If you think of privacy solely as reducing the risk of an extension going rogue and leaking data - then sure, MV3 is a win.
But if you include the issue of sites sharing data, then reducing the ability of extensions to use advanced heuristics to block advertising and tracking may cause more harm than good.
There are plenty of users who understand that extensions are extremely powerful, thoroughly vet the organizations that have the capacity to update those extensions, and are also required to visit numerous less-trusted websites (and in a modern age of advertising technology, that's practically all of them) whose data sharing practices they cannot vet. MV3 will be a net negative for the privacy of those users.
Now, it may be reductive to say that those users, and that privacy threat model, matter more than others. But it is equally reductive to pretend that MV3 is a universal good.
It’s the equivalent of an airport security policy - as I mentioned before, to reduce risk. Which, both in that analogy and here, can indeed be part of a defense-in-depth. But such a policy is not without tradeoffs, and it cannot be evaluated in a vacuum.
If you think of privacy solely as reducing the risk of an extension going rogue and leaking data - then sure, MV3 is a win.
But if you include the issue of sites sharing data, then reducing the ability of extensions to use advanced heuristics to block advertising and tracking may cause more harm than good.
There are plenty of users who understand that extensions are extremely powerful, thoroughly vet the organizations that have the capacity to update those extensions, and are also required to visit numerous less-trusted websites (and in a modern age of advertising technology, that's practically all of them) whose data sharing practices they cannot vet. MV3 will be a net negative for the privacy of those users.
Now, it may be reductive to say that those users, and that privacy threat model, matter more than others. But it is equally reductive to pretend that MV3 is a universal good.