[Qgis-psc] Call for transparency - Generative AI plugins

Régis Haubourg regis at qgis.org
Wed Jun 17 07:10:35 PDT 2026 

Hi Rosa, thanks a lot for raising this issue.

I agree that such plugins can be an issue with data privacy and probably 
security.

I had a look at how Mozilla handles extensions [0] and I agree that we 
should aim toward more explicit consent and authorization model.

Generally speaking, I think we should embrass privacy statements for our 
plugin repository. All data collection should be opt-in, so 
qgis-geo-knowledge-ai would then be not conformed with its default 
permissions.
Ideally a permission system should block a plugin sending data without 
explicit permissions.

Any other thoughts?

[0] 
https://extensionworkshop.com/documentation/publish/add-on-policies/#data-collection-and-transmission-disclosure-and-control

Best regards,

Régis Haubourg
Elected member at the Program Steering Comitee of QGIS.org.


Best regards,

Régis Haubourg
Elected member at the Program Steering Comitee of QGIS.org.
-

On 17/06/2026 09:08, Aguilar Bolivar, Rosa (UT-ITC) via QGIS-PSC wrote:
>
> Dear PSC,
>
> First, I would like to express my appreciation for the continuous 
> efforts invested in maintaining QGIS as a reliable and high-quality 
> platform.
>
> I would like to draw your attention to the growing presence of 
> AI-related plugins within the QGIS ecosystem.
>
> In my view, it is essential to ensure transparency for end users 
> regarding which large language models (LLMs) are being utilized, as 
> well as how user data may be processed, transmitted, or stored.
>
> As a specific example, I recently reviewed the Geo Knowledge AI plugin 
> (https://github.com/robert6757/qgis-geo-knowledge-ai) and observed 
> that no API key is required for its operation. Upon further inspection 
> of the code, it appears that requests are routed to a remote server 
> (as indicated in: 
> https://github.com/robert6757/qgis-geo-knowledge-ai/blob/main/global_defs.py).
>
> While I am not certain of the best mechanism to address this, one 
> potential approach could be the introduction of a developer 
> declaration or compliance option (e.g., a checkbox or metadata field). 
> This could require plugin developers to explicitly disclose key 
> aspects such as the underlying AI model in use and the nature of any 
> data collection, transmission, or processing. Such measures would 
> enhance transparency and support users in making informed decisions.
>
> Best regards,
>
> Rosa
>
>

More information about the QGIS-PSC mailing list