Google says Manifest V3 is all about security, privacy, and performance, but it could also break Chrome browser extensions that are used by millions of people.
In 2020, Google released Manifest V3, which it called a step in the direction of security, privacy, and performance.
It took a while, but on December 9, 2021, the Electronic Frontier Foundation called MV3 a “conflict of interest that stems from Google controlling both the dominant web browser and one of the largest ad networks. on the Internet”.
The EFF is right, and Google’s plans for MV3 are another reason the best browser for Linux, Windows, and Mac isn’t Google Chrome.
Let me explain.
What is Google Manifest V3 (MV3)?
Manifest V3 for Chrome Extensions (MV3) is a set of guidelines for how Google’s web browser handles extensions. Developers could start downloading extensions from the Chrome Web Store starting with Chrome 8, released in January 2021. According to Google, MV3 is designed to help the company deliver “improvements in security, performance and privacy. , while preserving or expanding the capacity for extensions and retaining a webby developer experience. “
SEE: It’s time to remove Chrome as the default browser on Android (TechRepublic)
Now, at first glance, MV3 could be seen as a very protective medium. Why? Because there are browser extension developers who create malicious tools to thwart the security of browsers. To this end, MV3 will go to great lengths to restrict the capabilities of web browser extensions. Its good. Very well. It is also long overdue. Almost daily we hear about another web browser security threat, and this lack of security often turns out to be an issue with an extension.
So, for Google, creating guidelines that would prevent bad actors from doing what they are doing is a major victory for those who take web browser security seriously. However, there is another side to this coin.
Google Manifest V3 creates problems for users and developers
There are a lot of developers who create extensions that millions and millions of users depend on. Among this massive group of users are those who install ad blockers and other extensions to prevent websites from collecting and using their data. Case in point: According to the 2021 PageFair Adblock report by advertising company Blockthrough, the number of people using ad blocking software on mobile browsers is 586 million and 257 million on desktop browsers. These are not small numbers. And those numbers will only continue to rise as more sites deploy a larger percentage of ads. The question then becomes: are the current numbers low enough that Google can eliminate them? Because when MV3 is implemented, Chrome users who prefer to use a browser with ad blocking extensions might be out of luck.
To compound this problem, if potentially breaking down ad blockers wasn’t enough, MV3 could also negatively affect user privacy by preventing extensions that block third-party tracking from working. Chrome offers incognito mode, which is designed to prevent sites from tracking user activity. Google therefore understands that privacy is important to users. But anyone who’s used incognito mode knows that’s not enough. While it helps prevent tracking, it doesn’t block ads. And while I don’t have a problem with businesses promoting themselves with ads because businesses have to keep the lights on, not all ads are created equal and some have proven to be quite malicious. I know of users who install ad blocking extensions to (hopefully) prevent malicious ads from infecting their desktops. So it’s a shame that MV3 can deprive users of another tool to protect their privacy and the integrity of the devices they are using.
From my point of view, Google is a perfect explanation of why users should migrate out of Chrome.
It’s not just about users
MV3 doesn’t just create problems for end users. Developers could face challenges as well. According to EFF: “The changes to Manifest V3 will not stop malicious extensions, but will hamper innovation, reduce extension capabilities and hurt actual performance. Google is right to ban remotely hosted code (with a few exceptions for things like user scripts), but this is a policy change that did not need to be incorporated into the rest of Manifest V3.
SEE: Comparison of features: software and time tracking systems (TechRepublic Premium)
The EFF is on site. Yes, Google should (with a few exceptions) ban remote code. But posting tips that interrupt so many features for third-party extensions isn’t the way to go. And for developers, that could cause a lot of them to work with two different code bases, one for Chrome and one for all other browsers. This is a proposition that many developers will not accept.
Is it in Google’s best interests to prevent the development and use of ad blocking extensions? Probably not. But by creating tips that prevent these developers from creating non-malicious (often useful) add-ons, they’re putting themselves in a pretty awkward position. End users should be able to enjoy as much privacy as they want with a browser. And the fact that Chrome comes with an incognito mode (which prevents tracking) makes it clear that Google understands how important privacy is.
If Google’s MV3 prevents the creation of ad blockers for Chrome, what should these users do?
MV3 is another reason to stop using Chrome
In an ideal world, there would be a widely accepted and enforceable set of rules for user privacy and safety that browser manufacturers would follow, similar to the number of countries with laws that govern safety standards for automobiles. Unfortunately, it is not the case.
Google and other browser makers have far too much time, capital, and resources invested in their designs to allow a third party to take control. In addition to this, Google should collaborate with Apple, Microsoft, Mozilla, Opera, Brave, Vivaldi, and any other browser makers who have a vested interest in this issue. Again… that won’t happen.
The other problem with using a third party is that there is no one with the appropriate authority to govern such a body. And we all know how slow governments are to implement such a change. This is technology, where change happens in the blink of an eye. If a government got involved, by the time it voted on something like this, the need probably would have already been alleviated.
I’m not holding my breath for a third party to take control of this situation, and neither are you.
So what can you do The solution is simple. Change browser. Migrate to a browser that doesn’t prevent you from using ad blockers or other extensions, which prevent your data from being collected. Switch to a browser that isn’t Chrome-based, like Firefox (for Linux, macOS, or Windows) or Safari (for macOS). Use any Chrome-based browser and you might lose the ability to install these extensions.
It’s your web browser, your experience, your security, and your data. You should have the final say on what can and cannot be added to strengthen the privacy of the app and the data it uses.
Jonathan Mayer, assistant professor of computer science and public affairs at Princeton University, put it best in a quote to EFF:
“A web browser is supposed to act on behalf of the user and respect their interests. Unfortunately, Chrome now has a track record as a Google Agent, not a User Agent. It’s the only major web browser that lacks meaningful privacy protections by default, tricks users to associate their activities with a Google Account, and implements invasive new advertising features. Google’s latest changes will break Chrome’s privacy extensions, despite academic research showing that no changes are necessary. These unfriendly decisions are all directly attributable to model Google’s surveillance activity and made possible by its dominance of the desktop browser market. “