We should make this (by policy) a mandatory thing for extensions that phone home in any way, and give them a field to put a URL in.

Depending on whether we want them to be able to edit it or whatever, we may want to host it ourself. That way, we can track changes to it. We also need to inplement UI so users can confirm that they've read the privacy policy before they're allowed to install the addon. Also.. terms of use? terms of service? anything else?

Instead of a link, I think this should be an internal page extension/privacy.xhtml.

It might be more prudent for these cases to allow only a link to the plugins' homepage, than to allow it to install directly from the mozilla site. In a sense the lack of proper disclosure is not the responsability of mozilla.org, but the presence on the extension site does seem similar to a "seal of approval" (at least to unsuspecting users). And since mozilla/ff are free and clean, people tend to expect that from hosted extensions as well.

I created a Privacy Policy system, but rather than upload the 5 attachments (v1 patch, v2 patch, 2 new files, and the sql query) I figured I'd post a working example and I can make any changes based on feedback first. The developer changes can be viewed at: https://update-staging.mozilla.org/~fligtar/v1-privacy/developers/ There is a next textarea when adding an extension and editing an extension for the privacy policy. It only shows up for extensions, not themes. If that field isn't empty, a link will be displayed on the approval queue to the mozilla-hosted privacy policy (https://addons.mozilla.org/firefox/100/privacy-policy/) The public changes can be viewed at: https://update-staging.mozilla.org/~fligtar/v2-privacy/public/htdocs/addon.php?id=3116 Unfortunately, my .htaccess is not properly rewriting URLs right now, so you can't really navigate from page to page. The addon overview page will only display the privacy policy checkbox and add a sidebar item if the policy is set. The /privacy-policy/ rewrite goes to https://update-staging.mozilla.org/~fligtar/v2-privacy/public/htdocs/privacy-policy.php?id=3116 If we implement the mandatory privacy acceptance, we would also need to add checkbox support to the main page and recommended page before downloading those extensions, if they set a privacy policy. Is that something we want to do? And do we like the checkbox in the green box format or something else? Also, how do we want bug 342973 to blend with this one?

After discussions in #amo with shaver and others today, the Privacy Policy is for information only. I updated this in my test pages and posted those links in bug 342973. I am working on this bug and bug 342973 together, along with bug 335708. They will all be in the same patch, so it might be better to mark 1 or 2 of these extra bugs as dups of 342973, but I'll let someone else decided that.

This has been fixed on the Developer Pages side in Remora, although it's meant to be the actual Privacy Policy, not just a link.