Violentmonkey: Privacy Policy - Not Visible on AMO

Created on 26 Apr 2018  ·  6Comments  ·  Source: violentmonkey/violentmonkey

Hello there,

Can you please make sure users can see your privacy policy on AMO? Users might not be savvy enough to search for your github page: https://violentmonkey.github.io/privacy/

My request again is that you add your privacy policy to your mozilla addons webpage with a link to the one on github or a static text copy of the existing one on your github landing page as previously listed.

I don't mean to be an alarmist or to point fingers, but this concerns me because previously this project was touted by others as not only being open source, but didn't collect/use/distribute and or sell user information. (I don't know which if any of those you do, but I find your privacy policy alarming and what's more that the policy has been omitted from https://addons.mozilla.org/en-US/firefox/addon/violentmonkey/ .

The privacy policy was generated by TermFeed ( https://termsfeed.com/privacy-policy/generator/ ) excerpt from their webpage: "Privacy Policy" agreement is required by law if you're collecting personal data from users, regardless of the platform used (website, mobile app, desktop app etc.)"

Here's some bits and bobs I think are relevant:

"Violentmonkey (“us”, “we”, or “our”) operates the Violentmonkey extension (the “Service”).

"We will not use or share your information with anyone except as described in this Privacy Policy. Privacy Policy created by TermsFeed for Violentmonkey."

"We use your Personal Information for providing and improving the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible in Violentmonkey."

My thoughts: _(AMO users don't see this privacy policy since it's not there, therefore they're not giving consent.) (If the ToS is truly displayed inside Violentmonkey after installation and initialization that isn't sufficient enough for AMO.)_

"We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform _Service_-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

We use popular cloud storage services to synchronize extension data after your authorization."

"The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. Extension data is stored locally at most times, only synchronized to cloud storages after your authorization. While we try to protect your Personal Information, we cannot guarantee its absolute security."

Does your privacy policy regarding collection of personal informastion only apply to expressly authorizing consent to cloud storage syncing? If that's the case and no other data is collected, then that sounds great, then please just add the privacy policy to AMO.

"Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services."

The bit with regard to no control etc of third party sites or services seems reasonable to me.

I am not here to ruffle feathers or to offend, what I have written is my opinion and is based on my experience with addons in the past going sour and pilfering my browser activity to an extreme to sell to third parties with no notice of an addition of a privacy policy in an update. So I am asking you to set the record straight and to disclose you have a privacy policy on AMO.

Regards,

l-a-n-g-o-l-i-e-r-s

Edit: Pardon the formatting, the header text is only so you're able to tell my writing from the policy.

Most helpful comment

@L-a-n-g-o-l-i-e-r-s Yes, it does not collect any other information at the moment.

FYI, GM_xmlhttpRequest sends requests with the related cookies, which are sent directly by the browser, as if you are visiting that URL in a tab.

All 6 comments

Thanks for reminding. I've added a link on AMO.

@gera2ld Does your privacy policy regarding collection of personal information only apply to expressly authorizing consent to cloud storage syncing? Is any other data collected at any time transmitted outside of the browser ? If so, specifically what kind of data?

Please answer this question as asked earlier, your page said to contact you if I had any questions about your privacy policy. :8ball:

Thanks.

@L-a-n-g-o-l-i-e-r-s Yes, it does not collect any other information at the moment.

FYI, GM_xmlhttpRequest sends requests with the related cookies, which are sent directly by the browser, as if you are visiting that URL in a tab.

@gera2ld GM_xmlhttpRequest is used in scripts, right?

Are there any plans to expand data collection? If so, will it be monetized? Will it have an opt-in or an opt-out? Will users be provided sufficient notice of this change? (Rather than a stealth change to the listed privacy policy with no notification?j

Thank you for your time.

@L-a-n-g-o-l-i-e-r-s Yes, GM_xmlhttpRequest is only used in scripts.
There is no plan to collect personal information at the moment. If things change in the future, I'm pretty sure there will be something like a popup to let users make their choices.
If the extension requires more permissions, Chrome and Firefox will deactivate it and force the user to know about the permission changes. So you will definitely know it before continuing.
To be curious, what kind of personal information do you think the extension is able to grab and use for other purposes?

@gera2ld I was concerned that there was obfuscation involved in burying what I believed to be a somewhat convoluted and confusing privacy policy. I see now that it was just an oversight that the privacy policy wasn’t listed there. I’m glad it was benign and not a subtle corruption of an extension I use regularly.

The clarifications of your policy here as of writing dispel my notions that your extension is passively collecting user information. The policy seems mostly targeted at using the third party syncing feature which is optional, from my interpretation. I’m happy to hear that ViolentMonkey which was praised for being open-source and privacy focused remains and has always been truthful.

Thank you for your work and your honesty, I’m glad there is at least one honest player on the block.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

cyberrufus picture cyberrufus  ·  6Comments

bitWolfy picture bitWolfy  ·  5Comments

CrendKing picture CrendKing  ·  4Comments

maszd picture maszd  ·  3Comments

ale82to picture ale82to  ·  6Comments