Correct Data usage privacy information for login functionality
262 views
Skip to first unread message
![Martin Sonesson [C]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjWY2lK7EV9qRASHO16LDKcbZmdr1gDEfCilo1RhMVEB4L0W6lJD=s40-c)
Martin Sonesson [C]
Sep 5, 2023, 1:38:48 PM9/5/23
to Chromium Extensions
Hello!
I am currently maintaining an extension with around 10k users. The extension needs the user to login in order to use it. The extension uses an oauth login flow (chrome.identity.launchWebAuthFlow) to receive an access token and login the user.
Now my question is under the develop dashboard (where you set store information for the extension) there is a section called "Data usage" under "Privacy" where you tick boxes to mark what type of data the extension collects. Currently I have ticked the box for "Authentication information" because I figured that was to cover for the whole login functionlity within the extension, but do I really need to tick this box? When the box is ticked in the store it will say that the extension "collects authentication information, For example: passwords, credentials, security question, or personal identification number (PIN)". This makes it sound as if the extension is storing users passwords that they use to login into various websites within the browser, which is not the case. It makes the extension sounds more "scary" than it actually is.
I saw that that there are other extensions, like Keeper (https:///webstore/detail/keeper%C2%AE-password-manager/bfogiafebfohielmmehodmfbbebbbpei), which also have a login functionality and they have not ticked this box. Instead they have ticked the box for "Personally identifiable information".
So which one of us is doing it correctly? If possibly I would like to untick the box for "Authentication information" because it sounds like the extension does some scary and intrusive things with the users passwords, which is not true.
I saw that that there are other extensions, like Keeper (https:///webstore/detail/keeper%C2%AE-password-manager/bfogiafebfohielmmehodmfbbebbbpei), which also have a login functionality and they have not ticked this box. Instead they have ticked the box for "Personally identifiable information".
So which one of us is doing it correctly? If possibly I would like to untick the box for "Authentication information" because it sounds like the extension does some scary and intrusive things with the users passwords, which is not true.
Oliver Dunk
Sep 7, 2023, 7:53:37 AM9/7/23
to Martin Sonesson [C], Chromium Extensions
Hi Martin,
Thanks for reaching out. I'll try to speak to the team and confirm this for you.
Thanks,
--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/62405025-9661-4a4b-93ae-a125d174309cn%40chromium.org.
Uladzimir Yankovich
Sep 7, 2023, 5:12:34 PM9/7/23
to Chromium Extensions, Oliver Dunk, Chromium Extensions, Martin Sonesson [C]
That's a good question. I also talked about this. And perhaps now, while the store is being redesigned, it’s worth saying again.
I believe that in such sensitive areas as the privacy section, statements like “For example: name, address, email address, age, or identification number” are unacceptable. People don’t see “for example”, they see everything else and then write to us in support and ask why and how I collect their age.
I believe that these examples either should be removed, or the developer must enter them himself.
I believe that in such sensitive areas as the privacy section, statements like “For example: name, address, email address, age, or identification number” are unacceptable. People don’t see “for example”, they see everything else and then write to us in support and ask why and how I collect their age.
I believe that these examples either should be removed, or the developer must enter them himself.
Martin Sonesson [C]
Sep 8, 2023, 9:13:24 AM9/8/23
to Chromium Extensions, Oliver Dunk, Chromium Extensions, Martin Sonesson [C]
Thank you Oliver!
I hope to hear from you soon, I'd love to sort this thing out.
Thanks,
Martin
I hope to hear from you soon, I'd love to sort this thing out.
Thanks,
Martin
Martin Sonesson [C]
Oct 2, 2023, 4:18:37 AM10/2/23
to Chromium Extensions, Martin Sonesson [C], Oliver Dunk, Chromium Extensions
Bumping this thread. I would really like an answer for this.
It would be great to have an answer for this. I would really like to remove the whole message on my extension store page about how the extension "collects authentication information, For example: passwords, credentials, security question, or personal identification number (PIN)" because that is simply not true for my extension, but at the same time I want to do this correctly and not cause any legal problems.
Thank you so much in advance!
Thank you so much in advance!
Oliver Dunk
Oct 19, 2023, 8:11:45 AM10/19/23
to Martin Sonesson [C], Chromium Extensions
Hi Martin,
Thanks for your patience.
I confirmed with the team and if your extension has login functionality, we would ask that you check that box. We definitely appreciate the feedback on the wording though and I'll make sure we discuss that internally.
As far as other extensions, we can't comment on a case by case basis, but I'll make sure the team is aware that there might be some inconsistency here.
Oliver Dunk
Mar 27, 2024, 8:03:07 AM3/27/24
to Martin Sonesson [C], Chromium Extensions
Hi Martin,
I know it might not fully resolve your concerns, but I just wanted to share an update that we have replaced "collects" with "handles" on the Chrome Web Store listing page:
Appreciate the feedback!
Reply all
Reply to author
Forward
0 new messages