Regarding add-ons which connect to the internet without user action

[ghost]

Describe the problem and steps to reproduce it:

(Please include as many details as possible.)
I can see many add-ons are connecting to remote server in background.
The problem is, these are automatically done in background, and most of them don't have "Privacy Policy" listed in AMO webpage.

What happened?

See below.

What did you expect to happen?

Add-ons which connect to the internet "without user action" must write a privacy policy, and it must include what data, when, where, how the receiver use the data, and whether to share the data to other person or not, clearly.

Anything else we should know?

(Please include a link to the page, screenshots and any relevant files.)
https://bugzilla.mozilla.org/show_bug.cgi?id=1467957
(not my bug because I don't have mozilla account. I just wrote my opinion to this github)

[ghost]

"without user action"

The "user action" shall meet all these requirements;

1. The user is clearly understanding the action; by clicking a button will trigger the internet connection.
2. The button is not hidden and clearly explaining what it does. (e.g. labeled "Submit report")

[ghost]

Safe (no need privacy policy):
TypeA: Add-on which doesn't require internet at all (data stored inside the xpi)
TypeB: Add-on which have only manual action + no remote server pre-definded

Must write policy:
TypeC: Add-on which connect to the internet without user action
TypeD: Add-on which connect to the internet with user action + server pre-definded in code

[jvillalobos]

This github repository is for AMO code, not add-on review or content policies. You can send an email to amo-admins AT mozilla DOT org to discuss any policy changes you want to propose.

A couple of things to consider: the review policy is detailed here, and there's a plan to add privacy flags as part of add-on manifest files.