Mozilla Tightens Rules: Firefox Extensions Must Disclose Data Collection

Ethan Cole
Ethan Cole I’m Ethan Cole, a digital journalist based in New York. I write about how technology shapes culture and everyday life — from AI and machine learning to cloud services, cybersecurity, hardware, mobile apps, software, and Web3. I’ve been working in tech media for over 7 years, covering everything from big industry news to indie app launches. I enjoy making complex topics easy to understand and showing how new tools actually matter in the real world. Outside of work, I’m a big fan of gaming, coffee, and sci-fi books. You’ll often find me testing a new mobile app, playing the latest indie game, or exploring AI tools for creativity.
2 min read 45 views
Mozilla Tightens Rules: Firefox Extensions Must Disclose Data Collection

Starting November 2025, Mozilla will enforce a new transparency requirement for Firefox extension developers. All new add-ons must clearly state whether they collect or share user data with third parties — a move aimed at strengthening user privacy and trust across the browser ecosystem.

What’s Changing

From November 3, 2025, developers must include details about their data practices directly in each extension’s manifest.json file, under the new browser_specific_settings.gecko.data_collection_permissions key.
By mid-2026, this rule will apply to all Firefox extensions, not just new ones.

Mozilla says the goal is simple — to make data collection practices visible before a user installs an extension.
That means when you install a Firefox add-on, you’ll now see a data collection disclosure alongside the standard list of requested permissions.

“Developers can specify what data they wish to collect or transmit in their manifest.json file. The browser will parse this and display it during installation,” Mozilla explained.
“A user can then choose to accept or reject the data collection, just like permissions.”

How It Works

This new framework applies to personally identifiable information that can be gathered via extension APIs or provided directly by users.
That includes — but isn’t limited to — names, email addresses, search terms, or browsing activity data such as URLs and visited domains.

Even extensions that don’t collect any data will need to explicitly declare this.
This ensures every add-on listing is transparent about what happens to user data.

These declarations will be visible:

  • During installation prompts
  • On the add-on’s listing page on addons.mozilla.org
  • In the Permissions and Data section under about:addons

Mozilla will block any extensions that fail to provide the required data disclosure. Developers who submit incomplete manifests will receive explanatory error messages instead of approval.

A Broader Push for Transparency

This isn’t Mozilla’s first step toward securing its ecosystem.
In October, it allowed developers to roll back to previously approved extension versions to address critical issues quickly. Earlier, in June, Mozilla also introduced a new security layer for its add-on portal that helps block malicious extensions designed to drain cryptocurrency wallets.

These updates collectively reflect Mozilla’s growing focus on privacy, security, and developer accountability — areas where Firefox continues to differentiate itself from competitors.

Share this article: