this post was submitted on 05 Aug 2024
2060 points (97.9% liked)
Technology
59665 readers
2599 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The tricky part is that Google isn’t wrong about Manifest v3 increasing security for some people. Just allowing any extension to access the full URLs from a webpage is honestly pretty sketchy for most things that aren’t adblockers. Think about Beth in accounting who has 27 bloatware toolbar extensions installed on her home PC, which are happily collecting her full browser history and sending it off to gods know where. Manifest v3 is targeted at increasing security for those users, by making it more difficult for extensions to track you.
The issue is that it also makes ad blocking virtually impossible, because the blocker is forced to just trust that the browser is being truthful about what is and isn’t on the page. And when the browser (developed by one of the largest advertisers in the world) has a vested financial interest in displaying ads, there’s very little trust that the browser will actually be honest.
The issue is that there’s not some sort of “yes, I really want this extension to have full access” legacy workaround built in. Yes, it would inevitably be abused by those scummy extensions, which would just nag idiot users to allow them full access. And the idiot users, being idiots, would just do it without understanding the risks. Even if Chrome threw up all kinds of big red “hey make sure this extension actually needs full access and isn’t just tracking your shit” warning flags, there are still plenty of users who would happily give bloatware full access without reading any of the warnings. But it would also allow ad blockers to continue to function.
The single biggest security improvement you could make for Beth in accounting would be to install UBO. Where do you think she gets all those shitty toolbar extensions? That's right, from ads.
This is targeted at destroying adblockers because Google is, first and foremost, an ad serving company. That's their business model. It incidentally improves security for certain users in certain edge cases, because they need some kind of figleaf of legitimacy.
Ads and crappy installers, all though that seems less common than it used to be. I can't say if that's a general trend or tunnel vision due to me not installing crapware.
If it was about security then they should simply block Manifest v2 extensions from their store or at least start doing some actual verification of the extensions they host. Taking away freedom claiming it to be for security is almost always a lie.
Verify! But what will all the "Cändy Crunch 7 Browser Edition with 12 Free Play Levels" players do?