[Qgis-psc] Call for transparency - Generative AI plugins

Aguilar Bolivar, Rosa (UT-ITC) r.aguilar at utwente.nl
Wed Jun 17 23:36:03 PDT 2026 

Hi, Regis

Thanks for your reply.
I see in two steps: 1) Address this explicitly in the plugin development guidelines (https://docs.qgis.org/3.44/en/docs/pyqgis_developer_cookbook/plugins/index.html);
and 2) at the approval stage, the developer should add , e.g., in the metadata, what services are used and how – if any – data is collected.
An explicit user consent should be added when data is collected.

My two cents

Rosa



Dr. Rosa Aguilar | Assistant Professor | University of Twente | Faculty of Geo-Information Science and Earth Observation|
Campus University of Twente, Building Langezijds, room 1322, P.O. Box 217, 7500 AE Enschede, The Netherlands |
T: +31 (0)53 487 4567 | r.aguilar at utwente.nl<mailto:r.aguilar at utwente.nl> | https://www.itc.nl/ |
Connect with me on LinkedIn<https://www.linkedin.com/in/rosamaguilar/?locale=en_US> https://rosaguilar.github.io<https://rosaguilar.github.io/>|

The essential is invisible to the eye. Saint-Exupéry

[https://www.itc.nl/.uc/fa375379b01021d625f0083ea0d0312ee46ec8ddd8df800/UT%20ITC%20logo%20RGB.jpg]

From: QGIS-PSC <qgis-psc-bounces at lists.osgeo.org> On Behalf Of Régis Haubourg via QGIS-PSC
Sent: Wednesday, 17 June 2026 16:08
To: qgis-psc at lists.osgeo.org
Subject: Re: [Qgis-psc] Call for transparency - Generative AI plugins


Hi Rosa, thanks a lot for raising this issue.

I agree that such plugins can be an issue with data privacy and probably security.

I had a look at how Mozilla handles extensions [0] and I agree that we should aim toward more explicit consent and authorization model.

Generally speaking, I think we should embrass privacy statements for our plugin repository. All data collection should be opt-in, so qgis-geo-knowledge-ai would then be not conformed with its default permissions.
Ideally a permission system should block a plugin sending data without explicit permissions.

Any other thoughts?



[0] https://extensionworkshop.com/documentation/publish/add-on-policies/#data-collection-and-transmission-disclosure-and-control

Best regards,



Régis Haubourg

Elected member at the Program Steering Comitee of QGIS.org.

-
On 17/06/2026 09:08, Aguilar Bolivar, Rosa (UT-ITC) via QGIS-PSC wrote:
Dear PSC,

First, I would like to express my appreciation for the continuous efforts invested in maintaining QGIS as a reliable and high-quality platform.

I would like to draw your attention to the growing presence of AI-related plugins within the QGIS ecosystem.
In my view, it is essential to ensure transparency for end users regarding which large language models (LLMs) are being utilized, as well as how user data may be processed, transmitted, or stored.
As a specific example, I recently reviewed the Geo Knowledge AI plugin (https://github.com/robert6757/qgis-geo-knowledge-ai) and observed that no API key is required for its operation. Upon further inspection of the code, it appears that requests are routed to a remote server (as indicated in: https://github.com/robert6757/qgis-geo-knowledge-ai/blob/main/global_defs.py).
While I am not certain of the best mechanism to address this, one potential approach could be the introduction of a developer declaration or compliance option (e.g., a checkbox or metadata field). This could require plugin developers to explicitly disclose key aspects such as the underlying AI model in use and the nature of any data collection, transmission, or processing. Such measures would enhance transparency and support users in making informed decisions.

Best regards,

Rosa




Dr. Rosa Aguilar | Assistant Professor | University of Twente | Faculty of Geo-Information Science and Earth Observation|
Campus University of Twente, Building Langezijds, room 1322, P.O. Box 217, 7500 AE Enschede, The Netherlands |
T: +31 (0)53 487 4567 | r.aguilar at utwente.nl<mailto:r.aguilar at utwente.nl> | https://www.itc.nl/ |
Connect with me on LinkedIn<https://www.linkedin.com/in/rosamaguilar/?locale=en_US> https://rosaguilar.github.io<https://rosaguilar.github.io/>|

The essential is invisible to the eye. Saint-Exupéry

[https://www.itc.nl/.uc/fa375379b01021d625f0083ea0d0312ee46ec8ddd8df800/UT%20ITC%20logo%20RGB.jpg]




_______________________________________________

QGIS-PSC mailing list

QGIS-PSC at lists.osgeo.org<mailto:QGIS-PSC at lists.osgeo.org>

https://lists.osgeo.org/mailman/listinfo/qgis-psc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-psc/attachments/20260618/26bb0c4c/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 318796 bytes
Desc: image001.jpg
URL: <http://lists.osgeo.org/pipermail/qgis-psc/attachments/20260618/26bb0c4c/attachment-0001.jpg>

More information about the QGIS-PSC mailing list