upvote

points

by roblabla8 hours ago |
comments
upvoteby dlenski7 hours ago|
next
[-]
> 1. Do a request to `chrome-extension://<extension_id>/<file>`. It's unclear to me why this is allowed.

Big +1 to that.

The charitable interpretation is that this behavior is simply an oversight by Google, a pretty massive one at that, which they have been slow to correct.

The less-charitable interpretation is that it has served Google's interests to maintain this (mis)feature of its browser. Likely, Google or its partners use similar to techniques to what LinkedIn/Microsoft use.

This would be in the same vein as Google Chrome replacing ManifestV2 with ManifestV3, ostensibly for performance- and security-related purposes, when it just so happens that ManifestV3 limits the ability to block ads in Chrome… the major source of revenue for Google.

The more-fully-open-source Mozilla Firefox browser seems to have had no difficulty in recognizing the issues with static extension IDs and randomizing them since forever (https://harshityadav.in/posts/Linkedins-Fingerprinting), just as Firefox continues to support ManifestV2 and more effective ad-blocking, with no issues.

reply
upvoteby warkdarrior6 hours ago|
parent|
[-]
> This would be in the same vein as Google Chrome replacing ManifestV2 with ManifestV3, ostensibly for performance- and security-related purposes, when it just so happens that ManifestV3 limits the ability to block ads in Chrome… the major source of revenue for Google.

uBlock Origin Lite (compatible w/ ManifestV3) works quite well for me, I do not see any ads wherever I browse.

reply
upvoteby frugalmail1 hours ago|
prev|
[-]
For widget style services: If you need the functionality of an extension to operate, then you can check if it's already installed so you don't ask to install it again.

This is better than forcing the extension to announce it's presences on every web site.

reply