I can't tell if you're being sincere or sarcastic. Allowing users to install whatever they want at their own risk is exactly what people complaining about walled gardens not allowing them to do. Attempting to protect people that don't know what they are doing from known security holes is what one of the things walled gardens claim as a feature.
That’s hardly the only option. Walled guardians that only protect against counterfeits or viruses is a perfectly useful feature even if they allow anyone on the platform.
It's quite clear from the comment that 'shadowgovt supports Mozilla being a non-walled garden, which is the reason Firefox exists. No one needs a Chrome clone.
This is what prompted me to start blocking ads many years ago…there’s simply too much malicious advertising out there and the corporations involved have the wrong incentives to deal with it properly.
As long as ad networks allow arbitrary code to run, and content designed to trick users, I prefer to centralize on a single source of potential risk (the extension developer) rather than the moving target of malicious ads from myriad sources.
The security hole is in the guarantees the app store is able to make.
webRequest API, because it runs arbitrary JS, could do anything including something malicious by modifying external JS after the extension was submitted to the store. It's an API that makes it impossible for a store to make security guarantees at all.
This is, unfortunately, the behavior ad blockers rely upon to keep their databases of malicious actors fresh.
That's not really true. Block lists can be updated via the store. The security hole is that the app might maliciously modify the content of the pages you are viewing. It doesn't need to make requests if can tell your page to send your requests to a different server.
The declarative API solves that by not allowing page modification outside of safety boundaries like deleting elements.
Saying that manifest v3 is about security is really not credible. Maybe the changes look like security, but the details are simply not consistent with security being the primary goal.
Another way to solve it would have been to define a "blocking" webRequestFilter function of the form "Request -> Bool", because ad blockers only care about preventing requests, not actually executing requests or modifying results.
To understand what's wrong with this, consider what happens when you change a word:
Giving a browser access to see any request you ever make is not good for privacy.
Sounds silly, right?
That's why people take issue with what you're saying. People who use content blockers often don't (and shouldn't) see things as "my browser" plus "the extensions I use—which my browser should protect me from, not unlike the way it protects me from random pages out on the Web". We're talking about user agents. Where content blockers like uBlock Origin are concerned, the combination of Firefox + uBlock Origin _is_ the user agent. Firefox alone is not. Think of it like hiring an actual live (i.e. human) agent who should act on your behalf and take care of things. Consider that if you put it this way, when asked if Firefox is sufficient/adequate/reliable enough to perform that role on its own, the majority of relevant* users would respond in a way that reveals that the answer is decidedly a "no".
* I'm overconstraining to emphasize the types of discriminating users who install content blockers. In fact, though, the qualifier is unnecessary because in a literal sense the majority of users agree, since they aren't choosing Firefox to begin with.
The browser and extensions are made by different people. It makes sense to want to give different people different amounts of permission. If we could choose between a reality where both the ad blocker and ad blocker extention creator had access to your browsing history or a reality where only the browser did don't you see how it would be better to live in the second reality if the adblocker worked just as well? Similarly for seeing requests we can make it even more granular than just the browser. For example if someone exploits the V8 JIT and gains code execution in a tab it shouldn't be able to see the requests being made in another tab.
Consisting of multiple parts "made by different people" describes virtually every piece of desktop software.
> If we could choose between a reality where both the ad blocker and ad blocker extention creator had access to your browsing history or a reality where only the browser did don't you see how it would be better to live in the second reality if the adblocker worked just as well?
No. My agent is uBlock Origin with a very large dependency attached (Firefox). The value of your proposition is null.
Your response amounts to a form of begging the question, anyway.
But that's not the case! declarativeNetRequest still allows adblockers to modify arbitrary content or send requests to their own servers, and the webRequest API still allows extensions to track every request and analyze it.
There's no security gained whatsoever. If it was about security, the webRequest API would have been removed entirely, but they didn't do that, they just changed it enough to prevent it being used by adblockers while continuing to allow tracking.
>declarativeNetRequest still allows adblockers to modify arbitrary content or send requests to their own servers
That requires a separate permission and a host permission to do that compared to just blocking requests.
>and the webRequest API
The webrequest API needs separate permissions.
This is a matter of principle of least privilege than changing what's possible. Can we give extentions the minimum amount of permission in order for them to still be useful
>Except that Google exempts itself from those privacy controls, if you use a Google product.
No it doesn't. Google takes privacy issues very seriously just like security issues. You can disable Google storing your web activity in your account's privacy settings here.
Nope. Google "reads" all your data and saves it to push ads & suggested content to you.
I know this because Google read my emails (AFAIK there's no toggle to disable tracking on this product) and suggested me a video based on the contents of one of my emails. Mind you, I wasn't even logged in on YouTube at the time.
YouTube recommendations are only based off your activity on YouTube. Google doesn't even read your emails for ad targeting. Your anecdote was just confirmation bias.
The suggested video was too specific to be just an anecdote. YouTube doesn't need an account nor cookies to show you videos. They know you if your browser is fingerprintable enough.
Am I missing something? It's my understanding that chromium based browsers also allow listening to requests same as before, they merely aren't allowed to block them anymore.
But that's fine. "It's incumbent on end-users to know what they're installing" is a fine position for Mozilla to take.