Hello there,
Can you please make sure users can see your privacy policy on AMO? Users might not be savvy enough to search for your github page: https://violentmonkey.github.io/privacy/
My request again is that you add your privacy policy to your mozilla addons webpage with a link to the one on github or a static text copy of the existing one on your github landing page as previously listed.
I don't mean to be an alarmist or to point fingers, but this concerns me because previously this project was touted by others as not only being open source, but didn't collect/use/distribute and or sell user information. (I don't know which if any of those you do, but I find your privacy policy alarming and what's more that the policy has been omitted from https://addons.mozilla.org/en-US/firefox/addon/violentmonkey/ .
The privacy policy was generated by TermFeed ( https://termsfeed.com/privacy-policy/generator/ ) excerpt from their webpage: "Privacy Policy" agreement is required by law if you're collecting personal data from users, regardless of the platform used (website, mobile app, desktop app etc.)"
Here's some bits and bobs I think are relevant:
My thoughts: _(AMO users don't see this privacy policy since it's not there, therefore they're not giving consent.) (If the ToS is truly displayed inside Violentmonkey after installation and initialization that isn't sufficient enough for AMO.)_
Does your privacy policy regarding collection of personal informastion only apply to expressly authorizing consent to cloud storage syncing? If that's the case and no other data is collected, then that sounds great, then please just add the privacy policy to AMO.
The bit with regard to no control etc of third party sites or services seems reasonable to me.
I am not here to ruffle feathers or to offend, what I have written is my opinion and is based on my experience with addons in the past going sour and pilfering my browser activity to an extreme to sell to third parties with no notice of an addition of a privacy policy in an update. So I am asking you to set the record straight and to disclose you have a privacy policy on AMO.
Regards,
l-a-n-g-o-l-i-e-r-s
Edit: Pardon the formatting, the header text is only so you're able to tell my writing from the policy.
Thanks for reminding. I've added a link on AMO.
@gera2ld Does your privacy policy regarding collection of personal information only apply to expressly authorizing consent to cloud storage syncing? Is any other data collected at any time transmitted outside of the browser ? If so, specifically what kind of data?
Please answer this question as asked earlier, your page said to contact you if I had any questions about your privacy policy. :8ball:
Thanks.
@L-a-n-g-o-l-i-e-r-s Yes, it does not collect any other information at the moment.
FYI, GM_xmlhttpRequest sends requests with the related cookies, which are sent directly by the browser, as if you are visiting that URL in a tab.
@gera2ld GM_xmlhttpRequest is used in scripts, right?
Are there any plans to expand data collection? If so, will it be monetized? Will it have an opt-in or an opt-out? Will users be provided sufficient notice of this change? (Rather than a stealth change to the listed privacy policy with no notification?j
Thank you for your time.
@L-a-n-g-o-l-i-e-r-s Yes, GM_xmlhttpRequest is only used in scripts.
There is no plan to collect personal information at the moment. If things change in the future, I'm pretty sure there will be something like a popup to let users make their choices.
If the extension requires more permissions, Chrome and Firefox will deactivate it and force the user to know about the permission changes. So you will definitely know it before continuing.
To be curious, what kind of personal information do you think the extension is able to grab and use for other purposes?
@gera2ld I was concerned that there was obfuscation involved in burying what I believed to be a somewhat convoluted and confusing privacy policy. I see now that it was just an oversight that the privacy policy wasn’t listed there. I’m glad it was benign and not a subtle corruption of an extension I use regularly.
The clarifications of your policy here as of writing dispel my notions that your extension is passively collecting user information. The policy seems mostly targeted at using the third party syncing feature which is optional, from my interpretation. I’m happy to hear that ViolentMonkey which was praised for being open-source and privacy focused remains and has always been truthful.
Thank you for your work and your honesty, I’m glad there is at least one honest player on the block.
Most helpful comment
@L-a-n-g-o-l-i-e-r-s Yes, it does not collect any other information at the moment.
FYI,
GM_xmlhttpRequestsends requests with the related cookies, which are sent directly by the browser, as if you are visiting that URL in a tab.