> as we shift our focus to Manifest V3. This change will give Chrome users increased safety and peace of mind while browsing and installing extensions by providing more transparency and control over permissions, adding stricter protocols for accessing resources outside the extension’s context, and ensuring that extensions work well on all devices
It sounds like government gobbledygook, with even more lies (there are no extensions on Chrome on mobile, so what "all devices" means is anyone's guess).
I often wonder what goes on in the mind of people writing this. Are they happy? Why did they choose to work in tech instead of some administration, if BS is their thing? Is it just for the money?
If you think of privacy solely as reducing the risk of an extension going rogue and leaking data - then sure, MV3 is a win.
But if you include the issue of sites sharing data, then reducing the ability of extensions to use advanced heuristics to block advertising and tracking may cause more harm than good.
There are plenty of users who understand that extensions are extremely powerful, thoroughly vet the organizations that have the capacity to update those extensions, and are also required to visit numerous less-trusted websites (and in a modern age of advertising technology, that's practically all of them) whose data sharing practices they cannot vet. MV3 will be a net negative for the privacy of those users.
Now, it may be reductive to say that those users, and that privacy threat model, matter more than others. But it is equally reductive to pretend that MV3 is a universal good.
It’s the equivalent of an airport security policy - as I mentioned before, to reduce risk. Which, both in that analogy and here, can indeed be part of a defense-in-depth. But such a policy is not without tradeoffs, and it cannot be evaluated in a vacuum.
It seems Google (or maybe just some of the employees?) derive pleasure from taking things that were working just fine and then breaking them so my life is harder.
It's almost a yearly occurrence at this point -- some thing that, once upon a time in the past I spent effort on configuring so that I could have a happy experience with my computer, will now be announced deprecated forcing me to comply with some new edict from on high with absolutely no benefit for me.
Please stop doing this. Stop "fixing" things. I'm an engineer too, I know building new things is fun, but there is also honor in maintaining well functioning things and not making other people's lives unnecessarily hard.
I bet that, now that I finally have mutt working again with Google's newest incarnation of authentication, there's a team within Google excited about breaking it in 2 years.
So, here's the hidden secret to Google: every inexplicably stupid move they've ever done can be described in terms of promo packets.
Every duplicate messaging app? That's someone's promo packet item.
Every ground-up incompatible API rewrite? Also a promo packet.
Google produces new work purely to satisfy itself. Their hierarchy forms its own internal economy where promotions are purchased with headline-grabbing actions that fool managers into thinking they provide business value. We'll call this "Googlestan".
Yes, this occasionally causes problems in the external, "real" economy. Writing message apps as disposable products means you don't have an answer to iMessage or Whatsapp. Breaking APIs every 3 months makes Google Cloud a nonstarter for anything other than easily-migrated guest OSes with a more sensible deprecation policy.
But that's how Google was built, and how Google will continue to be built, because all hierarchies have a rule zero: self-preserve. You cannot build a new Google without disenfranchising the people who currently know how to game the current Google, and those people will instinctively fight against an engineering culture they do not understand.
The only exceptions to this are the core economic vehicles between Googlestan and the outside world: Search, Chrome, and Android. Note how each one of these products have a dramatically more conservative roadmap, with a reasonably minimized number of breaking changes. Hell, Chrome specifically calls breaking changes "interventions", because they're that serious about not making them. These products form a moat around Googlestan that protects the country from invaders, so they themselves are isolated from the kinds of people who would gank them for the sake of a promo packet.
[0] If you're wondering, "how does Google internally handle breaking changes everywhere without boiling the ocean"... the answer is that they have an automated ocean-boiling machine that lets them rewrite the entire Google code corpus whenever an API breaks.
<super tiny>I must be stupid, but... what's a promo packet? I never worked for any of the FAANGs (other than once, at Lab126 and accidentally inventing the worst thing ever) so I don't know all the lingo</>
Even though I'm simply trying to guess from context without actually knowing, everything you just said sounds both accurate and hilariously well put.
Edit: WOW. I had no idea that's how things (even used to) work within those companies. A packet of materials you submit to get promoted. I'm almost bowled over with laughter.
That explains everything.
Here in the normal world, I get promoted by... being good at my job. Asking for it as part of a performance review, typically one I negotiate for as part of my employment, also helps.
Promo packets were an attempt at a way to figure out how to promote people when you had thousands of good engineers and they couldn't figure out how to decide who had most earned it. You didn't trust their manager, they had a limited resource of 'money' to give. Maybe it was a bureaucratic approach, a little like the army?
