Stylish and stealth add-on license/privacy policy updates

Add-ons addons.mozilla.org
#1

Stylish recently started stealing user data. It was caught, but not until the updated extension had been downloaded and run by many users.

The update was accompanied by a change to the Stylish privacy policy, which the Stylish developers presumably made on the theory that if they updated the privacy policy, it would be legal for them to opt people in to data collection without notifying them.

Had this privacy policy update been brought to users’ attention before Firefox started running the new extension code, instead of after, perhaps the misbehavior would have been caught earlier, and the impact of the problem limited.

When the privacy policy for an add-on changes, Firefox needs to stop that add-on from running or updating until the user has a chance to review and accept or reject the new policy.

1 Like
#2

That isn’t practical for a couple of reasons. First, it can lead to users missing the prompt and staying in an old and potentially broken/unsafe version. We already have a similar problem with certain permission updates. Second, privacy policy updates range from superficial to complete rewrites. These policies are also very hard to read for most users, and in some cases developers just link to a privacy policy on their website instead of posting the whole thing on AMO. Finally, privacy policies are optional, and the cases when they are required aren’t black-or-white. The Stylish developers could have easily updated their add-on without updating their policy.

We’re working on a project that is intended to make privacy decisions easier for users to make. This bug is the first step in that direction. The general idea is that privacy will be broken down into specific practices that users can more easily understand, and we can more easily require developers to include. They can’t be enforced from code, so some of the problems that came up with Stylish will continue to occur. We can’t really solve all of these problems and have a healthy development ecosystem, unfortunately.

Stylish 3.1.2 and greater