It's been 3 years since Google announced major changes to be implemented in the Chrome Manifesto, this is a document in which the company provides details about the capabilities of the extensions for your browser.
Currently, version 3 is being developed and which has caused a lot of controversy and especially debates about it which are quite heated among users and extension developers.
And in his case the Electronic Frontier Foundation has not missed the opportunity to criticize Google again and in this case in reference to the changes he has planned for the third version of the Manifesto, in which he makes a new criticism on the subject to reiterate his opinion that "version 3 of the extensions manifesto is misleading and represents a threat" . »
“Version 3 of the extensions manifest is downright detrimental to privacy efforts. It will limit the capabilities of web extensions, especially those designed to monitor, modify and calculate in parallel the conversation that the browser has with the websites it visits. Under the new specs, extensions like this one, like some privacy tracking blockers, will see their capabilities significantly reduced. Google's efforts to limit this access are concerning, especially considering that trackers are installed on 75% of the XNUMX million most visited websites, ”says the organization.
According to the Electronic Frontier Foundation, it states that its disagreement is that the underlying problem is to ditch the web request API in favor of the declarative NetRequest API. The original web request API stops loading a page while scanning its content for ads or other content that the extension can block or edit.
The declarativeNetRequest API it works with a different approach. Rather than the last extension based on stopping web requests and inspecting all content, the latter sets rules that the browser reads and applies to each web page before it loads.
With this new API, extensions never receive data from a page and the browser only makes changes to a page when one or more declared rules are met. In this way, all the sensitive data that can be included in a page (emails, photos, passwords, etc.) remains at the browser level and is never passed to extensions. According to Google, the new API is better in terms of privacy, but also speed,
The fear posed by the developers: the new API can prevent your extensions from inspecting web pages just as effectively. Google, for its part, points out that the old API was a source of abuse:
"With the web request, Chrome sends all the data from a network request to the listener extension, including all the sensitive data contained in that request, such as personal photos or emails," Google says of the privacy risk. "Since all the data in a query is exposed to the extension, it is very easy for a malicious developer to abuse it to gain access to a user's credentials, accounts or personal information," the company adds.
Until version 2 of the extensions manifest is completely removed, Google will work to bring the new manifest to feature parity with the previous version and to respond to requests from developers.
“In the coming months, we will also implement support for dynamically configurable content scripts and an in-memory storage option, among other new features. These changes have been developed with community feedback in mind, and we will continue to build more powerful extension API functions as developers share more information about their migration challenges and business needs. The company also plans to share additional information on how these incoming changes will affect extension users and developers, ”says Google.
Finally If you are interested in knowing more about it, you can check the details In the following link.