I think this is an inevitable thing that happens when you have huge orgs with a limit on who can be promoted, there's not enough reward for everyone. I don't know how to do it. Trust managers doesn't scale, people reward their friends or whatever. Microsoft faced this too, but they didn't have a packet approach, it seemed like the senior managers decided, without having a paper trail like that.
To be clear, it's just you making a list of things you accomplished, because otherwise your boss is going to have to dig through their email to figure it out, and they may miss something / get something wrong which will hurt you. The lingo might be specific to FAANG but the practice isn't, including the part where you do "unnecessary" work to try to pad the packet.
> at Lab126 and accidentally inventing the worst thing ever)
Lab126 created some of the first e-ink technology, right? Is the Kindle, or e-ink screens, or e-ink patents, the worst thing ever... or is there something else I should know about in this space?
> Lab126 created some of the first e-ink technology, right? Is the Kindle, or e-ink screens, or e-ink patents, the worst thing ever... or is there something else I should know about in this space?
There's a lot to unpack in that sentence. Care to elaborate?
In my defense, I said it was a horrible idea at the time, we'd have to stream everyone's audio to the cloud to get the keyword spotting to work...
Also, Lab126 did not create e-ink! E-ink came out of the Media Lab long before the first kindle.
I'm glad that they're finally making one with a stylus, when I was there (more then a decade ago) there was a prototype tablet you could write on that had a brilliant new sort of user interface.
"collection of material you submit to support your case for promotion", it's actually not even a thing anymore which adds another layer of irony here, and he is dead wrong (see my other reply).
It's easy to bamboozle yourself from the obvious "maybe people are incentivized to do things to get promoted and perhaps even unnecessary things" to wild unrelated fantasies of how this could explain decisions you don't agree with
> The only exceptions to this are the core economic vehicles between Googlestan and the outside world: Search, Chrome, and Android. Note how each one of these products have a dramatically more conservative roadmap, with a reasonably minimized number of breaking changes.
I'd add Google Maps and Google Mail onto this list.
This isn't true and I don't even particularly care if you think it is and you're a fellow Googler. I know for a fact it isn't.
There's some trivial truth to it, of course, but specific assertions are laughably false and more complicated than you are claiming.
I very much would like to reiterate this sort of thing is unhealthy, the point I was making was people moralize while assigning grand motives to a large # of uncoordinated actions about decisions that are obviously more complicated in real life if you were making them. This sort of is a perfect exercise in that
Then can you explain to us why does google do self-owns such as 10 messenger apps?
Promo-driven development and a bias towards greenfield is something that many engineers in other large tech companies are familiar with, and articles such as this are written by former googlers frustrated with the promo system: https://mtlynch.io/why-i-quit-google/ . Put two and two together and it seems like a likely explanation in light of no additional information and a meme is born.
I come from a company that has a google derived promo system, and I believe it when promo driven development can explain a lot.
Especially when that system values certain things like new 'innovations' vs important maintenance. Or tech leadership of multi-team projects which leads to forcing migrations on the rest of the company to get multi-team points vs. a seamless backwards compatible one done behind the scenes not being a multi-team project, so you don't get promoted for doing it. Or valuing mindless metric number go up over a more thoughtful review of the real impact which, gasp, might not involve some numbers sometimes.
These systems also change very slowly and are hard to change overall. I think google still does 5 leetcode interviews back to back, right? Despite them being shown they're not very good indicators of real job performance?
I had a google interviews loop, 2 out of 3 weren't leetcode related questions. the 3rd was a easy medium bfs. one of questions drilled into teSt driven development and etc.
The problem is (as always) a lack of regulation in the tech industry. We've taught Big Tech that the only way to 'innovate' is to perform profane moneymaking rituals at the expense of the end user, and the shareholders are always asking for more.
The average Google engineer's job is no different from anyone else working in a sufficiently large company. Their job isn't 'press the big evil switch on MV3', but rather 'MV3's staging branch is failing tests, go fix it'. The evil comes from perverse bureaucratic incentive, so it leaves me kinda ruffled to see people blaming the engineers on HN of all places. I can imagine some pinstriped upper-management prick at FAANG reading this thread in their penthouse and laughing their ass off.
> We've taught Big Tech that the only way to 'innovate' is to perform profane moneymaking rituals at the expense of the end user, and the shareholders are always asking for more.
> The evil comes from perverse bureaucratic incentive..
