So if that’s true, then they’re not doing as I suggested: take a fine-grained approach to the top 500 extensions (including adblocking) to make it possible to create them without having full read/write dom + networking. I believe the content blocking APIs in Safari are a great start and could be taken so much further.
Not at all! Webpages can still do as they like. That’s general purpose!
We’re talking about extensions distributed on a store that often end up with malware. I’m not even necessarily advocating for them to remove the ability to anything they wish (yet)... but let the browser catch up to already do what these extensions want in a more secure way. What’s wrong with that?
> Webpages can still do as they like. That’s general purpose!
That's general-purpose for the third party. Not for the user! This is the whole thing the "war on general-purpose computing" is about - whether the software serves the user, or whether it serves its creator and third parties it trusts.
> let the browser catch up to already do what these extensions want in a more secure way. What’s wrong with that?
There's nothing wrong with that per se. I have the problem with the part involving removing user's ability to arbitrarily alter the behavior of a website.
