https://www.eff.org/deeplinks/2021/12/chrome-users-beware-manifest-v3-deceitful-and-threatening Skip to main content * About + Contact + Press + People + Opportunities * Issues + Free Speech + Privacy + Creativity and Innovation + Transparency + International + Security * Our Work + Deeplinks Blog + Press Releases + Events + Legal Cases + Whitepapers * Take Action + Action Center + Electronic Frontier Alliance + Volunteer * Tools + Privacy Badger + HTTPS Everywhere + Surveillance Self-Defense + Certbot + Atlas of Surveillance + Cover Your Tracks + Crocodile Hunter * Donate + Donate to EFF + Shop + Other Ways to Give + Membership FAQ * Donate + Donate to EFF + Shop + Other Ways to Give * Search form Search [ ] --------------------------------------------------------------------- Email updates on news, actions, and events in your area. Join EFF Lists * Copyright (CC BY) * Trademark * Privacy Policy * Thanks Electronic Frontier Foundation Donate [podcast-si]How to Fix the Internet Podcast: Pay a Hacker, Save a Life [podcast-si] Electronic Frontier Foundation * About + Contact + Press + People + Opportunities * Issues + Free Speech + Privacy + Creativity and Innovation + Transparency + International + Security * Our Work + Deeplinks Blog + Press Releases + Events + Legal Cases + Whitepapers * Take Action + Action Center + Electronic Frontier Alliance + Volunteer * Tools + Privacy Badger + HTTPS Everywhere + Surveillance Self-Defense + Certbot + Atlas of Surveillance + Cover Your Tracks + Crocodile Hunter * Donate + Donate to EFF + Shop + Other Ways to Give + Membership FAQ * Donate + Donate to EFF + Shop + Other Ways to Give * Search form Search [ ] Chrome Users Beware: Manifest V3 is Deceitful and Threatening DEEPLINKS BLOG By Daly Barnett December 9, 2021 Google Spying Chrome Users Beware: Manifest V3 is Deceitful and Threatening Share It Share on Twitter Share on Facebook Copy link Google Spying Manifest V3, Google Chrome's soon-to-be definitive basket of changes to the world of web browser extensions, has been framed by its authors as "a step in the direction of privacy, security, and performance." But we think these changes are a raw deal for users. We've said that since Manifest V3 was announced, and continue to say so as its implementation is now imminent. Like FLoC and Privacy Sandbox before it, Manifest V3 is another example of the inherent conflict of interest that comes from Google controlling both the dominant web browser and one of the largest internet advertising networks. Manifest V3, or Mv3 for short, is outright harmful to privacy efforts. It will restrict the capabilities of web extensions--especially those that are designed to monitor, modify, and compute alongside the conversation your browser has with the websites you visit. Under the new specifications, extensions like these- like some privacy-protective tracker blockers- will have greatly reduced capabilities. Google's efforts to limit that access is concerning, especially considering that Google has trackers installed on 75% of the top one million websites. It's also doubtful Mv3 will do much for security. Firefox maintains the largest extension market that's not based on Chrome, and the company has said it will adopt Mv3 in the interest of cross-browser compatibility. Yet, at the 2020 AdBlocker Dev Summit, Firefox's Add-On Operations Manager said about the extensions security review process: "For malicious add-ons, we feel that for Firefox it has been at a manageable level....since the add-ons are mostly interested in grabbing bad data, they can still do that with the current webRequest API that is not blocking." In plain English, this means that when a malicious extension sneaks through the security review process, it is usually interested in simply observing the conversation between your browser and whatever websites you visit. The malicious activity happens elsewhere, after the data has already been read. A more thorough review process could improve security, but Chrome hasn't said they'll do that. Instead, their solution is to restrict capabilities for all extensions. As for Chrome's other justification for Mv3- performance- a 2020 study by researchers at Princeton and the University of Chicago revealed that privacy extensions, the very ones that will be hindered by Mv3, actually improve browser performance. The development specifications