I have heard that the real underlying problem concerned resource usage (ten thousand regexp matches etc). But only now do I wonder why the browser's reaction is to remove an API instead of to limit the amount of CPU extensions can use.
No competent content blocker tests "ten thousand regexp matches" for each request URL to match, this is not how it works.
To simplify, and speaking from uBO's perspective, consider that nine distinct tokens can be extracted from the URL in the address bar for the current webpage:
https
news
ycombinator
com
reply
id
41758007
goto
item%3Fid%3D41757178%2341758007
To match such URL against the tens of thousand of filters, there is only a need to lookup filters for these nine tokens, and for most of these tokens there won't be any filters to test, such that in the end for any given URL only a few to no filters will end up being tested, and the majority of these filters are not regex-based, they are just plain string matching.
This is the overall simplified explanation of how it really works, in reality it's a bit more complex because there are a lot of other optimizations on top of this.
There is a built-in benchmark tool in uBO, accessible through the dashboard, _Support_ pane, _More_ button, _SNFE: Benchmark_ button[1].
When running the benchmark against a set of 230,364 URLs, I get an average of 11-12 µs per request to perform a match test against the default filter lists in uBO.
I traced the CPU usage on my wife's laptop many years ago. That wasn't a fast machine, but it wasn't a 386 either. The ad blockers were her performance problems, alone.
If the browser maintainers have seen a couple of machines with similar problems and maintainers of regexp-using add blockers simply insisted that their code was fast, "a 386 could handle" etc, I can easily see how the browser maintainers might lose patience. Don't need to assume ill will.
uBlock is one of the good ones, but for the rest of extensions, the majority of them are literal malware. Usually originally developed by someone decent, and then sold off to someone else who uses them maliciously.
It looks like the recent changes are all about slowly locking down what extensions can do because it’s currently a free for all where random anonymous extension owners have full access to everyone’s browsers.
> It looks like the recent changes are all about slowly locking down what extensions can do because it’s currently a free for all where random anonymous extension owners have full access to everyone’s browsers.
The major browser vendors already have extension "stores" that are supposed to be curated. I believe it's also true that installing an extension directly ("side-loading") is usually disabled by default (or just not an option at all).
They've done their due diligence for our "safety". Now, it's just bullshit to prevent us from blocking ads, trackers, and spyware.
Firefox's are, nominally, reviewed. I don't know if Chrome's are, but I would've assumed that they are- even if by some automated tool(s).
Granted, I'm sure malware slips through. But, what security danger is there to a user if an extension blocks a network request? Manifest V3 eliminating the ability to block network requests is NOT for user security. The absolute best excuse they can come up with is that it has something to do with performance, but that's also bullshit because I'm 99% sure I can find plenty of ways to make a Manifest V3 extension waste CPU and/or memory.
