Note: Sam Jadali, the author of the DataSpii report referenced in this blog post, is an EFF Coders’ Rights client. However, the information about DataSpii in this post is based entirely on public reports.

Last week we learned about DataSpii, a report by independent researcher Sam Jadali about the “catastrophic data leak” wrought by a collection of browser extensions that surreptitiously extracted their users’ browsing history (and in some cases portions of visited web pages). Over four million users may have had sensitive information leaked to data brokers, including tax returns, travel itineraries, medical records, and corporate secrets.

While DataSpii included extensions in both the Chrome and Firefox extension marketplaces, the majority of those affected used Chrome. Naturally, this led reporters to ask Google for comment. In response to questions about DataSpii from Ars Technica, Google officials pointed out that they have “announced technical changes to how extensions work that will mitigate or prevent this behavior.” Here, Google is referring to its controversial set of proposed changes to curtail extension capabilities, known as Manifest V3.

As both security experts and the developers of extensions that will be greatly harmed by Manifest V3, we’re here to tell you: Google’s statement just isn’t true. Manifest V3 is a blunt instrument that will do little to improve security while severely limiting future innovation.

To understand why, we have to dive into the technical details of what Manifest V3 will and won’t do, and what Google should do instead.

The Truth About Manifest V3

To start with, the Manifest V3 proposal won't do much about evil extensions extracting people’s browsing histories and sending them off to questionable data aggregators.

That’s because Manifest V3 doesn’t change the observational APIs available to extensions. (For extension developers, that means Manifest V3 isn’t changing the observational parts of chrome.webRequest.) In other words, Manifest V3 will still allow extensions to observe the same data as before, including what URLs users visit and the contents of pages users visit. (Privacy Badger and other extensions rely on these observational APIs.)

Additionally, Manifest V3 won’t change anything about how “content scripts” work. Content scripts are pieces of Javascript that allow extensions to interact with the contents of web pages, both an important capability to allow extensions to deliver useful functionality and yet another way to extract user browsing data.

One change in Manifest V3 that may or may not help security is how extensions get permission to interact with websites. Under Manifest V3, users will be able to choose when they’re visiting a website whether or not they want to give the extension access to the data on that website. Of course it’s not practical to have to allow an ad- or tracker-blocker or accessibility-focused extension every time you visit a new site, so Chrome will still allow users to give extensions permission to run on all sites. As a result, extensions that are designed to run on every website—like several of those involved in DataSpii—will still be able to access and leak data.

The only part of Manifest V3 that goes directly to the heart of stopping DataSpii-like abuses is banning remotely hosted code. You can’t ensure extensions are what they appear to be if you give them the ability to download new instructions after they’re installed. But you don't need the rest of Google’s proposed API changes to stop this narrow form of bad extension behavior.

Manifest V3 Crushes Innovation

What Manifest V3 does do is stifle innovation. Google keeps claiming that the proposed changes are not meant to “[prevent] the development of ad blockers.” Perhaps not, but what they will do in their present form is effectively destroy powerful privacy and security tools such as uMatrix and NoScript.

That’s because a central part of Manifest V3 is the removal of a set of powerful capabilities that uMatrix, NoScript, and other extensions rely on to protect users (for developers, we’re talking about request modification using chrome.webRequest). Currently, an extension with the right permissions can review each request before it goes out, examine and modify the request however it wants, and then decide to complete the request or block it altogether. This enables a whole range of creative, innovative, and highly customizable extensions that give users nearly complete control over the requests that their browser makes.

Manifest V3 replaces these capabilities with a narrowly-defined API (declarativeNetRequest) that will limit developers to a preset number of ways of modifying web requests. Extensions won’t be able to modify most headers or make decisions about whether to block or redirect based on contextual data. This new API appears to be based on a simplified version of Adblock Plus. If your extension doesn’t work just like Adblock Plus, you will find yourself trying to fit a square peg into a round hole.

If you think of a cool feature in the future that doesn’t fit into the Adblock Plus model, you won’t be able to make an extension using your idea unless you can get Google to implement it first. Good luck! Google doesn’t have an encouraging track record of implementing functionality that developers want, nor is it at the top of Google’s own priority list. Legitimate use cases will never get a chance in Chrome for any number of reasons. Whether due to lack of resources or plain apathy, the end result will be the same—removing these capabilities means less security and privacy protection for Chrome’s users.

For developers of ad- and tracker-blocking extensions, flexible APIs aren’t just nice to have, they are a requirement. When particular privacy protections gain popularity, ads and trackers evolve to evade them. As a result, the blocking extensions need to evolve too, or risk becoming irrelevant. We’ve already seen trackers adapt in response to privacy features like Apple’s Intelligent Tracking Prevention and Firefox’s built-in content blocking; in turn, pro-privacy browsers and extensions have had to develop innovative new countermeasures. If Google decides that privacy extensions can only work in one specific way, it will be permanently tipping the scales in favor of ads and trackers.

The Real Solution? Enforce Existing Policies

In order to truly protect users, Google needs to start properly enforcing existing Chrome Web Store policies. Not only did it take an independent researcher to identify this particular set of abusive extensions, but the abusive nature of some of the extensions in the report has been publicly known for years. For example, HoverZoom was called out at least six years ago on Reddit.

Unfortunately, the collection of extensions uncovered by DataSpii is just the latest example of an ongoing pattern of abuse in Chrome Web Store. Extensions are bought out (or sometimes outright hijacked), and then updated to steal users’ browsing histories and/or commit advertising fraud. Users complain, but nothing seems to happen. Often the extension is still available months later. The “Report Abuse” link doesn't seem to produce results, obfuscated code doesn't seem to trigger red flags, and no one responds to user reviews.

“SHINE for reddit” stayed up for several years while widely known to be an advertising referrals hijacker that fetched and executed remote code. A study from 2015 demonstrated various real-world obfuscation and remote code execution techniques. A study from 2017 analyzed the volume of outgoing traffic to detect history leakage. The common thread here is that the Chrome Web Store does not appear to have the oversight to reject suspicious extensions.

The extensions swept up by DataSpii are not obscure by any measure. According to the DataSpii report, some of the extensions had anywhere from 800,000 to 1.4+ million users. Is it too much to ask a company that makes billions in profit every year to prioritize reviewing all popular extensions? Had Google systematically started reviewing when the scope of Chrome Web Store abuse first became clear years ago, Google would have been in place to catch malicious extensions before they ever went live.

Ultimately, users need to have the autonomy to install the extensions of their choice to shape their browsing experience, and the ability to make informed decisions about the risks of using a particular extension. Better review of extensions in Chrome Web Store would promote informed choice far better than limiting the capabilities of powerful, legitimate extensions.

Google could have banned remote code execution a long time ago. It could have started responding promptly to extension abuse reports. It could have invested in automated and manual extension review. Instead, after years of missed opportunities, Google has given us Manifest V3: a nineteen-page document with just one paragraph regarding remote code execution—the actual extension capabilities oversight that continues to allow malicious extensions to exfiltrate your browsing history.

The next time Google claims that Manifest V3 will be better for user privacy and security, don’t believe their hype. Manifest V3 will do little to prevent the sort of data leaks involved in DataSpii. But Manifest V3 will curtail innovation and hurt the privacy and security of Chrome users.