[Qgis-psc] Call for transparency - Generative AI plugins
Tim Sutton
tim at qgis.org
Thu Jun 18 12:39:30 PDT 2026
Hi Rosa
Thanks for this. Indeed, Lova and I are already thinking along these lines
with adding various tags for security, maintainership, compliance and
adding LLM declarations (e.g. completely vibe coded, vibe coded with human
review, ai completion assisted, no LLM used). Probably better we also use
explicit terminology (LLM vs AI). Then you are also raising another issue
which is upstream services used (and whether they are used with permission,
if I understand you right). I'm CC'ing in Lova who is our miracle worker on
the backend.
Regards
Tim
On Wed, Jun 17, 2026 at 3:10 PM Régis Haubourg via QGIS-PSC <
qgis-psc at lists.osgeo.org> wrote:
> Hi Rosa, thanks a lot for raising this issue.
>
> I agree that such plugins can be an issue with data privacy and probably
> security.
>
> I had a look at how Mozilla handles extensions [0] and I agree that we
> should aim toward more explicit consent and authorization model.
>
> Generally speaking, I think we should embrass privacy statements for our
> plugin repository. All data collection should be opt-in, so
> qgis-geo-knowledge-ai would then be not conformed with its default
> permissions.
> Ideally a permission system should block a plugin sending data without
> explicit permissions.
>
> Any other thoughts?
>
> [0]
>
> https://extensionworkshop.com/documentation/publish/add-on-policies/#data-collection-and-transmission-disclosure-and-control
>
> Best regards,
>
> Régis Haubourg
> Elected member at the Program Steering Comitee of QGIS.org.
>
>
> Best regards,
>
> Régis Haubourg
> Elected member at the Program Steering Comitee of QGIS.org.
> -
>
> On 17/06/2026 09:08, Aguilar Bolivar, Rosa (UT-ITC) via QGIS-PSC wrote:
> >
> > Dear PSC,
> >
> > First, I would like to express my appreciation for the continuous
> > efforts invested in maintaining QGIS as a reliable and high-quality
> > platform.
> >
> > I would like to draw your attention to the growing presence of
> > AI-related plugins within the QGIS ecosystem.
> >
> > In my view, it is essential to ensure transparency for end users
> > regarding which large language models (LLMs) are being utilized, as
> > well as how user data may be processed, transmitted, or stored.
> >
> > As a specific example, I recently reviewed the Geo Knowledge AI plugin
> > (https://github.com/robert6757/qgis-geo-knowledge-ai) and observed
> > that no API key is required for its operation. Upon further inspection
> > of the code, it appears that requests are routed to a remote server
> > (as indicated in:
> >
> https://github.com/robert6757/qgis-geo-knowledge-ai/blob/main/global_defs.py
> ).
> >
> > While I am not certain of the best mechanism to address this, one
> > potential approach could be the introduction of a developer
> > declaration or compliance option (e.g., a checkbox or metadata field).
> > This could require plugin developers to explicitly disclose key
> > aspects such as the underlying AI model in use and the nature of any
> > data collection, transmission, or processing. Such measures would
> > enhance transparency and support users in making informed decisions.
> >
> > Best regards,
> >
> > Rosa
> >
> >
> _______________________________________________
> QGIS-PSC mailing list
> QGIS-PSC at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/qgis-psc
>
--
*Tim Sutton*
QGIS Project Steering Committee
tim at qgis.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-psc/attachments/20260618/97fce697/attachment.htm>
More information about the QGIS-PSC
mailing list