You can extend the functionality of any decent web browser through the use of extensions. You can extend the functionality of WordPress in the same way.
The developers of extensions for web browsers aren't always ethical. Many extensions, or add-ons if you're a Firefox user, collect data and use 3rd party services. The same is true regarding WordPress plugins, however the key difference is that a data harvesting browser extension compromises the privacy of a single user, generally speaking, while a data harvesting plugin for WordPress may compromise the privacy of everyone visiting the WordPress hosted website.
With this in mind, i posted a thread in the WordPress.org Requests and Feedback forum:
web browsers, such as Firefox, ask for permissions when installing an add-on and often add-ons include a privacy policy
web browser privacy affects a single user, however in the case of WordPress, any and every visitor to ones site is potentially affected, thus i think it’s even more important that WP plugin devs provide a reasonably comprehensive privacy policy that informs administrators of…
* what, if any, data is collected
* what the data is used for
* who receives the data and who is it distributed to
* whether a plugin contains functionality that is not required to perform its stated purpose
* what WP APIs the plugin uses
* ...
This is the reply i received from 'Steve Stern' a few minutes later:
This would be an excellent blog post and something worth discussing on your own site or in social media. These forums are for technical support matters and this is not a support topic. Therefore, I've removed the post. Definitely post this, but elsewhere!
Bullshit. The Requests and Feedback form is not for technical support. As a matter of fact, if one posts a support question in this form, it will be removed and possibly relocated to the appropriate form. The more accurate reason for not accepting the post appears to be that WordPress isn't overly concerned with end user privacy. Consider a post in the same form, Request regarding cookies and embedded content. Here the poster is making a very similar request in that they desire a policy that requires plugin developers are required to disclose whether they use cookies and 3rd party content. Here's an excerpt:
It would be great if WordPress.org could start moving toward requiring plugin and theme developers in the repository to disclose [on the] applicable plugin or theme page what cookies they set, if any (including what those cookies do and their normal duration), and what embedded content they use, if any (including stuff like Google Fonts or embedded video players, even if just on the dashboard).
In a growing number of jurisdictions, website owners are legally responsible for knowing and disclosing that information to end users. For those of us who are not developers, this is a major pain, requiring constant detective work to identify different cookies and figure out what’s setting them and why.
And here is a portion of the responses the post author received:
Just that alone would be burdensome and kill the desire for many people to contribute code here.
*Drinks coffee*
As Joy pointed out, there’s already a guideline for plugins and themes and that has to be adhered to in order to host a plugin or theme here. Some plugins are small and do one thing well and adding that would pretty much discourage the submitter for sharing that here.
And...
They do disclose it. It’s in the source code.
[...]
I know that you don’t see that or you’d not have posted this. You’re asking for placing another unnecessary barrier for people to contribute code. Documenting code is tedious enough, you are asking a contributor to increase their burden when all they want to do is share code.
Let’s not do that. Let people contribute and not make that any more difficult.
And...
That’s an additional level of work that is not needed for any opensource community project.
The post author finished up with the following:
I’m surprised by the implication that the substantial challenges and compliance with expansive privacy laws like the GDPR and CCPA is some kind of eccentric personal problem of mine, but if that’s the official position of the WordPress.org community, so be it, I guess.
I then added my comment which was similar to the post i made that was removed:
Mozilla requires it to some extent
so does Chrome
but for WordPress it’s too burdensome?i agree with the OP in that plugin devs should be required to list, at the very least, what 3rd party resources a plugin uses and what, if any, data is collected that is not required to perform its stated purpose and what that data is used for
i think the goal should be transparency and protecting user privacy over not wanting to place a small burden on plugin developers – i don’t see Firefox add-on devs jumping ship because of their add-on developer policies, and as for those that go elsewhere because they don’t respect user privacy, good riddins
Steve Stern then closed the topic with exactly the same canned reply that was sent to me by email.