PSA re: the wild misreporting about Extensions Manifest v3: declarativeNetRequest *is a list-based blocker*, and that's what's being added. This is the same approach Apple/Safari uses for the same reasons (perf & privacy): https://developer.chrome.com/extensions/declarativeNetRequest …
-
Show this thread
-
This is similar to the way Chrome extensions didn't expose all the power that legacy FF extensions did; we all learn the hard way that providing nice things and hoping they don't get misused eventually get users hurt. So this is a correction whose details are being honed.
6 replies 3 retweets 8 likesShow this thread -
Replying to @slightlylate
1. With the new system, would uBlock Origin work as well as it does now? 2. What are the concrete security problems that v3 attempts to address? 3. What is the threat model that the designs are being evaluated against?
1 reply 0 retweets 3 likes -
Replying to @BRIAN_____
1.) Depends on where the (evolving) design lands, but I want to say "probably" because I trust the team is listening 2.) Too many extensions can log too much of what you do 3.) Experience
1 reply 0 retweets 1 like -
Replying to @slightlylate @BRIAN_____
And I understand that #3 sounds glib, but it's how Chrome Extensions initially came to be different from Firefox (and BHO/ActiveX-baesd) extensions and how most systems iterate. We're not predicatively more clever than all possible folks preying on users.
2 replies 0 retweets 3 likes -
Replying to @slightlylate @BRIAN_____
So think about how Chrome Extensions differed from BHOs and XPCom-based extension systems; it was fundamentally more restrictive! That was great for both performance and security (comparatively).
1 reply 0 retweets 4 likes
...but presented major challenges in supporting common use-cases. That design process requires feedback and iteration. A situation where folks stop listening (on either end) creates horrible outcomes. I can assure you the extensions team hasn't stopped listening.
-
-
Replying to @slightlylate @BRIAN_____
It isn't a matter of stopping listening it's a matter of throwing something out replacing it and *then* saying we'll iterate this, we'll evaluate that. Until you have a drop in replacement you don't go deprecating use cases. Well I mean *you* do but *you* shouldn't.
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.