undefined | Better HN

0 pointsshadowgovt3y ago0 comments

> this is for the future MV4 when extensions will be dumbed down to sets of declarative rules.

I haven't heard of this plan. Do you have more information?

0 comments

No plans were announced so these are purely my speculations but to me it seems logical.

The only piece of reliable information is this: I once asked Google engineer whether they plan to support declarative cosmetic rules (that's what we do ourselves in MV3 and that's why the extension still requires wide permissions) and the answer was that they definitely do plan to do that in the future.

encryptluks23y ago

> No plans were announced so these are purely my speculations but to me it seems logical.

And then people use and rely on information like this to further ignite their cognitive biases. Seems more like promoting misinformation than anything.

kelnos3y ago

Misinformation is presenting falsehoods as truth. Speculating based on past behavior is something else.

2 more replies

shadowgovtOP3y ago

Supporting that makes sense to simplify the use case so that people don't have to write JavaScript for simple changes, but that doesn't imply they'll replace the JavaScript API with a purely declarative API there.

The difference between that and the traffic modification API is the threat model. The third party were to compromise uBlock Origin's servers, they would have a frightening amount of power over millions of machines because uBlock Origin essentially self-modifies; it downloads new rules for what should be blocked. So that breaks the security guarantees Chrome wants to provide; they can't say that the lock icon on a website means anything if a Chrome extension is allowed to arbitrarily modify traffic back and forth as a man in the middle on the last mile and Chrome web store maintainers haven't looked at the source code it's running.

I don't think there's a similar security threat for cosmetic changes.

1 more reply

j / k navigate · click thread line to collapse