I think you're entirely right. I have nothing else to add, other than that I've always thought this, it's not a new change of opinion.
I guess I don't see any conflict between my comment and yours?
Yes, I know that "Their job isn't 'press the big evil switch on MV3', but rather 'MV3's staging branch is failing tests, go fix it" -- I've worked in software my whole career too. :)
> so it leaves me kinda ruffled to see people blaming the engineers on HN of all places.
I also know that it isn't some nebulous cloud above which is where designs come from, but other employees. I also know, from experience, that if you're a valuable enough engineer within an org or a project, and you significantly oppose a proposed feature or change coming from the suits, it's not gonna happen. What are they gonna do, code it themselves?
> I can imagine some pinstriped upper-management prick at FAANG reading this thread in their penthouse and laughing their ass off.
> I also know, from experience, that if you're a valuable enough engineer within an org or a project, and you significantly oppose a proposed feature or change coming from the suits, it's not gonna happen. What are they gonna do, code it themselves?
I’ve had high success rate effecting significant course changes in several roles, at several distinct jobs. One of the things I emphasize to mentees is that their word and will is powerful, more than in most IC roles. Even so, the error in your reasoning here is obvious to me, especially applied to such large companies. Your chance of success effecting a course change is high, but the company may value your contributions less than they value the course they want to keep. They may also be in a position to hire people whose talent and compliance are more valuable than your own.
What are they gonna do? They’re gonna find someone else among hordes of applicants to do what you won’t.
Holding out because you are the only person who can make a change doesn't work as well with a company like Google with many overlapping developers.
Those plans come from management layers above not from the co-worker beside you. Blaming the developers when it usually starts with a vp trying to increase some metric for bonus time missing the key point that it is the organizational culture that demands, forbids and sets the rules for how employees operate. It starts at the top because if the ceo did not promote based in metric scores increasing the vp wouldn't create projects developers work on that the end user hates.
Not sure why you decided to bring up Apple. People decide to buy into the Apple ecosystem.
I didn't decide to buy into the Chrome ecosystem. I just have to use it because of the marketshare. And I'm on Gentoo running a personal build of Chromium.
Manifest v3 is pure evil. Don't get it twisted. There's no ambiguity here. It's just a cash grab.
Anyone working on it on the Chrome team should feel shame.
I'm a firefox user and have no love for Google, but I disagree with this. No one is forcing you to use Chrome. This is also a good test for Mozilla/Brave to show if they truly stand by the principles they profess to defend. If Chrome did everything right we would not have needed Firefox/Brave for the reasons they currently exist. And if they follow suit, I hope the community will take a long hard look at the state of the browsers and try to fork Firefox or build something new.
I think it's pretty absurd that this is the level of discourse on this subject. "pure evil" and "just a cash grab" aren't substantive criticisms, nothing in your post is actually informational.
The reality is that ad blockers will continue to work to a significant extent that they do today. Engage with that, put some information with merit into your posts.
It makes the adblockers fight with one hand behind their back, tilting the balance in the cat and mouse game towards the attackers.
Google is an empire built on advertising: scams and malware, so their evil has always been present. But right now we have an easy way to protect ourselves. Manifest v3 is exposing that evil to technologically-minded people.
I will have to switch my parents over to Firefox or Brave to keep them safe online.
I’m curious what parts of the internet you visit that you do not see all the ads for scams, shock ads, and other malicious things. There’s a reason that “one weird trick, doctors hate it!” is a meme. It’s utterly rampant. If I open YouTube without an adblocker there’s often some kind of snake oil salesman that pops up. Or a cult.
Now, I use private browsing, so I get the “default” experience. Perhaps you don’t use private browsing and so your targeting is really honed in. Perhaps you only see sensible ads for sensible people, a sensible wallet or a sensible car. If that is the case then fine, but if the only way to use the internet is logged in to Google and with everything tracked, then that is unacceptable to me.
> The reality is that ad blockers will continue to work to a significant extent that they do today.
Completely false. Compare the difference between uBlock Origin on Firefox MV2 vs uBlock Origin Lite MV3 on Chrome and there's a massive loss of functionality.
Funny how Mozilla manages to vet the code of some of the more popular extensions for their "recommended" extensions program with far fewer financial resources.
>curated extensions that meet the highest standards of security, functionality, and user experience. Firefox staff thoroughly evaluate each extension before it receives Recommended status.
