Google has doubled-down on a change made in January to Manifest V3, Chrome’s extensions system, that would prevent the effective functioning of current ad blockers. Despite backlash to the change by extension developers and power users, the company said that only enterprise users will be able to continue to use such ad blocking software. Manifest V3 includes other changes, such as a tweaking of the permissions system. Now, all extensions must use the “minimum set of permissions necessary” when requesting access to data.
According to 9to5Google, “modern ad blockers, like uBlock Origin and Ghostery, use Chrome’s webRequest API to block ads before they’re even downloaded.” With the Manifest V3 change, “Google deprecates the webRequest API’s ability to block a particular request before it’s loaded,” and opponents claimed that the new proposal will limit “the user’s ability to browse the web as they see fit.”
In response to the criticism, Google is sharing more details, but the crux of its response, said 9to5Google, is that “Chrome is deprecating the blocking capabilities of the webRequest API in Manifest V3, not the entire webRequest API (though blocking will still be available to enterprise deployments).”
In plain language, that means that “Chrome will still have the capability to block unwanted content, but this will be restricted to only paid, enterprise users of Chrome.” For everyday users, “ad blockers will need to switch to a less effective, rules-based system.” The problem is that “Chrome currently imposes a limit of 30,000 rules, while popular ad blocking rules lists like EasyList use upwards of 75,000 rules.”
Google has stated it plans to increase the number, “but couldn’t commit to anything specific.” Raymond Hill, uBlock Origin’s lead developer, noted that “allowing ad blockers goes completely against Google’s business model,” which depends on the efficient delivery of advertising.
The Verge reports that Chrome’s new rule that all extensions use the “minimum set of permissions necessary” is “more considerate of users’ privacy” in that “the extension will be required to take the [route] that requires access to the least-sensitive amount of data.”
Google is also requiring “more extensions to post privacy policies in the Chrome Web Store,” adding to those already in place for those extensions that ask for “personal and sensitive user data.” Google has promised developers “at least 90 days’ notice” before the policies go into effect, sometime this fall. Those extensions that do not comply “will be removed from the store and disabled within Chrome browsers.”
Google also plans to limit apps that tap into Google Drive from “broadly accessing” content to accessing “only the specific files they need.” Google will vet “full-on backup services and other apps that require total access.”