After the anger of the adblocking industry, Google changes its Manifest V3 API, Which limits the number of rules extensions can apply to a web page when it loads.
With the next version of Chrome, Google is moving forward with a plan to improve privacy and security by limiting some capabilities of extensions used to customize the browser. The move angered some developers who earlier expected to cripple ad blockers.
Manifest v3, the programming interface behind Google’s security plans, will arrive with Chrome 88 in mid-January, Google announced Wednesday at the Chrome Dev Summit. Extensions using the old Manifest v2 will still work for at least a year.
Google reported last month that “Manifest V3 represents one of the biggest changes to the extensions platform since its launch ten years ago. Extensions using MV3 will benefit from improvements in security, privacy, and performance; they can also use more contemporary Open Web technologies adopted in MV3, such as Service Workers and Promises. Developers can update their extensions today to take advantage of these MV3 features; this will become mandatory as we phase out MV2 in the future ”.
Extensions can change the behavior of Chrome with the capabilities that Manifest v3 exposes. Among other things, Manifest v3 limits the number of “rules” extensions can apply to a web page when it loads. Rules are used, for example, to check whether a website element is coming from an advertiser’s server and therefore should be blocked. Google announced the changes two years ago.
The reduction in the number of rules has sparked anger from publishers of extensions like the uBlock Origin adblocker and the Ghostery tracking blocker. They said the rule limits would prevent their extensions from running their full lists of actions to filter ads or block tracking. This could allow websites to bypass extensions – and the preferences of the people who installed them.
Google has defended its technology and argues that giving extensions too much freedom invites abuse. The company claims to have listened to the developers and modified Manifest v3 in response. For example, Google relaxed the initially proposed rule limit and added a new mechanism to enforce certain rules. Eyeo, the developer of one of the widely used Adblock Plus extensions, said he was happy with Google’s Manifest V3 approach.
The changes highlight how difficult it can be for Google to balance giving developers powerful tools and tackling abuse. The balance is particularly difficult to strike given that Chrome is one of the biggest platforms in the tech industry. More than a billion people use the browser, Google said, and it accounts for about 64% of web users, according to analytics firm StatCounter.
AdGuard, Ghostery unhappy with Manifest V3
The change induced by Manifest V3 will spread to all browsers, to the detriment of ad blocking software, said Andrey Meshkov, co-founder and CTO of AdGuard, a blocker extension ads.
“The main victim of Manifest V3 is innovation,” Meshkov said in a statement. Previously, ad blocker developers explored ideas like using artificial intelligence (AI) technology to improve their products. “It’s not so relevant anymore. Now Chrome, Safari and Edge dictate what can and cannot be blocked and how it should be done ”.
Ghostery is working on updating its extension for Manifest V3, but prefers to spend its time on “real innovations in privacy,” President Jeremy Tillman said in a statement on Wednesday. “We still doubt that these changes have more to do with Google’s protection of its results than with
Google incorporated comments from ad blocker developers AdGuard and EasyList, the company said, and Meshkov credited the Chrome Extensions team for their “desire to make it better.”
Manifest V3 now available on M88 Beta
With hundreds of millions of people using over 250,000 items in the Chrome Web Store, extensions have become essential for many of us to use the web and work online. Google believes extensions should be trusted by default, “that’s why we’ve spent this year making extensions safer for everyone.”
“Today we officially announce the planned deployment of Manifest V3 for Chrome Extensions, a new version of the Extensions Platform that makes extensions safer, better performing, and more private by default.”
Also, the new Manifest V3 API is already available as part of Chrome Beta 88, and Google will start accepting V3 extensions once Chrome 88 hits the stable branch in mid-January. There is no end date for V2 extensions yet, but Google says that “developers can expect the migration period to last at least a year from when Manifest V3 hits the market. stable channel ”.
Security
With the introduction of Manifest V3, Google will ban remotely hosted code. This mechanism is used as an attack vector by malicious actors to bypass Google’s malware detection tools and poses a significant risk to user privacy and security.
Removing the remotely hosted code will also allow Google to review submissions to the Chrome Web Store in greater detail and faster. Developers will then be able to release updates for their users more quickly.
Within the Extensions team, Google believes that a Chrome experience and a trusted extensions experience is not only ideal for users but essential for developers as well. The publisher is confident that in the long term, Manifest V3 will help the extension ecosystem continue to be a place of trust.
Performance
“We know that performance is essential to a great user experience, and when we started working on the third iteration of our expansion platform, performance was a fundamental consideration. Two areas where this has manifested itself are our approach to background logic and API design.
“First, we are introducing Service Workers to replace background pages. Unlike persistent background pages, which remain active in the background and consume system resources whether or not the extension actively uses them, Service Workers are ephemeral. This special feature allows Chrome to reduce the overall use of system resources, as the browser can start and delete Service Workers as needed.
“Second, we’re moving to a more declarative model for extension APIs in general. In addition to security benefits, this provides a guarantee of more reliable performance for the end user at all levels by eliminating the need for serialization and inter-process communication. The end result is better overall performance and improved privacy guarantees for the vast majority of extension users ”.
Private life
“To give users greater visibility and control over how extensions use and share their data, we’re moving to an extensions model that makes more permissions optional and allows users to deny user-sensitive permissions. time of installation. In the long run, extension developers should expect users to accept or deny permissions at all times.
“For extensions that currently require passive access to web activity, we are introducing and continuing to iterate on new features that allow developers to deliver these use cases while maintaining user privacy. For example, our new APIdeclarativeNetRequestis designed to be a privacy preservation method for extensions to block network requests without the need to access sensitive data.
“APIdeclarativeNetRequestst is an example of how Chrome is working to allow extensions, including ad blockers, to continue providing their core functionality without requiring the extension to have access to potentially sensitive user data. This will allow many powerful extensions of our ecosystem to continue to provide a seamless user experience while respecting user privacy ”.
Microsoft has said it will adopt Manifest v3
The importance of Chrome Team Choices is magnified by the fact that other browsers, including Microsoft Edge, Vivaldi, Opera, and Brave, rely on its open-source Chromium foundation. Also, Microsoft has already stated that it will also adopt Manifest v3.
“As part of our commitment to reduce web fragmentation for all developers and create better web compatibility for our customers, we plan to support the APIDeclarativeNetRequestand other changes proposed as part of Manifest V3.
“The decision to adopt the changes in Manifest V3 is based on our commitment to improving privacy, security, and performance for the benefit of our end-users as well as enabling developers to extend and deliver rich experiences in Microsoft Edge. “.
In a blog post published in October, Microsoft said, “After a thorough review of the concerns raised by content blockers and the community, we believe a majority of these concerns have been or will be resolved,” Microsoft said. in an October blog post. “We recognize the value of content blocking extensions and appreciate the role they play in honoring the choice of user. “
Another change from Manifest v3 is that extensions can no longer update their capabilities by downloading code from third party sites. The entire extension must now be distributed through the Chrome Web Store, according to Google this is a step that will improve security and speed up reviews.
Manifest v3 should ultimately give Chrome users a better idea of how extensions are using their data and provide more control over how this happens, Google said.
Discussion about this post