I have an easier fix. Block Chrome, i.e., just do not use it. They are being disingenuous claiming that Manifest V3 (basically a new version) is for security reasons. B.S. – while certain aspects of Manifest V3 do improve security, in its current form, it is to prevent ad blockers and weaken privacy. Say no to Google, say no to Chrome. Break up Google’s empire.


“This is just yet another challenge ahead, to find new technical solutions against the incessant attempts at eroding user agency, which browsers are meant to serve,” he said in an email.

Others are already convinced Manifest v3 remains unfixed. “Although we appreciate the problems of unsafe extensions addressed in part by Manifest v3, we view Manifest v3 as doing serious harm to privacy,” said Brendan Eich, CEO and co-founder of Brave Software, in an email to The Register. “Manifest v3 removes or degrades capabilities needed by top tracking-prevention extensions. Whether intended or accidental, this looks likely to advance Google’s dominance in privacy-invading web advertising.”

Eich’s organization makes a competing web browser, Brave, that’s based on the open-source Chromium project overseen by Google, and it implements a variety of privacy-focused changes. According to Peter Snyder, senior privacy researcher at Brave, Manifest v3 still imposes limits on rules lists that are too low and provides no current syntax to easily say “block something with these six query parameters, in any order,” which he argues is necessary to target tracking tools.

Snyder also points to the way security tools and privacy tools share the same limited allotment of rules, forcing users to choose between one or the other. “Finally, Manifest v3 freezes the heuristics and capabilities extensions can use to determine how to protect privacy,” he said. “Manifest v3 says to trackers ‘if your URLs can’t be described in this format, they’ll never be blocked by Chrome users.’ This transfers power from the extensions (and so the users) to Google and websites, and we expect privacy harming software to quickly adapt.'”

Quote Source: The Register https://www.theregister.com/2020/12/10/googles_browser_extension_platform_rewrite/
At the heart matter is the WebRequest API

In early 2019, Google came up with a proposal to make extensions safer but at the expense of some reduction in capability. In particular, the webRequest API, which lets the extension view, modify or block browser requests, is being deprecated in favour of a new and less powerful Declarative Net Request API. A common use for webRequest is ad blocking, but there are many other use cases.

It is a difficult matter as while Google is correct in stating that extensions can abuse webRequest, there are also suspicions that the company is keen to keep ads flowing because its business depends on it. We reported last year on a Google financial filing which highlighted ad-blocking technology as a threat that “could adversely affect our operating results.”

Quote Source: The Register https://www.theregister.com/2020/10/15/microsoft_adopting_google_chromes_controversial/

Still trust Google?

Author of the uBlock Origin extension, Raymond Hill, told The Register that Microsoft (and Google’s) claim that the changes improve privacy is false. “They are not deprecating the Web Request API, they are deprecating the *blocking ability* of the Web Request API – specifically, the ‘webRequestBlocking’ permission. The Web Request API will still be available and still be able to provide information about all network requests fired by the browser … as opposed to what those announcements state, the deprecation of the blocking ability of the webRequest API accomplishes nothing privacy-wise for content blockers since they will *still* require broad hosts permissions.”

Hill said that other features such as run-time host permissions (RTHP) and forbidding remote code execution (RCE) are more effective for protecting privacy, but that these are not done with Manifest v3, since RTHP is a browser feature and forbidding RCE “is a store policy issue, not an API one … those Manifest v3 announcements improperly attribute virtues (RTHP and no-RCE) to Manifest v3 which are technically unrelated to Manifest v3.”

Hill also quoted the EFF report, which said that “the next time Google [or Microsoft] claims that Manifest V3 will be better for user privacy and security, don’t believe their hype … Manifest V3 will curtail innovation and hurt the privacy and security of Chrome users.”

Microsoft’s Edge has a tiny market share relative to Chrome, and its web advertising business is also tiny relative to that of Google, but it does have an advertising service and is therefore vulnerable to the same suspicion that it may want to protect this. That said, enterprise security is also top of mind for the company, so this may be as much to do with privacy, security and performance, the stated reasons.

Even with Microsoft and Google on the same page with regard to Manifest v3, users will have plenty of other options. Mozilla has a FAQ on the subject and states that “Firefox is not obligated to implement every part of v3” and that it has “no immediate plans to remove blocking webRequest.” That said, the Firefox company adds that it is “waiting for more clarity and has begun investigating the effort needed to adapt.” It is also possible for browsers to implement content-blocking technology that works outside of the extension API.

Quote Source: The Register https://www.theregister.com/2020/10/15/microsoft_adopting_google_chromes_controversial/

Still trust Google? I don’t.