> Manifest V3 is a horrible attempt to kill adblocking
I really don't understand the push of MV3.
I don't believe they're just for security as Google claimed but at the same time I feel thinking it's "just" to ruin ad blocking is equally baffling. Could someone who is more involved elaborate the nuance of (intent of) MV3?
Google sells ads. They totally want to kill adblocking with all means necessary. The moment they can no longer show increasing revenue, the stock will fall down to the levels expected from utilities from the levels that tech companies are valued at.
I've talked to a number of real engineers within Google. The folks building the browser have no desire to kill adblocking; they're never going to include first-party adblocking (not least of which because antitrust), but they're not out to break third-party adblockers.
It really is the case that the same mechanisms that enable adblockers ("this extension may affect your traffic on every website") are also the mechanisms that enable malware in extensions, which are not at all rare.
Have you combed the bug tracker or submitted reasonable PRs and have proof that the decision makers are gatekeeping an open source project from implementing something that is clearly a better alternative?
The solution here though is simple: As the sole publishing source of extensions users can install on Chrome, Google just needs to stop distributing malware from their extension store!
But of course, that would require Google actually take some responsibility and do some legwork and neither of those things are in their core competency.
If Google actually had any goals of improving security, they'd literally just delete the Chrome Web Store and start over and manually reviewing and approving extensions one by one.
Here's the problem with that apologism: They already are gatekeeping. They made that call as soon as they removed sideloading extensions. The problem is Google is just a shoddy gatekeeper.
People reviewing the security of browser extensions should have the title of "engineer" at minimum.
Bear in mind browser extensions completely defeat all the benefits of HTTPS. If we aren't putting them through significant scrutiny there really is no reason for anyone at Google to claim to work on security at all. Extensions need to be treated as incredibly privileged code and vetted accordingly.
MV2 extensions have a lot of API power and it was a common malware vector in the browser since the APIs let you sidestep a ton of regular web security. If you run a popular extension you will get offers to buy the extension which is a nice payday. The buyers would then stuff it full of malware to infect the existing users.
Google makes no money off the Chrome Web Store and their initial attempts to restrict MV2 failed. The goal was for automated approval to suffice. Still, there was certain APIs that required human review.
Google could have continued restricting MV2 until they didn't need human review but they must have got the idea for MV3 at that point. They could also hamstring ad blockers and get some promo packet material.
I really don't understand the push of MV3.
I don't believe they're just for security as Google claimed but at the same time I feel thinking it's "just" to ruin ad blocking is equally baffling. Could someone who is more involved elaborate the nuance of (intent of) MV3?