10
edits
Changes
Changed certain verdicts, and added a few cases to align with the current set of guidelines on data collection policy
| The add-on uses means such as webRequest to circumvent the permission prompts for new tab page, homepage or search engine changes. || Reject Immediately
|-
| The add-on changes browsing behavior inhibiting user actions, such as closing or hiding about:addons or other special pages when opened. || Reject and EscalateImmediately
|-
| The add-on unexpectedly makes use of redirection to block the user from visiting certain sites without providing the user an option to circumvent the redirection. The add-on is violating the [https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews#No_Surprises no surprises policy]. || Reject Immediately
|-
| The add-on silently modifies web content, for example by exchanging words and images, or adding content. This feature is not part of the core functionality and is not described to the user in any way. || Delayed RejectImmediately
|-
| The add-on describes itself as e.g. “VPN Service”, while at the same time it also provides something completely unrelated to the add-on’s core function, such as altering the new tab page and providing affiliate search results.<br /><br />The additional features are not stated in the description, and there is no opt-in for the additional feature, violating the [https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews#No_Surprises no surprises requirements]. || Reject Immediately
|-
| An add-on provides UI to allow the user to make a no surprises choice, but the default action is to accept the choice (hence not an opt-in). || Delayed RejectImmediately
|-
| An add-on makes use of an “unexpected” feature as per no-surprises policy, but fails to indicate so in the add-on description. || Delayed Reject
| The add-on’s code, functionality or service used indicates that payment is required to use the core functionality of the add-on but the developer has not selected this option in the listing. || Delayed Reject
|-
| The add-on only functions within a closed environment, such as only for employees of a specific company (“internal or private use”). <br/><br/> If the add-on has just been submitted to AMO, rejecting immediately is acceptable. Otherwise, delaying the rejection gives developers time to migrate their services to point to the new self-hosted location. || Delayed RejectImmediately
|-
| Users can only sign up to the service using a “contact us” link on the website. There is no apparent web sign-up process (“only accessible to a closed user group”).<br /><br />(Note that especially on sites with foreign languages, maybe you just missed it. Best to ask the developer to provide information on how a user would sign up. If they can’t provide the information or confirm there is no web sign-up process, the add-on can be rejected). || Delayed RejectImmediately
|-
| The add-on is clearly a fork of another add-on, while not providing a significant difference in functionality or code. (This should be a joint decision, we want to make sure not to block creativity by being too strict on “significant difference”) || Request Super ReviewReject Immediately
|-
| The add-on listing is well described, but requires knowledge of the specific system being used in combination with the add-on. || Approve
| The add-on requests additional permissions that are not required for the add-on to function. The developer argues they will need them in a future update. || Delayed Reject
|-
| The add-on loads and executes remote code.<br/><br/>If there is reason to believe the add-on is intentionally loading remote code, please escalate to a block. || Reject Immediately or Escalate
|-
| The add-on uses a http channel to exchange information, while it is possible for the developer to use https.<br/><br/>If the developer has control over the remote infrastructure and can enable servers to use https, you can reject as they need to take this step. If the choice of http is outside of the developers hands, you may approve. || Reject Immediately
| On a quick skim, the privacy policy seems to be about a website more than it is about the add-on. || Delayed Reject
|-
| The add-on is listed and doesn't link to its privacy policy hosted on AMO on its data collection consent page || Delayed Reject Immediately
|-
| The add-on is listed and links to a self-hosted privacy policy (as opposed to AMO hosted) on its data collection consent page || Reject Immediately
| The add-on collects personal data, technical data, or user interaction data, and does not have a consent prompt when the add-on is first run (e.g. installed). || Reject Immediately
|-
| The add-on has a consent prompt, but it does not describe the data being collected || Delayed RejectImmediately
|-
| The add-on has a consent prompt that makes use of dark patterns to entice the user to accept. || Delayed RejectImmediately
|-
| The main purpose of the add-on is to collect and analyze form data. Therefore, the add-on collects personal data such as the name and email of the user and sends the data to the service, but without an opt-in for personal data. || Reject Immediately
| An add-on collects all visited browser URLs without notice, as part of a feature that does not relate to the primary functionality of the add-on. || Reject Immediately
|-
| The add-on exchanges data via native messaging that does not belong to the primary functionality of the add-on and fails to adhere to the [https://extensionworkshop.com/documentation/publish/add-on-policies/#no-surprises no surprises requirements].<br/><br/>In severe cases, such as when sensitive data is being exchanged, please reject immediately. || Delayed RejectImmediately
|-
| The consent experience only offers the option to accept the data collection. || Delayed RejectImmediately
|-
| The consent experience offers the option to accept or uninstall, but the main functionality of the add-on will technically work without this type of data collection.<br/><br/>If the developer argues that collecting the data is required for business purposes, e.g. to maintain the add-on, this does not warrant an accept or uninstall behavior. || Delayed RejectImmediately
|-
| The add-on collects technical data and does not provide a way for the user to disable this type of data collection. || Delayed RejectImmediately
|-
| The add-on combines both personal and technical data into one option and does not provide a way to control them separately. || Delayed RejectImmediately
|-
| An update to the add-on adds consent experience but it is only displayed to new users and not to existing users upgrading to a newer version. || Reject Immediately
|-
| An update to the add-on contains additional data collection but that data isn't declared in the consent experience and/or the consent isn't displayed again to existing users upgrading to this version. || Reject Immediately
|-
| The consent experience is not shown immediately after installation, but the add-on does not collect any data until the user sees the consent. (For example, consent experience is shown at browser action click). || Delayed Reject
|-
| The consent experience is not shown immediately after installation, but data is being collected before the user can see the control mechanism. || Reject Immediately
|-
| The add-on collects personal data, technical data, or user interaction data and does not have a consent experience. || Reject Immediately
|}
! scope="col" style="width: 10.5em" | Verdict
|-
| The add-on monetizes by injecting ads into web pages, but fails to identify the content as belonging to the add-on. || Delayed RejectImmediately
|-
| The add-on includes a crypto-mining function that mines coins in the background for the profit of the developer. || Reject Immediately
| The add-on makes use of remote CSS scripts, which can cause security vulnerabilities in combination with libraries such as React and Angular. || Reject Immediately
|-
| The add-on seems to be intentionally violating our policies, such as collecting a cryptocurrency private key and sending it to a remote server. || EscalateForce Disable and Block
|}
[[Add-ons/Reviewers/Guide/Reviewing|Previous: Reviewing]] [[Add-ons/Reviewers/Guide/Moderation|Next: Moderation]]
