DEV Community

Weather Clock Dash
Weather Clock Dash

Posted on

How I Built a Privacy-First Firefox New Tab Extension (No Data Collection, Ever)

#firefox #privacy #extension #webdev

The Problem With Most Browser Extensions

Browser extensions have a reputation problem. Many popular extensions — weather apps, new tab replacements, productivity tools — quietly collect your browsing data, sell it to advertisers, or require accounts that tie activity to your identity.

When I built the Weather & Clock Dashboard for Firefox, I made a different choice: zero data collection, no accounts, no tracking. Here's exactly how that works technically.

What "Privacy-First" Actually Means

The term gets thrown around a lot. For this extension, it means:

  1. No network requests to my servers — weather data goes directly from your browser to Open-Meteo's API
  2. No analytics or telemetry — no Mixpanel, no GA4, no PostHog
  3. No account required — settings stored locally via localStorage, never synced
  4. Minimal permissions — only storage and geolocation (if you enable weather)

The Architecture 

[Your Browser] → [Open-Meteo API] (weather data)
[Your Browser] → [localStorage] (your settings)

That's it. No middleman.
Enter fullscreen mode Exit fullscreen mode

Handling Weather Without a Backend

Most weather extensions route your location through their own servers. This lets them:

  • Log your IP address
  • Associate your location with an account
  • Sell the data

With Open-Meteo, I skip all of this:

// Browser requests weather directly — no proxy server
async function fetchWeather(lat, lon) {
  const url = `https://api.open-meteo.com/v1/forecast
    ?latitude=${lat}
    &longitude=${lon}
    &current_weather=true
    &daily=temperature_2m_max,temperature_2m_min,weathercode
    &forecast_days=3`;

  const response = await fetch(url);
  return response.json();
}
Enter fullscreen mode Exit fullscreen mode

Open-Meteo is a free, open-source weather API with no API key required. Your IP touches their servers (that's unavoidable for any weather service), but there's no account linking.

Geolocation: User Consent First 

function requestWeatherPermission() {
  navigator.geolocation.getCurrentPosition(
    position => {
      // User approved — fetch weather
      fetchWeather(position.coords.latitude, position.coords.longitude);
    },
    error => {
      // User denied — show a default city selector
      showCitySearch();
    }
  );
}
Enter fullscreen mode Exit fullscreen mode

The browser's native geolocation permission dialog gives users full control. If denied, the extension falls back to a city search so you can still get weather without sharing your precise location.

Settings Storage: localStorage Only

All preferences — theme, chosen cities, temperature unit — live in localStorage. Nothing is sent anywhere.

const SETTINGS_KEY = 'wcd_settings';

function saveSettings(settings) {
  localStorage.setItem(SETTINGS_KEY, JSON.stringify(settings));
}

function loadSettings() {
  const raw = localStorage.getItem(SETTINGS_KEY);
  return raw ? JSON.parse(raw) : DEFAULT_SETTINGS;
}
Enter fullscreen mode Exit fullscreen mode

This means settings don't sync across devices — that's a deliberate tradeoff. Sync would require a server, which would require an account, which would create a privacy footprint.

The Permission Manifest

Firefox extensions declare permissions upfront in manifest.json. Here's ours:

{
  "permissions": [
    "storage"
  ],
  "optional_permissions": [
    "geolocation"
  ]
}
Enter fullscreen mode Exit fullscreen mode

storage is for localStorage. geolocation is optional — it's only requested if you click "Enable Weather". Compare this to extensions that request tabs, history, browsingData, or webNavigation — permissions they don't actually need for their core function.

Open Source for Accountability

The extension is MIT licensed and the source is available for review. Privacy claims are easy to make; source code is hard to fake.

When users can read the code, they can verify:

  • There are no hidden API calls
  • There's no obfuscated tracking code
  • The permissions are actually used for what they claim

The Result

The Weather & Clock Dashboard works as a new tab replacement with:

  • Live weather and 3-day forecast
  • World clocks for multiple timezones
  • Search bar (your choice of engine)
  • Dark/light mode

All without collecting a single byte of your data.

Install it: Weather & Clock Dashboard on AMO

If you're building a browser extension, I'd encourage you to consider the same approach. Users are increasingly sophisticated about privacy — being genuinely privacy-first isn't just ethical, it's a competitive advantage.

Questions about the implementation? Drop them in the comments.

Top comments (0)