In 2020, Google released Manifest V3, which it called a step in the direction of security, privacy, and performance.
It took a while, but on December 9, 2021, the Electronic Frontier Foundation called MV3 “conflict of interest arising from the fact that Google controls both the dominant web browser and one of the largest advertising networks on the Internet.“
The EFF is right, and Google’s plans for MV3 are another reason why the best browser for Linux, Windows, and Mac isn’t Google Chrome.
Let me explain.
What is Google Manifest V3 (MV3)?
Manifest V3 for Chrome Extensions (MV3) is a set of guidelines for how Google’s web browser handles extensions. Developers could start downloading extensions from the Chrome Web Store from Chrome 8released in January 2021. According to GoogleMV3 is designed to help the company provide “security, performance, and privacy enhancements, while preserving or expanding extension capability and maintaining a web developer experience.”
TO SEE: It’s time to dump Chrome as the default browser on Android (TechRepublic)
Now, at first glance, MV3 could be seen as a very protective means to an end. Why? Because there are browser extension developers who create malicious tools to thwart browser security. To that end, MV3 will go to great lengths to restrict the capabilities of web browser extensions. Its good. Very well. It is also long overdue. Almost every day we hear of another web browser security threat, and often times that lack of security turns out to be a problem with an extension.
So for Google, creating guidance that would stop bad actors from doing what they do is a major win for those who take web browser security seriously. However, there is another side to this coin.
Google Manifest V3 creates problems for users and developers
Many developers create extensions that millions and millions of users depend on. Among this massive group of users are those who install ad blockers and other extensions to prevent websites from collecting and using their data. Example: According to the PageFair Ad Blocks Report 2021 advertising company Blocking, the number of people using ad blocking software on mobile browsers is 586 million and on desktop browsers is 257 million. These are not small numbers. And those numbers will only continue to rise as more sites deploy a higher percentage of ads. The question then becomes, are the current numbers low enough for Google to eliminate? Because when MV3 is implemented, Chrome users who prefer to use a browser with ad-blocking extensions in place might be out of luck.
Complicating this issue, if the potential breakdown of ad blockers weren’t enough, MV3 could also negatively affect user privacy by preventing extensions that block third-party tracking from working. Chrome offers incognito mode, which is designed to prevent sites from tracking user activity. Google therefore understands that privacy is important to users. But anyone who’s used Incognito Mode knows that’s not enough. Although it helps prevent tracking, it does not block ads. And while I don’t have a problem with companies promoting themselves with ads because companies need to keep the lights on, not all ads are created equal and some have turned out to be quite malicious. I know users who install ad blocking extensions to (hopefully) prevent malicious ads from infecting their desktops. It’s a shame, then, that MV3 can remove another tool that users have to protect their privacy and the integrity of the devices they use.
From my point of view, Google explains perfectly why users should move away from Chrome.
It’s not just about users
MV3 doesn’t just create problems for end users. Developers might also face challenges. According to the EFF: “The changes to Manifest V3 will not stop malicious extensions, but will hurt innovation, reduce extension capabilities, and hurt real-world performance. Google is right to ban remotely hosted code (with a few exceptions, like userscripts), but this is a policy change that doesn’t need to be rolled into the rest of Manifest V3.
SEE: Feature Comparison: Time Tracking Software and Systems (TechRepublic Premium)
The EFF is there. Yes, Google should (with some exceptions) ban remote code. But posting tips that break so many features for third-party extensions is not the way to go. And for developers, it could force many of them to work with two different codebases, one for Chrome and one for all other browsers. This is a proposition that many developers will not accept.
Is it in Google’s interest to prevent the development and use of ad blocking extensions? Probably not. But by creating guidance that prevents these developers from creating non-malicious (often useful) addons, they put themselves in a rather awkward position. End users should be able to leverage as much privacy as they want with a browser. And the fact that Chrome comes with an Incognito mode (which prevents tracking), clearly shows that Google understands the importance of privacy.
If Google’s MV3 prevents the creation of ad blockers for Chrome, what should these users do?
MV3 is another reason to stop using Chrome
In an ideal world, there would be a set of widely accepted and enforceable rules for user privacy and security that browser manufacturers would follow, similar to many countries that have laws that govern safety standards for automobiles. Unfortunately, it is not the case.
Google and other browser makers have far too much time, capital and resources invested in their creations to allow a third party to take control. In addition to this, Google should work with Apple, Microsoft, Mozilla, Opera, Brave, Vivaldi, and any other browser makers with a vested interest in this issue. Again… that’s not going to happen.
The other problem with using a third party is that there is no one with the proper authority to govern such a body. And we all know how slow governments are to implement such change. It’s technology, where change happens in the blink of an eye. If a government got involved, by the time they voted something like this, the need for it would probably have already been alleviated.
I’m not holding my breath for a third party to take control of this situation, and neither are you.
So what can you do? The solution is simple. Change browser. Migrate to a browser that doesn’t prevent you from using ad blockers or other extensions, which prevent your data from being collected. Switch to a browser that isn’t Chrome-based, like Firefox (for Linux, macOS, or Windows) or Safari (for macOS). Use any Chrome-based browser and you run the risk of losing the ability to install these extensions.
It’s your web browser, your experience, your security and your data. You should have the final say on what can and cannot be added to strengthen the privacy of the app and the data it uses.
Jonathan Mayer, assistant professor of computer science and public affairs at Princeton University, said it best in a quote to EFF:
“A web browser is supposed to act on behalf of the user and respect their interests. Unfortunately, Chrome now has experience as a Google Agent, not as a User Agent. It’s the only major web browser that lacks meaningful privacy protections by default, forces users to link activity to a Google Account, and implements invasive new advertising capabilities. Google’s latest changes will break Chrome’s privacy extensions, despite academic research showing that no changes are necessary. These user-unfriendly decisions are all directly attributable to Google’s surveillance business model and enabled by its dominance of the desktop browser market. »