“While Google pushes a ‘privacy by design’ message to the surface, it still claims a monopoly over the entire ecosystem.”Īd blockers are also concerned, as the impact of these changes will extend far beyond the Chrome browser. This requires the ability to change web traffic on the fly, and is therefore severely constrained by the MV3 limitations, the developers say. In addition to blocking advertising content, the extension analyzes communications between a website and a user’s browser to look for data that could unintentionally identify a unique website visitor and replaces it with generic data before network traffic leaves the browser. The Ghostery extension is a prime example of a product that would be seriously affected by Google’s changes. “While Google is forcing a ‘privacy by design’ message to the surface, it still maintains a monopoly over the entire ecosystem, smothering digital privacy companies that are already working to give users back control of their data,” Schmetz said The edge by email. Jean-Paul Schmetz, CEO of privacy-focused browser extension Ghostery, specifically targeted Google’s adoption of the MV3 standard given the company’s recent privacy statements: However, the developers of some ad blocking and privacy extensions have stated that the change will undermine the effectiveness of their products. (In its SEC filings, Google consistently cites “new and existing technologies that block online ads” as a risk factor that could impact revenue.) Google has presented the changes as privacy, security and performance benefits, but critics see it as a calculated attempt to limit the impact of ad blocking on a company that is almost entirely funded by ads. Apparently, this won’t be a problem for some extensions: Adblock Plus, one of the most popular ad blockers, has spoken out in favor of the MV3 changes – although it’s worth noting that the extension has a financial relationship with Google. Instead of monitoring all of the data in a network request, the new API forces extension makers to set rules upfront about how specific types of traffic should be handled, with the extension able to perform a narrower set of actions when a rule is triggered. Under the new specification, the blocking version of the Web Request API has been removed and replaced with an API called Declarative Net Request. The same feature can be used maliciously to hijack user’s credentials or inject additional ads into webpages However, the same feature can be used maliciously to hijack users’ credentials or inject additional ads into web pages, which was Google’s rationale for changing how it works in Manifest V3. In particular, they block domains that load ads and prevent information from being sent from the browser to any of the thousands of tracking domains that collect data about Internet users.
Ad blocking extensions use the feature to block inbound and outbound traffic between specific domains and a user’s browser. The Web Request feature is powerful and flexible, and can be used for both good and bad purposes. The example Google provides for developers shows an extension script that would prevent the browser from sending traffic to : Under the currently active specification – Manifest V2 – browser extensions can use an API function called Web Request to observe traffic between the browser and a website and modify or block requests to specific domains. The changes in Manifest V3 are part of a planned revision of the specification for Chrome’s browser extension manifest file, which defines the permissions, capabilities, and system resources each extension can use. However, for Google, sticking with MV3 will have a huge impact on the overall role of ad blocking on the modern web. Although Firefox has a far smaller share of the desktop market than Chrome, it could be a chance for Mozilla’s product to really define itself. 7 s strategy has been harshly criticized by privacy advocates – the Electronic Frontier Foundation has been a vocal opponent – but the search company has stood its ground.