←back to thread

"Begin disabling installed extensions still using Manifest V2 in Chrome stable"

(developer.chrome.com)
552 points freedomben | 3 comments | 11 Oct 24 14:20 UTC | HN request time: 0.477s | source
Show context
sho ◴[11 Oct 24 14:49 UTC] No.41809962[source]
Hopefully this is the inflection point for Chrome. Despite all their made-up "security" reasons, everyone knows this is solely about making adblock less effective. For many users, adblock is what makes chrome bearable - and if they make it unbearable, then those users will leave. Slowly but surely.

Google seems much too sure of itself making this change. I hope their arrogance pays off just the same as Microsoft's did with IE.

replies(14): >>41810044 #>>41810118 #>>41810304 #>>41810320 #>>41810359 #>>41810375 #>>41810472 #>>41810519 #>>41810553 #>>41811938 #>>41812626 #>>41813079 #>>41813685 #>>41822203 #
freedomben ◴[11 Oct 24 15:04 UTC] No.41810118[source]
Agreed on hoping this is the inflection point, but only partial agreement that it's about adblock. For sure Google wants adblock to die, but I think it goes even deeper than that.

I think it's part of a much bigger trend in tech in general but also in Google: Removing user control. When you look at the "security" things they are doing, many of them have a common philosophy underpinning them that the user (aka device owner) is a security threat and must be protected against. Web integrity, Manifest v3, various DoH/DoT, bootloader locking, device integrity which conveniently makes root difficult/impossible, and more.

To all the engineers working on this stuff, I hope you're happy that your work is essentially destroying the world that you and I grew up in. The next generation won't have the wonderful and fertile computing environment that we enjoyed, and it's (partly) your fault.

replies(10): >>41810189 #>>41810253 #>>41810403 #>>41810484 #>>41811226 #>>41812153 #>>41812977 #>>41815654 #>>41816016 #>>41816240 #
kbolino ◴[11 Oct 24 15:18 UTC] No.41810253[source]
It is important, I think, to understand that personal computing is just one part of the picture. "Enterprise" environments (governments, businesses, large organizations, etc.) have demanded many of these "features" even before Google started implementing them. Your workplace, by and large, does not want you, the replaceable person who happens to be sitting at the keyboard, to be in full control of the device that they own and which is connected to their network. Often this is made more explicit by the device just being a "thin client" or other totally locked down narrow viewport to some other computer you can't even touch. It sucks and the general trend of workplaces trusting their employees less and less has been demeaning and degenerative to the point of often fostering self-fulfilling prophecies of mistrust (don't trust anyone => get untrustworthy people => bad things happen => don't trust anyone => ...).

However, it is important to also understand that the employee is not the only stakeholder. Government agencies answer to legislators, nonprofit management answer to donors, corporate management answer to investors, etc. There are layers of compliance that must be considered as well (internal policies, external regulations, different insurance costs, etc.). It is unsurprising that these fewer but generally deep-pocketed entities have an outsized influence on the market compared to more numerous but less moneyed end users. If you refuse to serve the former, you may quickly find yourself out of business.

replies(4): >>41810399 #>>41810523 #>>41810530 #>>41815683 #
1. EasyMark ◴[11 Oct 24 15:46 UTC] No.41810523[source]
Then they could have made Mv3 an option to turn on by sysadmins who lock down their browsers. If you aren’t locking down your users browsers then that’s on you. I mean at worst they could have made mv2 opt-in and most people would have highly curtailed their complaints of “I’ll jump ship to _____________” . People don’t like it when features are removed especially when there are viable alternatives like, adding a special tier of review to get mv2 approval for your extension, opt-in/out as discussed, easy access by sysadmins to turn it on/off. Instead google pulled a bully “so, pencil-neck, what are you gonna do about it?” instead. They are tone-deaf and see themselves as the new 800lb silverback on the block.
replies(2): >>41810681 #>>41815373 #
2. kbolino ◴[11 Oct 24 16:02 UTC] No.41810681[source]
I was mostly commenting on the "broader trend" aspects and the assignment of primary blame to implementing engineers.

There's another problem with Chrome, which is that nobody is actually paying for it. So the big corps move features along there only in the sense that they won't adopt it or will drop it otherwise. I don't think the big corps are pushing for Mv3 but they also probably don't care that it arrives either. Conversely, I wager Google estimates nearly nobody will revolt and leave Chrome over the loss of Mv2. It hurts ad-blocker developers and it hurts the most conscious users, but Chrome is a marketing product targeted at mass adoption first and foremost. I personally hope their estimation is wrong and the current browser monopoly breaks, but this may not yet be the breaking point.

Even if that happens, Chrome eagerly adopting enterprise policy support may keep it on life support in that environment, though.

3. aftbit ◴[12 Oct 24 00:39 UTC] No.41815373[source]
Well to some extent they did make it Mv3 an option, not forever but for an extra few months, with that enterprise policy flag. Enterprises used their weight to demand not a more secure browser, but an extra flag to allow them to keep running old software longer. Enterprises too are treated as a security threat by Google, who still plans to depreciate Mv2 format, forcing them to move to "more secure" extensions.