I'm still bitter that Google permanently removed my @gmail.com with your dark pattern migration to business email. With no option to move back? You guys lost half of my Google Drive, Photos history. But it's cool. That's life.
And then you moved me to legacy workspace to appease me.
And then months before you tried again to migrate my legacy workspace email to paid, which another Google employee said it's free forever. I'm willing to pay anything on your valuable service but those dark patterns is what really pisses me.
“This ruins ad blockers”, “this is so they don’t have to make REAL ad blockers work”, “they want a 30% cut of VPN money instead”, “this will cause cancer”.
OK, not the last one. But people literally posted here on HN that Apple was killing people by not letting Flux on the iPhone.
Considering how much information “normal“ ad blockers can see, I’m not against this. I like Apple’s approach (and understand this to be similar).
Calling for objectivity is probably not the first thing people want to do when discussing a company building a giant world-wide spying machine. In addition to logic, humans employ sentiment, emotions, and feelings and there isn't anything wrong with doing that.
There’s a big “yet” attached to Apple not profiting from the proliferation of ads - from what I’ve read, since they pushed the “ask app not to track” change, Apple has been pushing hard for more widespread adoption of their own advertising platform.
Make no mistake, Apple does not care about your privacy — only about moving the ad money out of Google’s pocket into their own.
I sort of see it the other way around. To me Google is an advertisement company first, and if you use Google products then you know your privacy data is how you pay for those products. With Apple and Microsoft you're paying for the product, but you're now also getting your privacy data sucked into their growing advertisement business.
I personally think the use of privacy data is a waste of resources, and that companies like duckduckgo have the longer end of the stick. Because it makes more sense to me, that I get advertisements for a robot vacuum cleaner when I'm searching for one, and not the 3 months after I buy one, but then there is a trillion dollar advertisement industry to prove me wrong. So who knows. But what pisses me off is that companies sell you a product, and then also include advertisement and privacy data harvesting in it, like that Samsung TV article that was on here recently. Or how Windows "home or whatever the non-enterprise edition is called" now sometimes installs pre-installers for things like candy crush or Minecraft without asking you to do so... Like what the hell?
I don't want you to read this as a defence for google, but at least they are sort of honest about the evil they do.
I'm not sure any of these sleazy moves will have the desired outcomes for these companies. I don't want to use linux, I did once, but I like my technology to work right out of the box with no effort to make it so or to maintain it, which is why I'm in the Apple ecosystem these days, but the ways things are heading, I think the only future will be linux, and trying to find appliances that aren't add-infested.
"I was factually incorrect Apple generates about 1% of their annual revenue from ads"
Why play silly games to make 4 billion dollars seem small?
I could play this game in the other direction and say "Apple generates more money from ads now than 99% of the companies ever make over their entire existence"
In truth, 4 billion dollars is a lot of money.
More to the point of this discussion, when you ask them, they want it to be a very significant part of their business. They talk about it on earnings calls all the time!
It's not like they are hiding it!
Which sort of totally blows up the idea that they don't care.
We're talking about whether they profit, and whether it matters to them and the business.
You said they do not.
"One of these companies profits by the proliferation of ads and the other does not."
That was wrong. They make a lot of money from it and they have said it is an important part of their future.
Rather than just say you were wrong, you instead try to paint it as not mattering by using percentages, when again, it is a lot of money and apple themselves say it matters a lot
Just accept that what you said was mistaken, and do better next time. What you are doing now just makes you look bad and unable to learn and grow.
I admitted that my original comment was factually incorrect. It was wrong. I said that.
However, the point has always been about the comparison between Google and Apple. Given that their total revenues are of different size, how can we reasonably compare them?
What if we add a 3rd competitor to the arena? Let’s look at Outbrain. They’re a digital advertising marketplace w/ $256M annual revenue. By your argument, $256M << $1B — therefore we should take Apple to care more about their advertising business than Outbrain do about theirs?
Percentages are important because a company is less likely to risk 99% of their business to double 1% of their business than to risk 33% of their business to double the other 66%
While the orders of magnitude here are evocative, it's worth noting that Apple has a pervasive culture of "we deserve our cut of any transaction that goes through any of our platforms, and we will (mis)use our power to enforce that" stemming from when Jobs had to bring the company back from the brink of bankruptcy. See current battles on allowing alternative payment processors in iOS apps (to the point that even when ordered by courts to allow them, they added a 27% commission on alternate payment processors)
Apple is rapidly running out of growth room in new physical people to sell phones to, and is starting to significantly switch focus to new ways of extracting rent from existing customers through "services" and similar.
