefox is its privacy-friendly design, I wanted to ask if privacy aspects of the extensions are also checked by the community (or Firefox staff in case of ‘recommended’ extensions). I know, there are some cases that might make you ask: “Not everybody cares about privacy, also not every extension is about privacy, some even clearly state they are bad for privacy, why would something like this be routinely checked?” But there are some extensions that are solely made for privacy. What happens if something about apps privacy policy changes? Or some app that did not collect data beforehand starts to collect data and start to harm our privacy?

I hope these are some legit questions and with some answers they would leave an information-laden thread to the community.

If an extension adds a required permission that you would be prompted for in an update you have to approve the update and Firefox shows you the new permissions you need to grant.

If a manual (or automated) review finds a violation of the policies that harms users, the extension is usually removed from distribution. However, as far as I know only explicitly malicious extensions will be removed without user interaction from existing installations. Any version that is safe and has no issues will continue to be available/installed.

Extensions are required to explicitly tell you and give you a chance to opt in (or out for now) at install time: https://extensionworkshop.com/documentation/publish/add-on-policies-dec-2021/#data-disclosure-collection-and-management

That was very informative and cleared pretty much everything for me Thank you very much for taking the time and replying.