of web browser extensions may seem in the weeds, but the broader implications should matter to all internet citizens: it's another step towards Google defining how we get to live online. Considering that Google has been the world's largest advertising company for years now, these new limitations are paternalistic and downright creepy. But don't just take our words for it. Here are some thoughts from technologists, privacy advocates, and extension developers who share our concern over Manifest V3: "A web browser is supposed to act on behalf of the user and respect the user's interests. Unfortunately, Chrome now has a track record as a Google agent, not a user agent. It is the only major web browser that lacks meaningful privacy protections by default, shoves users toward linking activity with a Google Account, and implements invasive new advertising capabilities. Google's latest changes will break Chrome privacy extensions, despite academic research demonstrating that no change is necessary. These user-hostile decisions are all directly attributable to Google's surveillance business model and enabled by its dominance of the desktop browser market." * Jonathan Mayer, Princeton University "Manifest V3 positions Chrome as the all-powerful arbiter of what software lives and what dies, shattering the ideal of a diverse array of extensions serving the legitimate preferences and values of equally diverse users. In 2017, when Google banned AdNauseam from the Chrome store, it summarily cut off tens of thousands of users from data they had accumulated, and deprived them of a free and open-source extension to counter online profiling and manipulation. In hindsight, AdNauseam was the canary in the coal mine, as Mv3 is now poised to cut off users from a range of invaluable privacy tools (including ad blockers) that thousands if not millions rely on. A browser that plays favorites to advance its owners' interests effectively chokes out innovative, independent developers, while shrinking the options for individuals to shape their online experiences." * Helen Nissenbaum and Daniel Howe (creators of AdNauseam and TrackMeNot) "Manifest V3 is a detrimental step back for internet privacy." * Ghostery company blog "Nearly all browser extensions as you know them today will be affected in some way: the more lucky ones will 'only' experience problems, some will get crippled, and some will literally cease to exist." * Andrey Meshkov, AdGuard company blog Related Issues Privacy Share It Share on Twitter Share on Facebook Copy link Join EFF Lists Join Our Newsletter! Email updates on news, actions, events in your area, and more. Email Address [ ] Postal Code (optional) [ ] Anti-spam question: Enter the three-letter abbreviation for Electronic Frontier Foundation: [ ] Don't fill out this field (required) [ ] [Submit] Thanks, you're awesome! Please check your email for a confirmation link. Oops something is broken right now, please try again later. Related Updates Laptop with broken screen Press Release | December 9, 2021 Saudi Human Rights Activist, Represented by EFF, Sues Spyware Maker DarkMatter For Violating U.S. Anti-Hacking and International Human Rights Laws EFF filed a lawsuit today on behalf of prominent Saudi human rights activist Loujain AlHathloul against spying software maker DarkMatter Group and three of its former executives for illegally hacking her iPhone to secretly track her communications and whereabouts. QTTD logo, question mark, on orange background Deeplinks Blog by Karen Gullo | December 2, 2021 InternetLab's 2021 "Who Defends Your Data Brazil" Report Shows Improvement in Brazilian ISPs Privacy Practices, But Gaps Remain Brazil's biggest internet connection providers continue to make strides towards better protection of customer data and greater transparency about their privacy practices, according to InternetLab's 2021 "Quem Defende Seus Dados?" ("Who defends your data?)" report. Released today, the report is the sixth annual assessment of Brazilian providers' adherence... woman holding phone with stalker message Deeplinks Blog by Eva Galperin | November 25, 2021 Coalition Against Stalkerware Celebrates Two Years of Work to Keep Technology Safe for All In this guest post by the Coalition Against Stalkerware marking its second anniversary, the international alliance takes a look back on its achievements while seeing