Raymond Hill, the creator of uBlock Origin and uMatrix, noted that the change would end his extensions for Google Chrome, and similar comments were made by other developers. The company plans on releasing a developer preview of the Chrome changes in the coming months. However, in a new blog post, Google is clearing things out by saying that they don't want to kill ad blockers.
You have probably read a lot about the upcoming Manifest V3 for Google Chrome extensions and the controversy surrounding changes affecting ad-blockers and other extensions on the platform.
"Instead of Chrome sending all the information about a request to the listening extensions at the time of the request, extensions register rules that tell Chrome what to do if certain types of requests are seen", Vincent said.
In October 2018, Google announced the arrival of its Manifest v3 that ultimately debuted in January to set the pitch for the DeclarativeNetRequest API.
While initially there was little discussion about the Manifest V3 changes, in January, the maintainers of several ad blocker extensions raised an issue with the deprecation of the Web Request API, which they were using to inspect web requests before a page was loaded inside the browser. Some developers have said this will torpedo their ad blocking and privacy extensions.
In the latest Google Security Blog post, the company said, "We are not preventing the development of ad blockers or stopping users from blocking ads". It even mentioned that since January past year, 42 percent of malicious extensions use the WebRequest API. One way we are doing this is by helping users be deliberate in granting access to sensitive data - such as emails, photos, and access to social media accounts.
The privacy risk is obvious and apparent.
As a result, the company is limiting the API for what it claims to be a better alternative: The "Declarative Net Request API".
With this new API, extensions never receive page data, and the browser makes all the modifications to a page only when one or more declared "rules" are met. But the fact is any extension right now can use webRequest, with the user's permission, and abuse that user's trust.
Google Chrome has been in the news for restricting ad blockers.
Google's Vincent in the blog post underlined that the team is planning to change the rule limit from the maximum 30,000 rules per extension to a global maximum of 150,000 rules.
But this is actually the second time that Google gives in. This, in the company views, has led to malware activities on the Web. Google's pitched that switch as a benefit for developers and users alike.
Further, some issues still remain.
The primary source of friction has been proposed changes to the webRequest API, changes that will steer extensions onto the more limited and safer declarativeNetRequest and away from webRequest. The old Web Request API allowed extensions to be in full control of how they filtered content.
"I actually don't care about the hard-coded limit on blacklists because I use a whitelist, but I need contextual information which the Declarative API's stated objective is keeping away from extensions", Giorgio Maone, the developer of the NoScript extension told ZDNet today.
This has been a controversial change since the Web Request API is used by many popular extensions, including ad blockers. "We are actively exploring other ways to expand this API, including adding methods to get feedback about matched rules, and support for richer redirects leveraging URL manipulation and regular expression", he says.
Developers have voiced other concerns as Google focuses on a rules-based approach only.