Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 9 submissions in the queue.

Chrome Users Beware: Manifest V3 is Deceitful and Threatening

posted by janrinok on Sunday December 12 2021, @11:54PM   Printer-friendly

upstart writes:

Chrome Users Beware: Manifest V3 is Deceitful and Threatening:

Manifest V3, Google Chrome's soon-to-be definitive basket of changes to the world of web browser extensions, has been framed by its authors as "a step in the direction of privacy, security, and performance." But we think these changes are a raw deal for users.  We've said that since Manifest V3 was announced, and continue to say so as its implementation is now imminent. Like FLoC and Privacy Sandbox before it, Manifest V3 is another example of the inherent conflict of interest that comes from Google controlling both the dominant web browser and one of the largest internet advertising networks.

Manifest V3, or Mv3 for short, is outright harmful to privacy efforts. It will restrict the capabilities of web extensions—especially those that are designed to monitor, modify, and compute alongside the conversation your browser has with the websites you visit. Under the new specifications, extensions like these– like some privacy-protective tracker blockers– will have greatly reduced capabilities. Google's efforts to limit that access is concerning, especially considering that Google has trackers installed on 75% of the top one million websites.

It's also doubtful Mv3 will do much for security. Firefox maintains the largest extension market that's not based on Chrome, and the company has said it will adopt Mv3 in the interest of cross-browser compatibility. Yet, at the 2020 AdBlocker Dev Summit, Firefox's Add-On Operations Manager said about the extensions security review process: "For malicious add-ons, we feel that for Firefox it has been at a manageable level....since the add-ons are mostly interested in grabbing bad data, they can still do that with the current webRequest API that is not blocking." In plain English, this means that when a malicious extension sneaks through the security review process, it is usually interested in simply observing the conversation between your browser and whatever websites you visit. The malicious activity happens elsewhere, after the data has already been read. A more thorough review process could improve security, but Chrome hasn't said they'll do that. Instead, their solution is to restrict capabilities for all extensions.

As for Chrome's other justification for Mv3– performance– a 2020 study by researchers at Princeton and the University of Chicago revealed that privacy extensions, the very ones that will be hindered by Mv3, actually improve browser performance.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Chrome Users Beware: Manifest V3 is Deceitful and Threatening | Log In/Create an Account | Top | 57 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Monday December 13 2021, @04:34AM (1 child)

    by Anonymous Coward on Monday December 13 2021, @04:34AM (#1204518)

    Mist all the work is done for.you. Only trick send all dns to pihole. To rules in the firewall.

    My network 10% off all traffic is blocked coed.

    Only issues I had paramount+ uses some slime 3rd party to server ads. To make wife happy to see ST:Disco. Connected tv to outside of firewall and done

    The others roku wants to talk to mothership “logs”. 50 times per sec trying to pound through. Since I tossed roku to outside network for ST:Disco. That. Wnt away too. Though it was fun to see it try all sorts and f addresses to get around firewall block and pihole. It found 3 of 5 WiFi routers that I use as AP and backhual. And asked them for the info. They sent request on to pihole.

  • (Score: 2) by stretch611 on Tuesday December 14 2021, @07:24AM

    by stretch611 (6199) on Tuesday December 14 2021, @07:24AM (#1204904)

    If you can't read AC.... (Heck, I make a lot of typos and I can write a novel with fewer flaws than the parent.)

     

    Use a Pi-Hole [pi-hole.net]. Obviously due to the name, many people install them on a Raspberry Pi computer. (Even the cheap Pi-Zero is more than sufficient for pretty much any SOHO network.) However, You can install he pi-hole software on a server or virtual machine.

    Pi-Hole maintains a blocklist which is automatically updated. Once you install the pi-hole software all you need to do is change your DNS. You can do this on each individual computer (or not, if you don't want to utilize blocking on all computers,) or the easy approach is just to change the DNS settings on your router.

    That's it, you are done.

    In addition, pi-hole installs a web based dashboard. This has various statistics on all the DNS requests processed by your pi-hole. From the interface you can also manage a whitelist and a blacklist of your own if you are not happy with all the results.

    --
    Now with 5 covid vaccine shots/boosters altering my DNA :P