I have come across a few add-ons that post user data to external 3rd-party analytics websites. The add-ons are obfuscated so it is not clear as what user data they are posting. Besides, the add-on doesn’t even specify anywhere that it is gathering user data (i.e. without user consent). I am not sure if this is even legal in some jurisdictions. They usually hide their access privileges to such analytics site by requiring the end-user to grant (their add-on) permission to access all websites.
Though I have already reported one such add-on to the admins but it seems that no action is being taken in this regard. Legal issues aside, does it even sound ethical that an obfuscated add-on should be allowed to do so without user consent?
The developers claim that they are doing this in good faith, but that is not sufficient to earn the trust from an end user who cannot verify this from their end due to the obfuscation.
How different is this from spying? Is the mozilla add-on hub becoming another distribution channel for spyware? Should Mozilla allow obfuscated add-ons to pass user-data to external websites (which are not required for add-on functionality) without user consent?