“Google’s sales pitch for Manifest V3 is that, by limiting extensions, the browser can be lighter on resources, and Google can protect your privacy from extension developers. With more limited tools, you’ll be more exposed to the rest of the Internet, though, and a big part of the privacy-invasive Internet is Google. The Electronic Frontier Foundation called Google’s description of Manifest V3 “Deceitful and Threatening” and said that it’s “doubtful Mv3 will do much for security.””
Bad news and very self-serving for Google, but we expect that from them.
I’m wondering how this will effect other browsers that use Chrome’s rendering engine and rely on Chrome’s extension catalog?
In Vivaldi’s case, their ad blocker is built-in. And they already published an article last year about how this affects them.
Firefox is not based on Chromium. But they are supporting Manifest v3. Though, they have a more relaxed policy toward ad blocking.
- Here’s what’s going on in the world of extensions | Mozilla
- Manifest v3 Recap & Next Steps | Mozilla
People looking for other options might try Firefox’s built-in Enhanced Tracking Protection which concerns itself with privacy instead of advertising.
- ETP for Desktop | Mozilla
- ETP for Android | Mozilla
- ETP for iOS | Mozilla
- Firefox Rolls Out Total Cookie Protection By Default | Mozilla
There are also ad blocking proxies which would block ads for all your computers and wireless devices at home. I believe @Josh might be able to shed more light on this option.
Perhaps someone more familiar with the affected browser extensions can link to their discussions.
This article has quotes from extension developers when asked about the update process under Manifest v3.
Note there is one privacy enhancing feature of Manifest v3.
declarativeNetRequest does not allow direct access to network requests. So extensions never see what sites you visit. Instead, Manifest v3 extensions only provide the rules for your browser to process.
DNR allows extensions to declare rules that describe how the browser should handle network requests. These rules enable Firefox to process network requests without involving the extension further. In comparison with the blocking webRequest API, this offers the following benefits:
- Privacy: Blocking network requests without host permissions. DNR offers more privacy by design because extension code does not get direct access to the request details. Thus request blocking functionality can be offered without requiring scary host permissions. This feature is especially useful in Manifest Version 3, where host permissions are available on an opt-in basis.
But, the problem here is that the number of rules is limited to 30,000 by Google. That figure needs to be more like 300,000 or 3M to be compatible with uBlock Origin according to the Ars technica article. Ars also lists other technical limitations at the end of their article.
In fact it’s something which has caused me a good amount of stress in my quest for fibre, as we’ve changed router and ISP very recently. The network option of DNS filtering by using Pi Hole, in my case on a Zero W, that sits next to (and is powered by) the router, is quite a nice way of doing things.
You can’t get rid of things like YouTube ads, mind, as they are served from the same domain as the videos. I do couple it with Unbound, which actually is something that opened up a whole new area of interest, as DNS for me is now recursive, rather than relying upon upstream providers…
from the point of an attacker, the DNS servers of larger providers are very worthwhile targets, as they only need to poison one DNS server, but millions of users might be affected. Instead of your bank’s actual IP address, you could be sent to a phishing site hosted on some island. This scenario has already happened and it isn’t unlikely to happen again…
When you operate your own (tiny) recursive DNS server, then the likeliness of getting affected by such an attack is greatly reduced.
Their words not mine, but it’s an interesting process to build your own map of the web
I’m not sure where Pi Hole ends and uBlock begins for me, but there are always a multitude of things in the logs, and if I want to go into some kind of deep focus mode, I can also switch on a list of blocked domains to stop me flicking away from the work at hand to some of the usual distraction haunts.
Thanks for this one in particular @mike, good to see them spell it out, the What are we doing differently in Firefox? segment answered a great deal of questions.
I wonder, given how many people I know who have suddenly started talking about this, if '24 might dent the Chrome dominance that little bit more. We live and hope.
hi Colin - i’m responding to the quote, not you…
google and privacy don’t belong in the same sentence - i’m not familiar enough with the motive[s] behind Mv3, but obviously there’s a monetary motive - maybe they got tired of 10s of millions of people using ad blockers
if they cared one iota about user privacy, they’d tighten up the rules for extension devs regarding tracking and clean up their spyware/malware infested repository (and Mozilla would do the same)
last i heard they will continue to support Mv2 along side Mv3, but i’m not holding my breath - from a corporate POV, Moz is going downhill fast regarding ethics IMO
absolutely - ETP strict is the way to go - better canvas protection arrived in v120 and more progress continues to be made - regardless of the corporate clowns, Firefox is still the better choice for privacy
still, content blockers are needed to remove the crap from the web and although Gorhill is working on an Mv3 comparable version of uBO, i think it’s effectiveness will be reduced, perhaps greatly
the reverse is true also though because it kills or inhibits content blockers - think CDNs, fonts, JS libs and other unnecessary 3rd party crap
i used to use Privoxy back in the day and i see it’s still being developed - Josh may have the better answer though, i dunno
This is one simple retro-looking webpage which I appreciated, and I hadn’t encountered it before. It looks like if you’re willing to do something more involved then a Privoxy or similar will give you more in the way of extensibility; if you tinker and whatnot with your settings and pull out individual things to block then it’s the way to go. If you’ve got the time and kit for it, tunneling everything though the proxy is going to give better results.
I wonder with these though about how much processing you’d require and what the other network effects will be of that, having never tried this solution before. Pi Hole for me is very simple, can run on a device that is akin to a phone out of 2010 for spec, and is kind of a set and quit solution.
dunno - i used it before but i never really took full advantage of it - it’s potentially a viable solution for those that don’t want to or can’t run a full-blown firewall on a spare lappy or Pi, or on their router - for those that DO want to go that route and are dummies like me, the lovely Naomi Brockwell has many great tutorials