PSA re: the wild misreporting about Extensions Manifest v3: declarativeNetRequest *is a list-based blocker*, and that's what's being added. This is the same approach Apple/Safari uses for the same reasons (perf & privacy): https://developer.chrome.com/extensions/declarativeNetRequest …
-
-
I think it's that experience revealed there were certain threats that needed to be included in the threat model. I'm not on the team, but I think an example is, "extension pretends to be an ad blocker, but actually sells your browsing history."
-
I think there are alternative ways of addressing that risk that don't handicap good extensions. For example, in the JS context (worker, whatever) in the extension that has more access to view/change requests/responses, limit API surface area to block storage, networking, etc.
- 9 more replies
New conversation -
-
-
So think about how Chrome Extensions differed from BHOs and XPCom-based extension systems; it was fundamentally more restrictive! That was great for both performance and security (comparatively).
-
...but presented major challenges in supporting common use-cases. That design process requires feedback and iteration. A situation where folks stop listening (on either end) creates horrible outcomes. I can assure you the extensions team hasn't stopped listening.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.