a lot of challenges ahead.Two years ago, in November 2019, the Coalition Against Stalkerware was founded by 10 organizations. Today, there are more than... [episode_1_banner_-_for_blog_post] Deeplinks Blog by Jason Kelley | November 16, 2021 Podcast Episode: What Police Get When They Get Your Phone If you get pulled over and a police officer asks for your phone, beware. Local police now have sophisticated tools that can download your location and browsing history, texts, contacts, and photos to keep or share forever. Joinus to hear about a better way for police to treat you and... [series_banner_-_alt_for_blog] Deeplinks Blog by rainey Reitman | November 16, 2021 EFF's How to Fix the Internet Podcast Offers Optimistic Solutions to Tech Dystopias Through curious conversations with some of the leading minds in law and technology, we explore creative solutions to some of today's biggest tech challenges. Listen to EFF's podcast, How to Fix the Internet, today. Facebooks thumbs up thumbs down Deeplinks Blog by Jason Kelley, Bennett Cyphers, Corynne McSherry | November 15, 2021 After Facebook Leaks, Here Is What Should Come Next Every year or so, a new Facebook scandal emerges. These blowups follow a fairly standard pattern, at least in the U.S. First, new information is revealed that the company misled users about an element of the platform--data sharing and data privacy, extremist content, ad revenue, responses... [eff-pr-og] Press Release | November 12, 2021 EFF to Supreme Court: Warrantless 24-Hour Video Surveillance Outside Homes Violates Fourth Amendment Washington, D.C.--The Electronic Frontier Foundation (EFF) today urged the Supreme Court today to review and reverse a lower court decision in United States v. Tuggle finding that police didn't need a warrant to secretly record all activity in front of someone's home 24 hours a day, for a... [OG-AppleFBIKeys] Deeplinks Blog by Erica Portnoy | November 12, 2021 Apple Has Listened And Will Retract Some Harmful Phone-Scanning Since August, EFF and others have been telling Apple to cancel its new child safety plans. Apple is now changing its tune about one component of its plans: the Messages app will no longer send notifications to parent accounts.That's good... [mobile-privacy-knight-2_0] Deeplinks Blog by Sophia Cope, Matthew Guariglia | November 10, 2021 Ninth Circuit: Surveillance Company Not Immune from International Lawsuit Vendors of surveillance technology can make big money on the global market, frequently by enabling authoritarian governments to spy on journalists and activists. That's why, for years, EFF has called for more accountability against technology companies that facilitate human rights abuses by foreign governments. Now, the Ninth Circuit... Necessary & Proportionate logo Deeplinks Blog by Veridiana Alimonti | November 9, 2021 Brazil's Fake News Bill: Perils and Flaws of Expanding Existent Data Retention Obligations This post is the second of two analyzing the risks of approving dangerous and disproportionate surveillance obligations in the Brazilian Fake News bill. You can read our first article here. Following a series of public hearings in Brazil's Chamber of Deputies after the Senate's approval of the so-called Fake News... Join Our Newsletter! Email updates on news, actions, events in your area, and more. Email Address [ ] Postal Code (optional) [ ] Anti-spam question: Enter the three-letter abbreviation for Electronic Frontier Foundation: [ ] Don't fill out this field (required) [ ] [Submit] Thanks, you're awesome! Please check your email for a confirmation link. Oops something is broken right now, please try again later. Share It Share on Twitter Share on Facebook Copy link Related Issues Privacy Back to top EFF Home Follow EFF: * twitter * facebook * instagram * youtube * flicker * rss Contact * General * Legal * Security * Membership * Press About * Calendar * Volunteer * Victories * History * Internships * Jobs * Staff * Diversity & Inclusion Issues * Free Speech * Privacy * Creativity & Innovation * Transparency * International * Security Updates * Blog * Press Releases * Events * Legal Cases * Whitepapers * EFFector Newsletter Press * Press Contact Donate * Join or Renew Membership Online * One-Time Donation Online * Shop * Other Ways to Give * Copyright (CC BY) * Trademark * Privacy Policy * Thanks JavaScript license information *