| ▲ | strictnein 6 hours ago | |
Been researching extensions for a while now at the day job and I'm preparing some disclosures to the major browser vendors. The amount of absolute clusterfuckery in browser extensions is endless. One of the biggest issues is with how extensions define their permissions and capabilities in their manfiest.json files. I've reviewed thousands of these now, and probably only 5-10% of extensions actually get it right. There are just so many confusing and overlapping permissions, capabilities, etc. It is a failed experiment, but I don't think Google can just shut it off, because of their market dominance. They'd be disconnecting some of their competitors from their users. They need to move to an updated manifest spec that is (more) secure by default, has fewer footguns, etc. | ||
| ▲ | madeofpalk 3 hours ago | parent | next [-] | |
> They need to move to an updated manifest spec that is (more) secure by default, has fewer footguns, etc. They tried to do this and people got very upset at them trying to kill adblockers. | ||
| ▲ | maxloh 5 hours ago | parent | prev [-] | |
For context, the latest version of extension spec (Manifest V3) is just 1.5 years old. It isn't something old or legacy. | ||