-
-
Notifications
You must be signed in to change notification settings - Fork 377
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Will the proposed Manifest V3 changes to Chrome break Privacy Badger? #2273
Comments
It's not entirely clear yet, but at this point it seems that the changes proposed in the Manifest V3 document are made to support basic list-based blockers only. It's not clear how Manifest V3 would allow for more complex extensions like uBlock Origin, uMatrix, or Privacy Badger. I would like to learn more about this situation from Chromium developers. |
|
An overview of the Manifest V3 proposal's impact upon Privacy BadgerPrivacy Badger is a browser extension that automatically learns to block invisible trackers.
The Manifest V3 proposal thoroughly breaks this description. It appears that Privacy Badger will no longer be able to dynamically learn to block trackers, report what it blocked on a page, block cookies from being set or sent, strip referrer headers, nor properly support EFF's Do Not Track policy. If you remove what makes Privacy Badger unique, replacing it with basic list-based blocking, what are you left with? Replacing persistent background pages with ServiceWorkersA non-persistent event-driven background page does not work well for extensions that need to keep ephemeral state.
There are likely other issues (will a ServiceWorker background page support functioning in Incognito contexts, which is essential for privacy and security extensions?), but they are eclipsed by the fundamental mistake of trying to shoehorn stateful extensions into an exclusively event driven model. Restricting origin access / Manifest Host Permission SpecificationMaking users confirm extension access ( As Chrome extension docs for permissions state:
Dynamic Content ScriptsMany of Privacy Badger's content scripts need to run on all pages in order to do things like detect localStorage-based tracking and canvas fingerprinting, or deny JavaScript access to cookies and localStorage to "yellowlisted" third-party domains. It would be great to finally have dynamic, before-anything-else injection of content scripts (https://crbug.com/478183). However, as per the WebRequestRemoving "blocking" (synchronous request/response interception) from The
The above is not meant to be an exhaustive list. The point is that it is a fundamental mistake to try to shoehorn all content intercepting extensions into the limited-by-design declarative model. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
See the issue in HTTPS Everywhere's repository for statements recently made by browser vendors: EFForg/https-everywhere#17268. |
@ghostwords I'm finding little current info on MV3 generally and wondering if you've learned anything new about it's impact on Privacy Badger? Is any work being done to develop a POC/ MV3-compliant version of the extension? |
You can read our latest update on the EFF blog, Google’s Manifest V3 Still Hurts Privacy, Security, and Innovation. While the post doesn't go into Privacy Badger specifically, we talk about what happened around Manifest V3 in the last two years, what's (still) wrong with it, and how it could be better. I have been participating in the W3C WebExtensions Community Group to advocate for extension developers and to raise awareness of the many problems with Manifest V3. Privacy Badger in Manifest V3 is blocked by at least one (long-outstanding) bug, Chromium Issue 102421: webRequest listeners not called after service worker stops. |
This comment has been minimized.
This comment has been minimized.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as off-topic.
This comment was marked as off-topic.
Since the rollout of 2023 is fast approaching, is an MV3 compatible version of Privacy Badger in development? |
Yes, I'm working on it. I'll post an update when we have something to share. |
This comment was marked as resolved.
This comment was marked as resolved.
@ghostwords MV2 deprecation slated for June '24. How is MV3 development going? |
It's going! We've been making changes to prepare Privacy Badger for non-persistent background processes, be it an event page (Firefox) or an extension service worker (Chrome). We're now moving content filtering from |
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
Privacy Badger version 2024.5.30 is live in Chrome Web Store. You can get get this update now by visiting Producing this version took months of running to stay in place. MV3-based Privacy Badger is not a "lite" version of Privacy Badger. It is functionally similar to MV2-based Privacy Badger, slightly better in some ways, and worse in other ways, some of which will get fixed over the coming months. |
This comment was marked as resolved.
This comment was marked as resolved.
Are you able to describe the feature pros and cons of the MV3 version and which ones may get fixed over time? Or will you do this later as development progresses or is finalized, e.g. via an EFF blog post? |
I've got to put out a few fires first. Afterwards, I'll be able to start documenting and generally sharing more. But there are few "pros". Manifest V3 is a huge mess. If Google wanted to, they could have rolled out a Manifest 2.5 with all of the pros and none of the cons, you know? |
I don't know how many developers contirbute to the project, but will you maintain both MV2 and MV3 versions or settle on the latter when it's more polished given it's shortcomings? |
We will maintain MV2 Privacy Badger for as long as it makes sense to do so. Right now only Chrome is on MV3. I think the biggest bright side here is that we should now be much closer to having Privacy Badger for Safari on macOS. |
https://www.theregister.co.uk/2019/01/22/google_chrome_browser_ad_content_block_change/
The text was updated successfully, but these errors were encountered: