[ad_1]
I’ve been covering Chrome extensions and their many incidents for quite some time now. Every time something crazy happens with a developer stealing user data and the like, like the 15 cases last month, the last four weeks Facebook destroyed, and even the popular tab hang tool has gone rogue we talked about something called “Manifest v3” which might help put an end to this. What exactly is this Manifest v3, and is this the end of all fixes for the Chrome extensions issue? Will this have unwanted effects on extensions that are not malicious? We’re going to demystify all of this today, so sit down, have a drink, and let’s get started.
Manifest v3 was introduced in 2018 and has a long and controversial history. Basically, it’s a new platform that makes Chrome extensions more secure, better performing, and more privacy-friendly by default. Primarily, it prohibits remotely hosted code from being present in extensions downloaded from the Chrome Web Store, which can make it easier to identify potential threats during the review process.
It also allows extensions to be updated more quickly thanks to a new service worker that only stays in memory when needed, which allows it to use fewer resources. Additionally, it gives users greater visibility and control over how extensions using the new manifesto use and share their data. An interesting tip is that it allows users to deny sensitive permissions of extensions during their installation.
In fact, the whole idea behind Manifest v3 is to provide a means for extensions to work properly without needing to constantly access user data. Not only that, but Google wants to evolve into a future where all extensions move from Manifest v2 to v3 so that any potential performance issues with them don’t affect the overall browser experience for the end user, codes are known to gobble up RAM) and so that they can maintain a capable, powerful and feature-rich platform that can be enhanced by extensions, not hampered by them.
At this point, you might be wondering why this sounds so familiar to you. Well, there are two reasons, actually. First, the Google Play Store has taken exactly the same approach over the past few years. Developers are required to be clear about how they will use your data and for what purpose each permission that is requested from you will be used in the context of their application experience (granular permissions).
In Android Q, Google started letting you go even further and let an app access permissions only while it is running, as opposed to running in the background if you want, and showing a persistent notification when it is running. access to an authorization so that you remain fully in control of your privacy from moment to moment.
Second, I’ve repeatedly reported how the Chrome Web Store would mimic a lot of that starting in January, and here we are. Chrome will begin giving users control over which data extensions they can access, and developers who respect user privacy will receive a “ seal of approval ” from Google (see below) that can help users. to make informed decisions about which extensions it is safe to install and use. In a nutshell, Google wants to fight the out-of-control approach the Web Store has been operating on for so many years – it looks like a free-for-all, and that’s unacceptable. Going forward, Web Store Extensions should closely resemble the informational and professional look of Play Store listings, and Manifest v3 is directly responsible for all of these changes.
Okay, let’s get to that a bit – If Manifest v3 is so great, then why is it considered controversial? The main problem is that developers like Raymond Gorhill, the trusted and awesome creator of the popular uBlock Origin and other adblockers are using a new API “ DeclarativeNetRequest ” which will limit blocking of filter entries to 30,000 among other things, this which is just not equal. close to sufficient. In the process of limiting the number of entries an extension can have in order to prevent malware abuse, Google is literally crippling the very function that allows adblockers to exist!
Ad blockers are one of the most popular types of extensions, and a handful of the biggest developers in this space have gone to Google to complain – so much so that Google had to remove several of the bug tracking comments. Chromium and move the discussion to a private discussion thread. In a response, a Googler said he has no plans to break any extensions, but in the process of protecting user privacy and safety, there will be a few cracked eggs no matter what. come.
Our goal is not to break extensions. We are working with extension developers to strive to minimize this disruption, while advancing the platform to improve security, privacy and performance for all users.
Chrome bugs
At the time of writing this, we are not sure if Manifest v3 has been changed to make an exception for adblockers, and if so, it should be on an individual basis depending on developer trust level and his relationship with Google in these private discussions. . UBlock Origin developer Raymond posted a bunch on his Twitter account that the argument about the performance costs of privacy-focused browser extensions does not seem valid. In doing so, he cited an ACM Digital Library article on this topic. The article was written by Kevin Borgolte and Nick Feamster, professors at Princeton University and the University of Chicago, respectively.
Contrary to Google’s claims that extensions that inspect and block requests negatively affect browser performance, we find that a browser with privacy-focused request modification extensions performs similarly or better on our relative metrics. to a browser without extensions. In fact, even a combination of these extensions is no worse than a browser without any extensions. Our results show that privacy-focused extensions not only improve user privacy, but can also increase users’ browsing experience.
ACM digital library
Regardless, Manifest v3 is basically implemented with Chrome 88 right now, so it remains to be seen whether or not that will destroy popular adblockers as we know and love them. We’ll keep you posted on how it all plays out, but from now on, it looks like google created a one year migration period for them to start using the new API DeclarativeNetRequest – by leaving them to find a new method to get around its limits or to stop operations. In the meantime, they will continue to support the old webRequest API of the Manifest v2 extensions until this deadline has expired.
What do you think of all this? Are you using uBlock Origin or another adblocker? If you are a developer, do you think these types of extensions slow down the browser experience? One, two, three, chat!
[ad_2]
Source link