3 comments

[ 5.0 ms ] story [ 17.5 ms ] thread
I’m unsure how granular Firefox permissions can be, but this requires access to all data from all websites.

Edit: Yikes, they will save your search history on all e-commerce sites: https://www.wecultivate.us/privacy-faq

This is spyware.

Hi, developer on Cultivate here.

We ask to access data on all websites because our list of supported sites changes daily, and it would simply be too onerous to go through the web store approval processes for three different browsers every time we want to update them. So instead the extension periodically calls home to get our list of supported domains, then, on browser navigation, only does anything interesting if the current domain matches that allowlist. I think this is pretty typical for an extension of this type.

On your edit, "sav[ing] your search history on all e-commerce sites" makes this sound much more shadowy than it really is. All that is happening is that, on some sites such as Amazon, the URL and content of the page you are visiting are parameters used in generating product recommendations, and so are sent back to our servers to enable us to do this. We don't currently use this data for any other purpose. Our privacy policy leaves open the option for us to use this in aggregated anonymous analytics in future.

Your privacy policy tabs displayed on the iOS store show that data collected that is linked to you include browsing history, search history, and contact info.

Also, just looking at your source code on the Firefox extension, you have events named:

  * cultivate-record-page-content
  * cultivate-record-url
  * cultivate-record-google-results
  * cultivate-enhance-google-results
  * cultivate-request-google-results
  * cultivate-navigated
Actual http requests are made in your background.js file, and most of the events are called from e-commerce.js.