Check out our privacy policy at https://webpass.io/privacy for a detailed explanation of what we do with your data. If there are any scenarios that aren't clearly explained that concern you, please let me know and I can have the policy updated.
I am the OP. I run a website that uses webpass.io. I am not posting a link to the site to avoid self-promotion but it should be easy enough to find.
With that said, here is MY implementation. Other publishers may do it differently.
Our site is a discussion forum. People can browse at will but only logged in users can post and reply to topics.
We run advertising with Google DFP. A few years back we started offering a subscription where users pay us a recurring fee and they have the option to turn ads on/off in their profile.
I myself thought of using a micro-payment service but I wanted something easy.
The way webpass works is by their add-on sending a unique token on every page request. If there's a token my code checks with their server if it's a valid token. If yes we then have two options:
- if you are not logged in then we completely remove the ad scripts BEFORE sending the page to the browser client.
- if you are logged in we treat your session as a subscriber session and will send or not the ad scripts based on your profile preferences. This means you can go to your profile page and turn ads on/off.
Using webpass made the experience better for our users because even those people who don't want to create another web profile and pay another subscription can still get to our site ad free.
Uploading the list of installed browser extensions is unnecessary (you say so yourself in your Privacy Policy) and reveals a lot of information about the user.
You are right, this is not necessary, and we stopped recording this information a while ago. Sending this information should be an option that users can turn on or off at their leisure, if it happens at all. Our aim is to provide our users as much privacy, and control over their privacy, as we can, and this old design choice does not fit that aim.
The Firefox addon has never sent that information, and (though not recorded anyway) we'll be removing it from the Chrome extension and updating our privacy policy shortly.
