92

Our moderator agreement states:

[…]
I acknowledge that I may have access to potentially personally-identifying information about Stack Overflow users and that in connection with such access
[…]
b) I will not disclose this information to anyone,
c) I will not store or copy this information and
[…]

Now, I've recently installed a sophisticated spelling/grammar/thesaurus tool as a browser extension to my browser. Chrome informed me that this extension can

  • Access my data on all websites
  • Access my tabs and browsing activity

This is not uncommon. In fact, virtually all extensions require some sort of this access to actually work. Depending on the extension, this access is local. However, in this particular case, I assume the data is sent to the service providing the spell and grammar checking. This in turn could potentially disclose information to the service (for instance when I write mod messages or when chatting with other mods).

Hence my question: am I allowed to use extensions that - in order to provide the service - require transmission of potentially personally-identifying information to a third party service?

Please note that my question is not about this particular browser extension. I am not even sure it really sends the data somewhere. It just occurred to me that some extensions definitely do. So my question is about any extension that sends data it has access to over the wire.

Also note that I am not asking this in terms of "Am I legally allowed by the phrasing in the moderator agreement" but in terms of intent. The intent of the moderator agreement is obviously to protect our users. And to make me be careful with handling their data. And that's why I am asking this question.

Improve this question
16
  • 1
    Would it be against the rules to hire a personal secretary to proofread your posts (you know, because the moderator salaries are so high)? The moderator agreement says anyone but it seems like exceptions should be made for people (or machines, in this case) acting as agents on your behalf.
    – George Cummins
    Commented Aug 25, 2013 at 12:23
  • 2
    @GeorgeCummins I'd expect the personal secretary to be bound by the same agreement then.
    – Gordon
    Commented Aug 25, 2013 at 12:33
  • 16
    I'd hope "common sense" applies... After all I will not store or copy this information - are you supposed to turn off caching/run the browser in private mode etc...? Also, I will not disclose this information to anyone - well - presumably yourself and other mods is okay...?
    – Jon Clements
    Commented Aug 25, 2013 at 12:47
  • 1
    I even expect a secretary having to sign such agreement with Stack Exchange, @George.
    – Arjan
    Commented Aug 25, 2013 at 12:53
  • 6
    @JonClements Common sense? How do you even expect that? We're on Stack Overflow, after all...
    – H2CO3
    Commented Aug 25, 2013 at 12:55
  • @Arjan: Since the signing is done by checking a checkbox and clicking a button that wouldn't be easily possible. ;)
    – ThiefMaster
    Commented Aug 25, 2013 at 12:59
  • 3
    @H2CO3: We are talking about moderators, not certain users, after all!
    – ThiefMaster
    Commented Aug 25, 2013 at 13:00
  • No, I guess not, @ThiefMaster. Where would such secretary be offered such agreement? Just to be sure, I meant: one cannot just delegate work to someone else without Stack Exchange somehow approving that.
    – Arjan
    Commented Aug 25, 2013 at 13:01
  • @ThiefMaster Correct...
    – H2CO3
    Commented Aug 25, 2013 at 13:06
  • @Gordon: There's a loophole there in which that personal secretary could hire their own secretary, ad infinatum, and although they're all bound not to disclose users' information to anyone outside of the group, it's moot because everybody's already privy to it.
    – Lightness Races in Orbit
    Commented Aug 28, 2013 at 10:19
  • @Gordon May I ask what this extension you speak of is? Interested in using it.
    – ComputerLocus
    Commented Aug 28, 2013 at 18:59
  • @Fogest it was grammarly.com/lite/FAQ - not too useful in the lite version though. I uninstalled again.
    – Gordon
    Commented Aug 28, 2013 at 19:04
  • 1
    I think the answer lies in the following follow up question : Do you have the same extension enabled while logging in to your bank's website?
    – Lix
    Commented Aug 28, 2013 at 21:19
  • @Lix that's a nice way to put it. But if I want to be careless with my own data, it's different than with the data of our users. Isn't it?
    – Gordon
    Commented Aug 28, 2013 at 21:25
  • 2
    @Lix the question then is: is it careless or non-critical? And if it is careless, isn't the fact that SO didn't enable SSL yet careless, too? And does that fact exempt me from being careless then? Because technically, each time I fetch a page from SO it's prone to Man in the Middle attacks.
    – Gordon
    Commented Aug 28, 2013 at 21:41

2 Answers 2

Reset to default
16
+50

The moderator agreement is pretty specific, you can't transmit or otherwise make available personally identifiable information that belongs to our users to any third party not covered by the moderator agreement, which is basically everyone that does not either work at Stack Exchange or have a diamond on one of our sites.

It's difficult for us to evaluate browser extensions on a case by case basis to evaluate what precisely they send, and where they send it. Then there's also the possibility that an extension could behave in a completely different way than it once did when it updates - we can't hope to stay on top of that and you certainly don't want the added responsibility of making sure your software doesn't violate the moderator agreement.

To that, we suggest taking a paranoid approach to what you allow to run in your browser while moderating. If it's something that has the ability to look at text in the browser and transmit what it contains to some remote server, you should disable it.

While we do hide personally identifiable information behind a 'click to show' that actually loads the information and logs your access to it, you can't really count on that in this context. The click to show feature was designed to guard against accidental screen shots showing privileged information, someone looking over your shoulder, or the like. We can't really put safe guards in place to help defeat an accidental breach in the case of browser plugins, user scripts and other extensions that we (Stack Exchange) don't ourselves officially offer and maintain.

If you feel that some extension is absolutely essential to your work flow as a moderator, and you aren't sure how it behaves, you can reach out to us and we'll try to give you guidance; just keep in mind that we're probably going to say 'it's best to disable that' in almost every case.

That's really the best blanket answer that we can provide, since there's just so many plugins that someone could conceivably use. We don't want to inconvienence moderators in any way, but the agreement is as important as it is specific, and we simply can't scale to evaluating these on a case by case basis.

Improve this answer
4

Reading from the privacy policy I believe that it is okay for you to use this extension.

According to Stack Exchange's privacy policy, most of the information collected is "primarily non-personally-identifying information".

The main potentially identifying information that you have access to as a mod is a user's account email, and their IP Address. "When you use the network, we also collect potentially personally identifying information in the form of Internet Protocol (IP) addresses."

However, I do not believe the extension would have access to everyone's IP address, only the one which was entered where the extension had access to it. If you were to send literally everyone's IP address through a place where the extension filtered that may be negligent.

Moderators also do not need to disclose the fashion in which they process information.

"When we collect your personal information, we’ll tell you how we’re using it, any types of third parties to which we might disclose it, (other than moderators or “agents,” such as vendors or contractors, who are only processing such information for us or at our direction), and the choices we offer you to limit the use of your information."

Improve this answer
2
  • It's not as if your IP address is kept private when you're on the Internet. So too much hand-wringing over that getting out doesn't make sense to me. It is about all of the information together, that could be used for harmful purposes.
    – Cody Gray - on strike
    Commented Aug 26, 2013 at 7:48
  • @CodyGray - The IP address is not private when browsing, but I was under the impression that was the most specific instance of identification. Users don't really offer up all that much information which isn't public here. Can you give an example of what you meant by all of the information together and how that could be harmful?
    – Travis J
    Commented Aug 26, 2013 at 8:07

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .