Re: What a failure of Secure by Design looks like: Web Browsers

[Michal Zalewski via Dailydave <dailydave () lists aitelfoundation org>]

> Also, I find the security argument against extensions
> <https://cybernews.com/privacy/google-to-weaken-chrome-ad-blockers-push-for-security/#:~:text=Starting%20June%202024%2C%20adblockers%20such,the%20more%20limited%20V3%20version.>
> that block ads very weird. Apparently this goes into practice this month?
> It's always been weird that mobile browsers are not allowed to have ad
> blockers. Does anyone have depth on this issue they can actually share?

The security argument is fairly good in the sense that the extension
security model is broken. It's not even about ad blockers: far too many
extensions request overly broad permissions and then either do sneaky
things (e.g., "monetizing" users by stealing browsing histories) or put
users at risk. It doesn't help that if you pop a developer's account, you
can essentially deploy a backdoored extension to all users *instantly*.

But, there are many ways to improve this, and Google has chosen an approach
that is inherently controversial given that they're an ad company and that
their other divisions are openly waging a war on ad blocking right now.

/mz

_______________________________________________
Dailydave mailing list -- dailydave () lists aitelfoundation org
To unsubscribe send an email to dailydave-leave () lists aitelfoundation org