[Animats]

"According to our Add-on Dev Relations Lead (jorgev), since the tracking in blocksite is "opt in", it doesn't actually violate any of the AMO policies."

I know, but it says something about the Mozilla Foundation that they let that through.

[the8472]

It says that they value their user's freedom? Including the freedom to apply footguns to themselves if they are clearly told that they are dealing with a footgun?

Also note that spying on the user can be done without system-level access. Since addons generally are allowed to do arbitrary XHRs anyway, so they can just record in-browser data and send it via XHR. No access to the filesystem needed. So this issue is somewhat orthogonal to access to the rest of the system, besides the aspect that a malicious addon can do more damage that way. It can still be malicious when restricted to just the browser.