Google has proposed a number of changes in Chrome that, if adopted in their current form, could paralyze the operation of ad blocking in Chromium-based browsers. The impact of the changes would not be limited to blocking ads: other projects such as NoScript and a wide range of other extensions, according to their authors, would also be affected.
The changes proposed by Google, detailed in its Manifest V3 document, would make significant changes in the way extensions work fundamentally in Chrome. Extensions, for example, will no longer be able to upload code from remote servers or automatically apply to all sites (users will have the option of choosing to run extensions on specific sites or in each site). But the biggest problems seem to be in Google's plans to disapprove or limit the use of its web request API. As Ars Technica details, webRequest allows extensions to evaluate each network request that the extension is intended to monitor and make decisions about what happens to it. Applications can be modified during the flight to change the behavior of the browser in a variety of scenarios. Ad blockers, script blockers, and various privacy-aware extensions depend on this capability.
Google wants to replace webRequest with a new API, declarativeNetRequest. Using the old webRequest API requires the browser to ask the extension how the content should be handled. The new API requires that the extension be declared to the browser What can he do and how does he do it? The problem is that the new API has a fraction of the capacity of the previous one. Currently, extensions are also limited to a restriction of 30,000 elements to filter. As Ars points out, the current version of uBlock Origin ships with 90,000 filters by default and supports up to 500,000.
The advanced functionality of extensions like uBlock is not possible under the new rules.
So far, comments from developers of real extensions have been unilaterally negative. Almost everyone in the Google Chromium development thread has criticized the rigid limit of blocked or redirected URLs. The developers of anti-phishing and anti-malware extensions are also concerned that the new rules require extension data to be stored in plain text, while some security-related extensions store information in the form of a hash.
While there have been reports that AdBlock Plus will have a simpler operating time under these rules than extensions like uBlock Origin, one of the authors of that extension argues that even ABP will be harmed, noting that the declarativeNetRequest API "only covers the same limited subset of the filter capabilities implemented in Adblock Plus that it does in uBlock Origin. "Rather than being able to implement custom and powerful rules, he argues that extensions would now be limited to" providing filter rules. "This would fundamentally limit the ability of extension developers to quickly respond to the website's efforts to circumvent their work.Developers of security extensions also raised these concerns, noting that the new API does not allow updating content blocking lists in real time. This only makes it impossible for security extensions to provide No quick updates.
Google's responses, until now, have been quite limited. The company has been emphasizing that the webRequest API will remain in some capacity since declarativeNetRequest can not handle everything. However, the contexts in which webRequest will be allowed to work are still being evaluated.
Google's claim that these changes will improve security and performance have been met with a general look. Several developers have pointed out that the impact on the performance of the execution of uBlock or other ad blockers on websites is so great that any increase in performance obtained by Google to adopt a faster API will be completely subsumed by the marked limits in the amount of content that those extensions are really capable of blocking. Accelerating page load by 20 percent may not mean much if you're loading 3 to 5 times more data relative to the use of an ad blocker. The authors of the security extensions have also argued that the security risk of breaking their own products is greater than the sum total of the improvements that Google expects to obtain.
For now, Manifest V3 is still a draft document. If Google decides to implement the current version of the standard, Firefox can see a sudden increase in adoption. It is now the only cross-platform major browser in active development that is not based on Chromium.