Permissions and Privacy policy - aaFn/Bookmark-search-plus-2 GitHub Wiki

On demand by users, this page is to document the reason for each Firefox permission asked by BSP2.
The reason for the permissions is very simple for each, and most come from limitations of the Firefox API :-(

Reference for general explanation on permissions is here, from Mozilla -> https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions

  • Access your data for all websites -> This is because FF does not give to add-ons the access to the favicons it stores internally (the little pictures besides each bookmark), so BSP2 has to get them directly from the websites you have bookmarked. Which requires that permission. As a matter of fact, BSP2 would go well with a less demanding authorization, like "Access any URL", which is really only what BSP2 needs, but it doesn't exist in standalone, and can only be obtained through "Access your data for all websites" 😞.
    Note as explained on the main add-on page, and in the privacy policy below, that BSP2 in its desire to be extremely respectful for data privacy does not go to the Google service for getting Favicons as some other FF bookmark add-ons are doing .. so it is not leaking anything about you to the Internet or "services" out there.

  • Read and modify bookmarks -> I guess this one is obvious, BSP2 purpose is to manage bookmarks :-)

  • Read and modify browser settings -> This is necessary because some users asked BSP2 to respect browser settings, which means BSP2 has to read them, which require the permission first. See https://github.com/aaFn/Bookmark-search-plus-2/issues/22

  • Access browsing history (listed 2 times) -> This again because of a limitation of FF API = add-ons cannot anymore create dialogs, for example for editing a bookmark property (title, url). They can only create browsing windows to do that .. and browsing windows then are added to the browsing history and pollute it heavily :-(
    So there is a need to go to history and remove those garbage... this is what FF API doc itself recommends to do, see https://developer.mozilla.org/Add-ons/WebExtensions/user_interface/Extension_pages .
    Also, BSP2 accesses the list of “Top Sites” that are shown in the browser's new tab page to display that under the "Most Visited Sites" special folder. This is the closest approximation of the contents of that special dynamic bookmark folder, not provided by the FF API.

  • Access browser tabs -> Again this is because FF does not give to add-ons the access to the favicons it stores internally. When reloading a tab, it contains the URL to the favicon, so this is an accelerator to get it in BSP2, hence the need for that permission.

  • Store client-side data, and Store unlimited amount of client-side data -> Once again this is because FF does not give to add-ons the access to the favicons. Once BSP2 has retrieved it, it has to store it so that it does not have to fetch it again on Internet. This can be some significant space for people having many bookmarks like 10000 or 80000 (yes ... some people have that amount .. :-) ), and does not fit within the 2 MB of the simple permission, hence the need for "unlimited".
    Also, as of 2.0.27, an optimization was implemented to accelerate drastically BSP2 duration at start times after 1st install, by caching the bookmark definitions in local storage which is much faster than querying the Firefox API itself, very slow -> https://bugzilla.mozilla.org/show_bug.cgi?id=1396364.
    This requires more than the default 5 MB storage for users with very high number of bookmarks.

  • menus (note: doesn't appear on the list of demanded permissions) -> This is to enable BSP2 to add a native FF context menu extension for FF bookmarks, to show their path. A "BSP2 Show path to bookmark item" specific submenu is added, which displays the path to the bookmark item when developed.
    For now, this works only on bookmarks toolbar or menu. This doesn't currently work for bookmark sidebar and library window items ... cf. API limitation on "bookmark" type -> https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/menus/ContextType Let's hope it will be enabled by FF also on the bookmark sidebar and library window one day !

  • Monitor extension usage and manage themes: needed as of 2.0.68 and upper, to synchronize sidebar colors with FF active theme, and its changes.

It appears now (not sure in which FF version this was enabled) that permissions can be dynamic. I.e. an add-on could ask for them only when needed, and the user could decide to selectively accept them or not. As this was not available when I started the add-on (or I didn't notice it), the add-on currently asks for all of them at once at install time, even when disabled by some options (see the "Disable favicon fetching" option of BSP2, which will then not use many of the above permissions). When I have time, I will adapt BSP2 to this more dynamic behavior.

Similarly, it looks like permissions cannot be granted granularly by you to an add-on inside Firefox today, and there is today no way to manage them once granted. I.e., once granted, this is for the whole life of the add-on install and upgrades. For now, if you say yes, you get all functions. If you say no, the add-on cannot install. I guess this will change in some future to align with the Android model, leaving it to the add-on to dynamically discover what you are authorizing or not, and which functions you could not get while benefiting from the rest. but we are not there today.

Privacy policy: BSP2 does not collect, register, process or disseminate any data about you, and is even very careful about not leaking anything about you to others in spite of Firefox limitations. For example, the Firefox API does not provide bookmark favicons (https://bugzilla.mozilla.org/show_bug.cgi?id=1315616 and https://bugzilla.mozilla.org/show_bug.cgi?id=1411120) although this is an integral part of bookmarks. Therefore those favicons need to be fetched (you can disable that though on the options page). As said above, some other add-ons are using the Google facility www.google.com/s2/favicons?domain_url=... for that, which is leaking things about you to Google. BSP2 in its desire for being extremely respectful of your data privacy does not go to that service. Everything was re-coded from the ground up to get the favicon directly from the bookmarked site though standard HTTP/HTTPS, and only once.

I hope this is clear and as transparent as possible to everybody. If you want to get assurance by yourself, the code is open, plain text, and fully commented, so you can have a look at it at any time (take the .xpi file in your Firefox profile, add .zip to it, and open it with you preferred zip archive to look at the sources in files which are there).

You can also post issues on https://github.com/aaFn/Bookmark-search-plus-2/issues if you want more explanations.