Both companies profit from ads when you claim one did not. If you’re looking at the percentage revenue projections from ads Apple’s has been growing faster than Google’s.
It's as though nobody realizes extensions can be created or purchased by sketchy actors and that this is a huge security risk when the extensions request "all access to all sites." OK, so when setting up an account's username and password and are provided 2FA codes or recovery codes -- those can all be compromised. How can you know an extension is compromised? It's almost impossible to tell with certainty.
Things like "The Great Suspender" incident get ignored and folks assume no other extensions have the same problems.
And what in MV3 solved all of that? It still allows enough to do a lot of damage.
Regardless of that, at some point you have to trust software. You can't expect everyone to read every line of code and compile all the software by themselves.
Yes, I trust plenty of software and I'm not suggesting that extensions are bad in theory. Extensions being able to silently inject code and ownership to change at any time is a pretty bad security model. We can agree that there are _bad_ security models, right?
It's the sum of the parts in changes from manifest V2:
- no arbitrary code injection via executeScript, must be a file now
- no more remote code
- no more arbitrarily getting selected text or highlighted text on a tab
- declarativeNetRequest instead of intercepting requests
- explicit listeners on the page to help detect bad actors (vs just arbitrary JS running on the page)
Even ignoring ad blocking - with those rules stuff like Tampermonkey which is totally legit can no longer work with execute script. You also lost a lot of functionality by losing DOM, having to rely on the broken lifetime of a Service Worker instead of persistent background page .
It took Google three to four years to acknowledge that the community is completely correct with its criticisms, and that MV3 is garbage designed by people who have no knowledge on how people write extensions and which abilities they actually use.
They're finally adding features that should have been there years ago. The new scripting API which brings back arbitrary scripts, in a new form, the offscreen documents API, and hopefully they'll eventually implement limited event pages which are somewhat solving the background page lifetime and DOM issues (which are already implemented by Mozilla and Safari I believe). Obviously, everything was decided hastily in the last second so all of the features are supposed to be completed by "around" October 2022, just two months before the original MV2 cutoff.
I've also read some of the extension working group transcripts, it's pretty sad how Google/Chrome has no accountability and almost zero transparency.
>actors and that this is a huge security risk when the extensions request "all access to all sites."
sure but that's my choice, that's why it's an extension. Paternalism of telling me what to do with my browser is silly merely because something is potentially dangerous. The entire internet is potentially dangerous. Clicking on a link or installing a piece of software is dangerous.
You're an adult, make responsible choices about whose extension to install instead of demanding that Google strangle you with security policies which at the end of the day serves only one purpose which is to extend their control over the user experience.
These are a bunch of straw man arguments against what I said. There is a difference between clicking a link and an extension being able to read the contents of pages you visit -- like your bank records or credentials.
Some of these "choices" aren't actually _made_ by anyone. Even with trust of an author, if remote code is being used and a domain or server is hijacked, then the remote code could be replaced. It's a lose-lose problem for Google and not addressing this problem means worse security for casual users. The boogeyman that they will remove useful extensions is antithetical to their behavior so far.
if (casual) users is what Google was concerned about that'd be easy to solve. They could ship a full ad-blocker with Chrome that renders third party extensions obsolete and there'd likely be no v3 debate, because those are the extensions primarily impacted by the design choices made.
The entire debate we're having rests on the fact that they're not integrating this functionality (despite this being technically trivial) because it's in conflict with their entire business model. Which is the only reason people have to reach for third party extensions in the first place.
It's very bizarre that your response is nothing more than a complete deflection - "what about Apple?!", but then you go on to accuse others of being reductionist and lacking honesty.
That's because while Apple has monetary incentive to keep up the walled garden it really does have provide value to apple customers. I know google is selling everything and the farm about me when I use thier services. If apple wants my business they'll keep on doing what they're doing, I don't see ads on their platform and haven't seen any credible reports they're selling everything they know about me to the government and anyone who will pay $$ for that. I hastled myself for years keeping a rooted phone with trimmed down Android OS in various forms, but it was a lot of work. With apple I just buy a phone and use it and don't have to worry them selling me out every step I make or allow apps to rifle through my files and photos.
I give Apple (and MSFT in the Gates/Ballmer days) money, and in return they don't try to spy on me. Google, current MSFT and Meta all want to give me free stuff and then make up the difference with ads. It's not complex as to why I am more likely to believe Apple when they say something is privacy enhancing and distrust Google.
